Ping Identity > Blogs > PingTalk 

PingTalk Blog

CIS Series. Brad Hill: We better trump passwords

  • By ,
  •  | 
At next week’s Cloud Identity Summit, Brad Hill will play the role of the man behind the curtain. But this time, that man wants you to be paying attention.
 
Hill, principal consultant at iSEC Partners, refers to his conference role as the “designated pessimist.” His session is entitled: "Are we doing better than passwords yet?"
 
Hill believes cloud identity and its predicted benefits have a great chance of hitting the target, but he also knows there are still questions along the flight path. Hopefully, knowledge of the past brings power to build a successful future.
 
“My question is are we really doing better than passwords,” he said. “The industry is investing all this money, we are spending all this time and effort in response to a pretty substantial criminal enterprise that has been built up around the weaknesses of passwords, credit card numbers, and authentication tokens.”
 
Hill says the industry needs to take a hard look at what it is building.
 
“Are we using the magic word ‘token’ to make it sound a lot better than it really is,” he asks.
 
Hill plans to explore how people are using access control systems, the way they are configured and the newer protocols that rely on tokens and the passing of data, especially at speeds that are interesting to business on the Internet.
 
Here’s his litmus test: “When the hacking community figures out these systems will the systems be as vulnerable to attack as traditional password and credit card systems are now?”
 
What is needed, he says, is a hard look at the properties of the systems to ensure security and assurance are improved along with the user experience and the velocity of data exchange.
 
“There is not a fundamental reason this can’t happen today,” he says. “One issue is how do you build incentives into a system where you have one version of the protocol to bring people on easily and have another version that is more secure with a higher assurance and a different pricing structure. The system is designed so it pushes people naturally to higher assurance levels.”
 
The expectation is that the future better trump the past.
 
“It’s not that hard, but we need to step up and own the responsibility,” Hill says.
 
 

Register for the Cloud Identity Summit, July 20-22, 2010 at Colorado's Keystone Resort.

Follow John on Twitter and check out our Identity-Conversation Tweet list

 

Add your comment