Passwords May Actually Compromise Security

A new Study presented at Harvard's "Economics of Information Security" workshop last week shows how passwords can compromise security. They point out that people often re-use passwords and that hackers can obtain the passwords often kept in plain text for low value sites. Some users use the same passwords for their high value sites, like Paypal and internet banking.

The study also points out that there are better ways of securing data now, such as more-secure protocols or federated identity systems but that people expect passwords, so they have a psychological value. The study is an insightful look at passwords. Companies should be looking at better ways to establish security, as there is increasing evidence that passwords don't work well. For a summary of the paper, see this article.