My password is: #FullOfFail! — The Core Problem with Authentication and How We Can Overcome It presented at Defcon19 2011

by Jason M. Pittman,

Summary : Authentication is an integral part of our modern, digital lifestyle. It is a universal means of access to our work, to our finances, and to our friends and recreation. Of all the types of authentication available, passwords are still the most common form of authentication in use. Indeed, passwords in one form or another have been utilized since the dawn of computing. This, as this presentation will demonstrate, is not necessarily a good thing.
Simply put, password authentication is full of fail. Furthermore, the level of fail has nothing to do with the length, the complexity, or any other attribute of passwords. The researchers and professionals that have theorized about or created new password schemes- cognitive or picture-based passwords for example- are well intentioned but are only treating the symptoms of an inherently flawed technology.
The purpose of this presentation, then, is to ask discuss why our password authentication is so full of fail, to outline how this fail extends to other authentication methods, and to paint a brief outline of a new paradigm that does not suffer from the same inherent issues.