Out-Law / Your Daily Need-To-Know

Bill Gates this week warned that the days of the password are numbered. The next day, RSA Security released a survey to highlight the level of risk of identity theft presented by weak password management, with 15% of consumers using only one password for everything.

The study, commissioned by RSA and carried out by Opinion Research Corporation, canvassed the views of over 1,000 consumers in a nine-question telephone survey. The results expose a wide gap between consumers' awareness of identity theft and their perceived ability to protect against it.

Consumers still do not use passwords properly when accessing on-line services, desktop computer systems, ATMs and other electronic services, said RSA. The survey found that 63% of respondents had less than five passwords for all electronic information access, and over 15% only used one password for everything.

According to John Worrall, vice president of worldwide marketing at RSA Security: "Consumers are under the false impression that passwords provide enough security to protect personal information".

He continued:

"Forward-looking organisations that have a large number of people accessing electronic information – whether they are customers, employees or partners – are recognizing that more reliable forms of authentication are critical for securing important information, including personal information and corporate assets."

His views were echoed by Bill Gates in his keynote speech at the RSA Security conference in San Francisco this week:

"...there's no doubt that over time people are going to rely less and less on passwords. I'm sure all of you know what a weak thing that is, both in terms of people using that same password on insecure systems or writing them down or taking things that are guessable; it just doesn't meet the test for anything you really want to secure."

It is probably no coincidence that Microsoft and RSA Security announced earlier this week that they are working together to improve security for Windows enterprise customers by replacing static passwords with a strong, two-factor authentication solution using smart cards and Public Key Infrastructure. He also advocated the increased use of biometrics.