|
||||
|
||||
|
||||
|
| About Us | Events | Services | Press & Articles | Forecasts & Analysis | eUpdate | | |||||
|
||||||
|
Forecasts & Analysis Methodology Industry Reports Industry Evolution Acuity Home 
|
|
|
The Trusted Password Model©The contents of this page - including charts - are copyright protected and made freely available for individual review. They may be reproduced in print or electronic form so long as appropriate reference is given and the material is not sold or used as part of paid market research or analysis. Please contact to obtain permission to reproduce this material for any other use.The Passwords We Love to Hate Regardless of inherent limitations, passwords are the most pervasive form of enterprise logical access authentication. Though they are far too easy to share or hack and the average user has far too many of them to easily remember, enterprise upgrades to more secure forms of user authentication are the exception, not the rule. The truth is that even though we know they are not secure we really love to hate our passwords and don't want to give them up. The username/password paradigm has become ingrained in our psyche. Existing authentication alternatives from smart cards and tokens to finger scans and iris recognition seem too complex for what has become a simple, dally routine of accessing computers and other electronic devices as well as the applications and data that reside on them. Unfortunately, the cure is worse than the disease. Hardened or "gibberish" passwords are impossible to remember forcing users to resort to the dreaded yellow sticky syndrome, or even worse post a username/password spreadsheet next to their computer monitor. Forcing users to select new passwords on a regular basis creates disgruntled staff and customers and increases help desk utilization when passwords are forgotten (or the yellow sticky note disappears!). These practices may work well for machines and make sense to those responsible for developing secure password policies, but they are ultimately ineffective, expensive and tend to antagonize the human beings forced to comply with them. What is really needed is a form of secure authentication that rather then replace familiar weak passwords, transforms them into a trusted and secure authentication mechanism. Enter The Trusted Password Acuity recently developed the concept of a Trusted Password to address this gap in the logical access marketplace. A Trusted Password is defined as follows: a reliable, convenient, and revocable method of uniquely binding an individual to an established digital identity 
Trusted Passwords provide a context for solving the
enterprise security challenge of using passwords.
Rather than dismiss passwords altogether, the Trusted Password Model
preserves the advantageous qualities of passwords while eliminating the vulnerabilities.
The Authentication Alternatives diagram depicts the current authentication landscape. 
This analysis indicates that the only way to construct a Trusted Password is to utilize a behavioral biometric - voice, signature, keyboard or mouse. However, a Trusted Password goes beyond traditional behavioral biometrics and includes the following ten essential characteristics: 
A Trusted Password must be part of a identification solution that includes
a behavioral biometric where the solution exhibits four additional characteristics.
Acuity envisions a single, easy-to-use and familiar authentication mechanism
available to the user regardless of location or access device. It
addresses the complexity associated with other forms of strong authentication,
secures SSO, resolves password management issues and achieves “True Compliance”.
|
||
|
||||||
