Feb 06 20
Bill Gates: The wizard of murk
Posted by Munir Kotadia @ 14:48 4 comments
Kicking off the RSA security conference in San Jose last week, Microsoft's chairman Bill Gates told the masses of security folk that the next version of Windows will mark the beginning of the end for passwords.
Apparently, a tool called InfoCards will provide us with the foundation we require to slowly phase out the password.
"I don't pretend that we are going to move away from passwords overnight, but over three or four years, for corporate systems, this change can and should happen," said Gates.
Now this is the third year in a row that Bill has opened the RSA conference and the second time he has predicted the demise of the password.
Two years ago I was in San Francisco for Bill's first opening keynote and at the time he told us that "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."
I feel it my duty to point out that in May last year at the AusCERT conference on Australia's Gold Coast, Jesper Johansson, senior program manager for security policy at Microsoft, said the security industry had been giving out the wrong advice to users by telling them not to write down their passwords: "How many have a password policy that says under penalty of death you shall not write down your password? I claim that is absolutely wrong. I claim that password policy should say you should write down your password."
Lets not worry about this for now and get back to Johansson's boss.
Two years ago, Gates didn't seem to have a solution to the password problem but he did flog the relative merits of SecurID for Windows, which was a partnership between Microsoft and RSA that would allow easy integration of RSA's almost ubiquitous tokens with Microsoft's ubiquitous operating system.
However he may have thrown a spanner into the works by admitting -- during the same keynote a few minutes later -- that Microsoft itself had decided not to deploy RSA's tokens in its Redmond campus and had instead opted for a smartcard-based solution.
Oh, and I do believe that at the same time he also said the spam problem would be eradicated within two years. That deadline has passed and, as he admitted on stage last week, there is still 'work to be done'.
So what do we make of Bill's latest 'prediction'?
I was talking about this to a friend of mine who also happens to be a very respected security guru and he said something that sums up the situation nicely.
"There's no place like home. There's no place like home. Bill is just like Dorothy, he thinks that if he says it enough times it will come true."
Bill Gates is so out of touch it's not funny...it's the young guys that are doing great things in Microsoft at the moment.
Rob