Larry Dignan finds no argument with Google's Cem Paya, who made the "passwords are useless, outdated and a security risk" comment at Wharton's Information Security Best Practices conference.
So why are passwords still a primary form of security? According to Dignan, Paya offered the following reasons:
- There's no business model for issuing IDs to consumers.
- Limiting user choice may annoy people.
- Service providers can't rely on third parties to manage identities-if that third party screws up it's your problem.
- Strong authentication has to be mandatory, but mandating an emerging technology risks losing customers.
- An opt-in policy can do harm to customer satisfaction problems. What happens when you need a driver for your USB token?