Abstract or Summary:
Computer systems face continually evolving threats but one bugbear that just won't go away is the vulnerabilities that arise through using passwords for authentication.

Passwords have haunted infosecurity professionals since before 1979 and yet they still appear without fail in the SANs list of critical vulnerabilities year after year. In fact Bill Gates is so aghast at passwords that he relegated them to history in his speech at the RSA conference in February. But despite Gate's wishes passwords are unlikely to disappear in the foreseeable future. In many cases a risk assessment may genuinely suggest that the adverse impacts of moving to alternative methods would outweigh those likely to result from password misuse. But it is also fair to say that the continued reliance on passwords could be due to the inertia of some organizations to introduce other methods.

Passwords have long been a source of discontent as a means of identification. But they are still being used and the problems associated with them still continue unresolved.