Password use has always been a hot topic here at TeleSign. We feel strongly that traditional password-only account security is no longer enough to keep end-user accounts secure from compromise. We've built solutions, in use by many of the world's largest web and mobile applications today, that address this issue by helping customers offer two-factor authentication to their end users--using SMS and voice messages or via push notifications on their existing mobile applications.
But there is a larger conversation to be had about passwords and their role in what the authors of a new paper on the subject call a “data security crisis.”
In “Should the FTC Kill the Password? The Case for Better Authentication,” authors Daniel J. Solove and Woodrow Hartzog argue that in certain circumstances, the Federal Trade Commission (FTC) should start requiring better methods of authentication than mere passwords. “If the FTC is going to be a relevant player in the realm of data security,” Solove and Hartzog write, “it must address flawed security measures even though they might be commonly used.”
The paper, available on the Social Science Research Network website, was developed with support from TeleSign. In seven pages, the authors--both security and privacy experts--first discuss the current state of data security and the alarming frequency of breaches. They credit this in part to problems authenticating the identity of account holders and describe passwords as a flawed method--they are hard for users to remember and easily stolen by hackers and phishers.
As a solution to the issue, Solove and Hartzog explain that two-factor authentication is an effective and readily-available technique, but one that organizations have been slow to implement. To address this, they make a valid case for involving the FTC and point out how the agency is, “the regulatory agency in the best position to step in and require improved authentication.”.
The authors are currently spreading the word about their research and this informative and well-developed paper. Their views have already been covered by MarketWatch's Priya Anand and they continue to speak with other media and industry leaders about raising this call to action to a higher profile. Access to the full paper is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2636366