I love articles like this short bit about password security from eWeek because there are simple parts to them that I like and other parts that I really disagree with.
What I agree with: Yes, I truly think biometrics will continue to increase in widespread use, even down to individual systems. But unlike passwords, the simple use of these things can provide false positives or true negatives and will not reduce any dependency on help desks. In fact, help desks might be even more encumbered as fixing biometric logon issues is a bit more complex and dangerous than just resetting someone’s password.
Yes, I think single sign-on technologies should be focused on as much as possible, even though they tend to be a luxury for many IT departments as opposed to what just happens. But single sign-on technologies should not be confused with actual authentication technologies. They are separate entities.
And yes, users tend to write down their passwords just like people put spare keys under their car, under the doormat or nearby garden rock or on the back door frame.
What I don’t agree with: Passwords written down on paper are better than easy to remember passwords that are not written down, especially passwords that are too simple. While a complex password might be written down on paper next to a desk, an attacker still must have local access (either personally or through an insider) to the physical facility to read the paper. A simple password on a networked system can be guessed or cracked. So I find it dubious to dismiss passwords simply because they can be written down. For technical peope who are comfortable with passwords and password safety, they are just fine.
No IT help desk should complain about user password reset requests. That is why that business function is there, and any alternative is going to be more of a headache than verifying the user and resetting the password. This should not be an argument for alternative forms of authentication.
In the end, there is no 100% perfect authentication system, which is why I dislike articles like these which try to dismiss one because it is not 100% perfect, and market others (whether a new idea or just the same old rote from 2 years ago, like this article). Yes, passwords have issues and there are risks associated with any level of their use, but they are easy and are going to continue to be used for many, many years to come for a variety of things (although perhaps the highest security for information and perhaps corporate use may shift as higher order tech lowers in cost).