Abstract

https://ssrn.com/abstract=2636366
 


 



Should the FTC Kill the Password? The Case for Better Authentication


Daniel J. Solove


George Washington University Law School

Woodrow Hartzog


Samford University - Cumberland School of Law; Stanford Law School Center for Internet and Society

July 27, 2015

14 Bloomberg BNA Privacy & Security Law Report 1353 (2015)
GWU Law School Public Law Research Paper No. 2015-33
GWU Legal Studies Research Paper No. 2015-33

Abstract:     
Data security breaches are occurring at an alarming frequency, and one of the main causes involves problems authenticating the identity of account holders. The most common approach to authentication is the use of passwords, but passwords are a severely flawed means of authentication. People are being asked to do a nearly impossible task – create unique, long, and complex passwords for each of the numerous accounts they hold, change them frequently, and remember them all. People do very poorly in following these practices, and even if they manage to do so, hackers and phishers can readily trick people into revealing their passwords.

There is widespread consensus about the problems with passwords. Better alternative authentication techniques exist, such as two factor authentication, yet organizations have been slow to move to these alternatives. In this essay we argue that in certain circumstances, the FTC should start requiring better methods of authentication than passwords alone. We explore the foundation in current FTC jurisprudence for such action, and suggest how the FTC should start making the push toward improved authentication.

Number of Pages in PDF File: 8

Keywords: data security, cybersecurity, FTC, authentication, password, two factor authentication


Open PDF in Browser Download This Paper

Date posted: July 28, 2015 ; Last revised: October 10, 2015

Suggested Citation

Solove, Daniel J. and Hartzog, Woodrow, Should the FTC Kill the Password? The Case for Better Authentication (July 27, 2015). 14 Bloomberg BNA Privacy & Security Law Report 1353 (2015); GWU Law School Public Law Research Paper No. 2015-33; GWU Legal Studies Research Paper No. 2015-33. Available at SSRN: https://ssrn.com/abstract=2636366

Contact Information

Daniel J. Solove (Contact Author)
George Washington University Law School ( email )
2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)
HOME PAGE: http://danielsolove.com

Woodrow Hartzog
Samford University - Cumberland School of Law ( email )
800 Lakeshore Dr.
Birmingham, AL 35229
United States
HOME PAGE: http://cumberland.samford.edu/faculty/woodrow-n-hartzog
Stanford Law School Center for Internet and Society ( email )
Palo Alto, CA
United States
HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog

Feedback to SSRN


Paper statistics
Abstract Views: 2,326
Downloads: 406
Download Rank: 55,476