By Andy McCue, 19 November 2004 12:10
NEWS Some of the UK's top IT bosses have dismissed Microsoft chairman Bill Gates' latest prediction that the password is dead.
Speaking at the Microsoft IT Forum conference in Copenhagen, Gates said passwords are a weak spot in security and identity authentication and that Microsoft and other leading edge businesses are already moving onto smart cards and biometrics.
Almost two-thirds (seven) of the silicon.com CIO Jury disagreed with Gates' crystal-ball gazing, with the other five in support of his claim that the password is dead.
More than one pointed out that Gates has hardly been known for accurate predictions about future trends in the IT industry.
Ted Woodhouse, head of IT at Leeds Teaching Hospitals NHS Trust, said: "Gates' future gazing has never filled me with confidence - after all, this is the man who said that 640KB would always be more than enough for any desktop computer."
Graham Yellowley, director of technology at Mitsubishi Securities International, said that whatever the strengths and weaknesses of the password it is still the only real identity standard. "An official identity standard has yet to be adopted, whether it be biometrics using fingerprints or iris scanning or via smartcards. Until a government adopts a national identity standard passwords will remain," he said.
Gavin Whatrup, IT director at advertising agency Delaney Lund Knox Warren & Partners, said: "A single, portable, losable card is not, on its own, the answer. The password or passphrase is less user-friendly but it is portable, secure - with the correct strength and refresh policies - and not easily lost or compromised with the correct training."
Passwords are dying but not yet dead, according to Ian Cohen, IT director at the Financial Times. "It is an industry challenge to make solutions that are standards based and accessible to all. We must never lose sight of the fact that the overwhelming issues are not about security technology but about perception and trust," he said.
Margaret Smith, director of business information systems at Legal & General, said Gates is only partly right. "I believe that in the longer term passwords will be dead but am not convinced that smart cards will be the answer. In short he is right, but he is also wrong," she said.
But Phil Young, head of IT at Amtrak, said passwords are becoming unmanageable and too difficult to use. "Passwords are hard to manage and due to the number of passwords people need to remember together with pin numbers it is becoming harder for the user. I personally feel that small smart devices such as finger scanners will become more prevalent in the not so distant future," he said.
Today's CIO Jury wasÂ…
Colin Cobain, IT director, Tesco
Ian Cohen, IT director, Financial Times
Derek Gannon, operations director, Guardian Newspapers
Matthew Gouldstone, technology services manager, Prudential
John Keeling, director of computer services, John Lewis Partnership
Dr John Odell, group IT director, BBA Group
Margaret Smith, director of business information systems, Legal & General
Gavin Whatrup, IT director, Delaney Lund Knox Warren & Partners
Ted Woodhouse, head of IT, Leeds Teaching Hospitals NHS Trust
Graham Yellowley, director of technology, Mitsubishi Securities International
Phil Young, head of IT, Amtrak
David Yu, CTO, Betfair
If you are a CIO, IT director or equivalent at a large or small company in the private or public sector and want to be part of silicon.com's CIO Jury pool, or you know an IT chief who should be, then drop us a line at editorial@silicon.com
Comments
There are 6 comments. Join the discussion
1. Stuart Jones
Surely quoting Gates as "The Password is dead" might be slightly misrepresenting what he is meaning. Perhaps the context is more along the lines of "We need to kill the password" because of the security implications / weak point etc.
Secondly, isn't the 640k limit statement a bit of an urban myth? Afterall, it was IBM that set the limit and this was at a time when computers previously only had 16k of RAM normally.
2. Dharmesh Mistry
Lets not forget that current chip and pin initiatives still require a pin (password) for use of the card.
To say that passwords are dead is hopeful. In the cards business we have have been very close to chip developments, and alternative identification techniques.
With this we have always thought that the ideal security would have 3 things:
1) Something you have e.g. a card
2) Something you know e.g. pin / p/wd
3) Something you are e.g. biometric
The bigger issue is the increasing numbers of passwords people are required to know. Someone needs to find a solution for this problem..... quickly.
On the comment about visionaries many have fallen into this trap like the guys at IBM who dimissed the PC.
3. anonymous
smart cards are way too easy to lose or steal. There's no way I'd trust any of my users with 1 of them.
Yes passwords have the problem of the dumb user who want to keep it easy like:
Password1234 but it stays in the ming!
Finger print scanning. Well it's been proven that with some sello tape and bit
of expertise that the fingerprint can be duplicated, unless the end user is smart enough to searm it after use. Do I trust end users to remember to do it? No.
Oh and by the way, as cruel as it sound, a finger can be severed from it's owner and I believe there is already a case where it happened in South Africa.
Which leave us with iris and retinal scanning. Probably 1 of the best options as any attempts to "retrive" the eye from it's owner is likely to result in damage to the eye itsel.
4. anonymous
Ted Woodhouse, head of IT at Leeds Teaching Hospitals NHS Trust, said: "Gates' future gazing has never filled me with confidence - after all, this is the man who said that 640KB would always be more than enough for any desktop computer."
I remember working on the early versions of Windows (and Smalltalk before that) almost everyone was criticising Bill G for addressing too much ram (at that time 1k for screen was typical with 4k ram - tiny BASIC could fit into 1k!)
Bill G never could get anything right could he?
Bill S
5. Rob Wilkes
It has to be said that 'gates' future gazing' has resulted in him being the richest man on the planet and not to mention the figure head of the world largest and most successful IT firm in history. I'm more inclined to listen to Gates' ramblings than the predictions of the Head of IT for an NHS trust.
6. Goten Xiao
Quite frankly, most of Microsoft's success is through propaganda-esque marketing and sheer volume.
And I wouldn't trust Gates with my watch, let alone my computer security...Smart card? A *physical* card that is non-biometric and has no alternate authentication method? Pleaase.