Paypal Security Chief Wants to Obliterate Passwords
Are the days of passwords numbered? PayPal's CISO hopes so.
LAS VEGAS: Paypal Chief Information Security Officer Michael Barrett is a man on a mission – albeit one that seems practically impossible.
His mission-impossible task: rid the world of passwords, in favor of a stronger and easier system for authentication.
Barrett delivered a keynote address at the Interop conference earlier this week, with the message that passwords need to die. His rationale is simple; the modern password system is broken and is being breached with alarming regularity.
"When left to their own devices, users will pick poor passwords and then use them all over the place," Barrett said. "It reduces their security to the least secure place on the Internet."
Barrett is a realist and thus knows that no one can ever be completely secure. In his view, security is about managing degrees of risk – and passwords don't do enough to reduce risk and can even increase risk by creating new opportunities for hackers.
Barrett believes the solution to the password conundrum is the FIDO Alliance, of which he is a leading figure. FIDO -- an acronym for Fast IDentity Online -- got its start in February of this year.
With FIDO users leverage strong authentication systems that they already might have, including biometric devices for fingerprints. The idea is to offer strong authentication that is also easy to use.
"It's one thing if your password gets stolen, but getting your finger stolen is less of a problem," Barrett said.
Barrett thinks the Internet will be more secure if passwords are eliminated.
"Passwords are running out of steam as an authentication solution and are starting to impede the development of the Internet itself," he said. "We want to obliterate passwords within a few years."
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com. Follow him on Twitter @TechJournalist.