Passwords: Not Secure, But Permanent

"There is nothing permanent except change", according to an old German saying. However, according to a survey conducted on behalf of BITKOM (Germany's association for IT and telecommunication), this statement needs to be amended: "not only change is permanent, but also passwords." 41 percent of the survey respondents stated that they never change their computer passwords on their own initiative. Further results of this survey are available at: http://www.heise.de/security/meldung/Das-Passwort-Die-einzige-Konstante-im-Leben-1030313.html. cryptovision's CEO Markus Hoffmeister supports BITKOM's appeal to change important passwords at least every three months, but he adds: "Passwords are the wrong authentication method for business critical applications. It is from a security perspective much more favorable to use smart cards in combination with a PIN or biometric login instead of passwords for accessing high security systems. CEO's and CIO's have the obligation to protect their IT core systems from data theft and unauthorized access in accordance with compliance rules and laws. Smart card access ensures a much higher level of protection than a user and password login." The higher costs caused by smart cards are no counter-argument for Markus Hoffmeister: "There are thousands of productive hours wasted in enterprises for restoring forgotten passwords keeping IT Desks busy, not taking into consideration the risk of suffering from damages due to data theft. A brute force password attack does simply not work on IT systems granting access through smart cards. This alone pays off the costs for smart cards."