In 1997, David Harley gave a presentation on social engineering at a European security conference, that included a section on improving password management in the workplace. In the question-and-answer session afterward, the discussion largely ignored social engineering in general and veered into a debate as to why any businesses would still be using static passwords to manage their access control needs when better alternatives were becoming available? Some 12 years later, alternative and supplementary forms of authentication have become far more common (and affordable), but the humble password remains the somewhat crumbling gatehouse to many a security structure.

Read about the general three classes of authentication, why passwords are still very important, potential issues and how to avoid the pitfalls.