Skip to main content

“Out of Your Password Minder” Isn’t Just Good Comedy… It’s Also Scary as Hell

August 09, 2013

Have you seen the “Out of Your Password Minder” segment from The Ellen Degeneres Show? It’s been passed around for the last couple months and recently landed in my inbox. A colleague had been shown it during a training session with one of our technology partners.


I got a really good laugh out of it. But the more I thought about it, I began to see a larger point. The infomercial for the (unfortunately real) product, Password Minder, wasn’t just the butt of Ellen’s joke; it provided excellent social commentary on how people behave with regard to password security.

For those of us who deal with information security on a daily basis - and particularly IAM technologies such as Single-Sign-On (SSO) and Federated Identity - the humor is certainly not lost.

However, if you’re an information security professional at a business whose employees are exhibiting some of the behaviors portrayed in the infomercial, you’re probably not laughing. I just hope you’re not considering solving the password sprawl challenges by placing a bulk order of Password Minders for your organization.

In fact, there’s been a lot of buzz lately about the death of the password, including the rise of Social Identity (or “Social Sign-On” as discussed in Robert Block’s recent post). There have been a few other great articles of late discussing the evolution and next generation of passwords.

Gunnar Peterson at Dark Reading published a short article, “Your Password Is the Crappiest Identity Your Kid Will Ever See,” summarizing the situation with a humorous shot at the growing obsolescence of passwords. When you consider that your smartphone has the processing power to generate all of the various combinations of an eight character password in only a few hours, you realize that this assertion by Peterson won’t even take that long: “Some kid in 2045 will look at their parent and ask, did you really have to enter a password that many times?”

In addition to the growth of Federated Identity, which is already here and generally accepted, here are a few concepts that seem to be gaining momentum:

  • Fastwords – According to thought leader and security expert Dr. Markus Jakobsson, “The new structure permits a memory jogging technique in which a portion of the fastword is revealed to a user who has forgotten it. We show that this results in boosted recall rates, while maintaining a security above that of traditional passwords.” For example, the system could require you to recall a series of words that you associate with a given phrase based on predetermined logic.”
  • Biometric Authentication – Probably not new to most of you, this is simply the concept of using something biologically unique to you as a source of authentication. This involves using a fingerprint, retina/iris scan, facial geometry, speech pattern or signature for authentication purposes. The downside is that the technology and hardware are relatively new and adoption is not only expensive, but many employees find it unsettling that their biological features are being documented and tracked.
  • Device Authentication – Several companies now offer tokens via USB cards, and Google may even be working on something convenient like a ring that could function as the device. The trouble is that these can easily be stolen unless multifactor authentication is required, and the standards are yet to be defined.  However, if your mobile device could also serve as your authentication device, the promise of making this concept a reality will grow right along with the mobile market.
  • BYOiD – Aided by the consumerization of IT, this is a growing trend I already alluded to above with the concept of Social Identity as an authentication method. For one, it relies more on data and less on expensive technology or hardware so it shows promise of adoption for many use cases. It’s already widely used by online media and e-commerce. It’s also convenient for users - but only up until the point that businesses cross the “trust line” and begin to collect and leverage intelligence available through an employee’s or customer’s social media account.

Passwords are still the mainstay and probably won’t be going anywhere in the immediate future. Yet, how prophetic was Bill Gates in his 2004 RSA keynote when he said, “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."

Let’s just hope the good folks at Password Minder don’t sell a lot of units before the market finds a suitable replacement.

Related Blogs

March 08, 2018

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strate...

See Details

May 23, 2016

Next Generation Identity and Access Management (Next Gen IAM)

Having spent the last 17 years in the identity and access management (IAM) space, I know two things are certain: Evolution is inevitable, and change i...

See Details

July 15, 2014

So Many Breaches…What’s Being Done?

It seems that every day we’re hearing news of a new vulnerability or breach that is compromising data. Will this ever end? Unfortunately, no – it’s th...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

May 25, 2017

Having an Identity Crisis? CISO’s Need to Own IAM

Within any company, we can find owners for every key function throughout the enterprise. If we ask, “who is in charge of human resources?” we know the...

See Details

February 06, 2012

Access Governance 101 | Optiv

We will be posting excerpts from select Identity Strategy and Advisory Group (ISAG) briefings. Part 2 below is transcribed from a recent briefing that...

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.