The humble password is a central part of cybersecurity and is likely to remain so.

photo

Chris Simpson Director National University Center for Cybersecurity

“I don’t think it will go away anytime in the near future,” said Chris Simpson, director of the National University Center for Cybersecurity.


While there is speculation about a future without passwords, it’s not time to count them out. This summer, Wired published a piece on “Why the Password Isn’t Dead Quite Yet.” A more recent article states that “a completely passwordless future is still a ways off.”


Like many things in life, passwords are welcome in some situations, less so in others.


photo

Stacey Anfuso CEO and Founder La Jolla Logic

Three San Diegans who work with the internet were approached by the San Diego Business Journal to talk about the password and its future.


Many specialists in cybersecurity recommend multifactor authentication, or two means of identifying oneself to get access to a secure computer system. Simpson said the community will likely see passwords supplemented by another means to establish identity, such as a code received by smartphone.

 
Three Ways to Authenticate


Stacey Anfuso, CEO and founder of 
La Jolla Logic, works in the defense industry, where passwords are not as favored as other methods of authentication.

Authentication can come from several sources: something you have, something you know and something you are, Anfuso said. Many systems require a combination of those.


Something you are can be biometric data, such as a fingerprint.


Something you have can be a token, such as a texted code received on a smartphone.


Something you know can be a password.


The first two of those, biometrics and tokens, require no thought or memorization, Anfuso said. They are easier to use.


Anfuso does work with the Defense Department and more recently has taken on work for private defense contractors. In recent years, the Pentagon has tightened internet security rules for its contractors.


Keyboards and Readers


Scott Sakai said hardware considerations are one reason the password is likely to endure. Everyone has a keyboard. Not everyone has a fingerprint reader.


photo

Scott Sakai Security Analyst San Diego Supercomputer Center

Sakai is a security analyst at the San Diego Supercomputer Center on the campus of UC San Diego.


One trend in password authentication is called federated identities. The term refers to people logging into websites using other accounts, such as Google or Facebook. Scientists using the supercomputer center get access through a federated identity system associated with the university.


An Education Push


The government is funding cybersecurity education at multiple levels, said National University’s Simpson. Students in grades K-12 will learn with new security education curriculum as soon as 2022, he said.


The National Security Administration and the U.S. Department of Homeland Security have designated National University as a Center of Academic Excellence in Cyber Defense Education. It was the first institution in San Diego to be designated as such in 2012. Its master’s degree program was recently re-designated through 2028.

 
Simpson also said there is some research showing passwords do not need to be as complex as they have needed to be in the past. The security community is also debating how often computer users should change their passwords.


A password, of course, should not be so simple or commonplace that a hacker can guess it. The ideal password is something complex.


Sakai said that people use weak passwords because they are only human, and have trouble remembering complex, 15-character passwords full of special characters. People use coping mechanisms to make the use of passwords easier. For example, they might use the same passwords on multiple computer systems. The down side to that is if a hacker is able to get one password, he can successfully use them in multiple places.


National University
FOUNDED: 1971
INTERIM PRESIDENT: Randy C. Frisch
HEADQUARTERS: Torrey Pines Mesa
BUSINESS: Higher education for adult learners
EMPLOYEES: About 700 in San Diego
WEBSITE: https://www.nu.edu/
NOTABLE: National University is celebrating its 50th anniversary this year
CONTACT: (855) 355-6288

La Jolla Logic
FOUNDED: 2011
CEO: Stacey Anfuso
HEADQUARTERS: Downtown San Diego
BUSINESS: Defense contractor specializing in IT
EMPLOYEES: More than 60
WEBSITE: 
www.lajollalogic.com
NOTABLE: The company has partnered with the USS Midway Museum for a series of virtual presentations connecting the museum with its members
CONTACT: (619) 535-1121 or info@lajollalogic.com