Passwords: If We're So Smart, Why Are We Still Using Them?

While a lot has changed in Internet security in the last 10

years, a lot has stayed the same -- such as the use of alphanumeric

passwords. Passwords remain the dominant means of authentication on the

Internet, even in the face of significant problems related to password

forgetting and theft. In fact, despite large numbers of proposed alternatives,

we must remember more passwords than ever before. Why is this? Will

alphanumeric passwords still be ubiquitous in 2019, or will adoption of

alternative proposals be commonplace? What must happen in order to move

beyond passwords?

This note pursues these questions, following a panel discussion at Financial Cryptography

and Data Security 2009.

PDF file

In  Proc. Financial Crypto

Publisher  Association for Computing Machinery, Inc.
Copyright © 2007 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept, ACM Inc., fax +1 (212) 869-0481, or The definitive version of this paper can be found at ACM’s Digital Library --


> Publications > Passwords: If We're So Smart, Why Are We Still Using Them?