In Greek mythology, Cassandra was the daughter of King Priam and Queen Hecuba of Troy. Her beauty caused Apollo to grant her the gift of prophecy. When Cassandra refused Apollo’s attempted seduction, he placed a curse on her so that her predictions and those of all her descendants would not be believed. In the understanding of some modernists, Cassandra’s prophecies were flawed and incapable of coming true. But to the ancients (and in the sense I use it) the prophecies were accurate, amazingly so, but disbelieved because of flawed understanding by the listeners. My listeners frequently site the cost of replacing passwords, or the ease-of-use of passwords for users or even the (unfounded) insecurity of other authentication methods. All of that is true, but also irrelevant. The cost of a data breach, the even easier to use alternative authentication methods and the incorporation of context sensitive risk-based access controls (with the authentication step as simply one factor) all support my thesis.

Fortunately, I’m not a Jeremiah. This Biblical prophet (he’s credited with writing the Book of Jeremiah, 1 Kings, 2 Kings and the Book of Lamentations) was attacked by his own brothers, beaten and put into the stocks by a priest and false prophet, imprisoned by the king, threatened with death, and thrown into a cistern by Judah’s officials. These people didn’t like what he had to say! No one would speak up in Jeremiah’s defense, but a number of people, publications and organizations have taken up the cry to banish passwords as the sole method of authentication for user accounts.

Continue reading on Kuppingercole Blog