BOX ES.2
Passwords

Passwords pose serious security challenges. They are a commonly used form of authentication and are the quintessential example of “something you know.” They require no specialized hardware or training and can be distributed, maintained, and updated by telephone, fax, or e-mail. But they do have serious disadvantages, among them susceptibility to guessing and to theft. In addition, passwords generally do not change without human intervention, leaving them open to compromise. Passwords are also easily shared, either intentionally or inadvertently (when written down near a computer, for example), and a complex, expensive infrastructure is necessary to enable resetting lost (forgotten) passwords. Because people have trouble remembering a large number of names and passwords, there is a trend either toward name and password reuse across systems, which undermines privacy (and security), or toward the creation of centralized systems to keep track of these names and passwords, which has the same negative centralization effect with respect to privacy and linkage.

Finding: Static passwords are the most commonly used form of user authentication, but they are also the source of many system security weaknesses, especially because they are often used inappropriately. (5.1)

Recommendation: Users should be educated with respect to the weaknesses of static passwords. System designers must consider trade-offs between usability and security when deploying authentication systems that rely on static passwords to ensure that the protections provided are commensurate with the risk and harm from a potential compromise of such an authentication solution. Great care should be taken in the design of systems that rely on static passwords. (5.1)