The brainchild of identity firm Clef, the Petition Against Passwords so far has drawn the support of fellow authentication technology companies NokNok Labs and LaunchKey, along with community advocacy group TechFreedom.
The group argues that users choose passwords that are too weak so they can remember them, that password policies aren’t enforced and that security holes regularly expose stored user passwords.
The initiative is about getting more accessible authentication regimes onto more digital services, Clef CEO Brennan Byrne told the Los Angeles Times. If enough consumers demand it, Web sites are more likely to move beyond Websites.
For example, he credits Mozilla Persona, an application that verifies identity through an e-mail address and signal from a browser, with raising the authentication bar.
Mozilla’s director of engineering, Lloyd Hilaiel, told the Times the petition was “an interesting vision of such innovation,” and said the company will be watching as it develops.
The Fast Identity Online Alliance (FIDO), a group of companies developing a system that would use a fingerprint scanner and personal identity number ot secure devices and, by extension, Web accounts, hasn’t endorsed the petition, but Ramesh Kesanupalli, chief alliances officer for FIDO member Nok Nok Labs, says ““it’s good to have the push from both sides.”
On Tuesday, Ontario Privacy Commissioner Ann Cavoukian said while she supports any innovation in authentication, that doesn’t mean throwing out passwords, saying “it’s not an either-or proposition.”
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."