It Begs The Question
Hey…I'm just saying… And while we're at it, why are you defending them?

The White House Gets Bad Advice On Security February 19, 2015




You may be familiar with the recent “news” that “White House moves to ‘kill off the password'” Here is just one link to the story:

Others have proposed the same thing (not just the “White House” – whatever that means – but I’m reasonably sure it does NOT mean that the President has studied the issue personally and in depth and come to that conclusion. But is it really a good thing? I think not. It’s folly. The main reason is that it is antithetical to good and time-proven authentication principles and measures;  in particular, it conflicts with maximizing your security by eliminating one of the 3 pillars of Multi-factor authentication.


Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories:

  1. knowledge factors (“things only the user knows“), such as passwords
  2. possession factors (“things only the user has“), such as ATM cards
  3. inherence factors (“things only the user is (something you are)“), such as biometrics


Requiring more than one independent factor increases the difficulty of providing false credentials. Requiring, or at least allowing the user to take advantage of all 3 factors increases their security still further (much further!). This is a consideration that “Anti-Passworders” seem to be ignorant of! Even if the possession and inherence factors are in place I would want the very significant extra security of also using the knowledge factor (password). Yes, it’s a little more effort but isn’t it worth it to know that only you are in control of the doggy or kitty pictures on your Facebook account? I’m sorry… I meant to say Bank Account or Email Account.


They may give us posessions and they may use inherences but they’ll never take OUR KNOWLEDGE!


Wikipedia gives a good treatment of Multi-factor authentication

Related Wired Magazine article that may interest you:

Court Allows Woman to Sue Bank for Lax Security After $26,000 Stolen by Hacker

Categories Uncategorized