<http://www.theregister.co.uk/2005/02/16/rsa_consumer_survey/print.html> The Register Biting the hand that feeds IT The Register ; Security ; Network Security ; Original URL: http://www.theregister.co.uk/2005/02/16/rsa_consumer_survey/ Passwords? We don't need no stinking passwords By John Leyden (john.leyden at theregister.co.uk) Published Wednesday 16th February 2005 01:41 GMT RSA 2005 Concerns over online security are continuing to slow consumer e-commerce growth. A quarter of the respondents in a recent survey have reduced their online purchases in the past year and 21 per cent refuse to conduct business with their financial institutions online because of security fears. More than half (53 per cent) of the 1,000 consumers quizzed believe that basic passwords fail to provide sufficient protection for sensitive personal information. According to the RSA Security-sponsored telephone survey, poor management of PINs and passwords for access to online services, desktop computer systems, ATMs and other electronic accounts is a major vulnerability. As a major supplier of two-factor authentication products and services that offer an alternative to traditional static passwords, the issues raised by RSA Security's survey are more than a little self-serving. That doesn't mean its analysis is necessarily wrong, though. More and more security experts are lining up against the use of static passwords for e-banking; in part because the technique makes consumers easy prey for phishers. Even so, obituaries for the humble password may be premature. Adi Shamir, professor at Israel's Weizmann Institute of Science and noted cryptographer, said: "Passwords are not completely dead. For low level security apps they are still sufficiently good. It depends on the application". One PIN to rule them all More than two in three respondents (65 per cent) quizzed in RSA Security's survey use fewer than five passwords for all electronic information access and 15 percent use a single password for everything. These figures are unchanged from a similar survey last year. John Worrall, VP of worldwide marketing at RSA Security, said: "The majority of consumers are aware of the problems associated with passwords, but until they are presented with a reliable, easy-to-use alternative, they're going to continue to exhibit poor password management practices." . -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'