Since the dawn of the electronic age, the computer password has been a trusted guardian of secrets large and small. For many people, obtaining their own password became a rite of initiation into computer culture itself.
Now, growing numbers of security experts feel that the password in its common form is too old and unsophisticated for the job.
A troubling flurry of computer break-ins on the global network known as the Internet has brought new calls for more modern means to safeguard electronic information. Members of the Internet Architecture Board, an industry group that oversees the network's design, decided at a California meeting last week to push for such changes.
What would follow is unclear. Under one proposal, people would use calculator-like devices that would generate "use once, throw away" passwords each time they signed on to a machine.
Whatever change occurs will not come easily. No single group directs security for the world's computers. Moreover, when people see the cost and bother of tightening, they often decide they're not so worried after all. "There's generally a trade-off between security and utility," said Lance Hoffman, a George Washington University professor who specializes in security issues. "And people will almost always opt for utility."
Computer passwords are a modern day adaptation of techniques soldiers have used since ancient times to verify who is approaching in the dark.
To gain access to the information in a computer, the user first types in his or her name, then a password, which is meant to be held in secret. The computer checks its records to see if the name and password match and opens itself up for use if they do.
They were developed first for mainframes and networks. Institutions such as companies and government agencies wanted to ensure that their personnel records and financial accounts were not on display to anyone dialing up their machine.
In recent years, passwords have come into common use in home computers as well. Passwords have been faulted as security risks when used with any type of computer. But concern is focusing now on passwords sent over communications networks as people sign on to distant machines.
The recent incidents have all shown a common method: After gaining surreptitious access to a computer that routes traffic on the Internet, parties secretly placed in them surveillance software that collects names and passwords automatically as they pass by.
In this way, tens of thousands of passwords may have been compromised, according to the Computer Emergency Response Team, a federally funded group at Carnegie Mellon University. To date, whoever has them appears to have done little with them. Still, concern is high, as it would be if burglars were discovered to have obtained the duplicate keys to a like number of front doors.
Most solutions focus on finding a practical way to make passwords change frequently, so that anything captured quickly becomes worthless. The simplest way is to give the user a list of passwords and to program the computer to accept them in that order. Each time the user signs on, one password is used and then struck from the list.
Other systems give the user some special electronics. In one version, a calculator-type device displays passwords that change at a preset time interval. When signing on, the person types in the currently shown password. The distant computer, which is synchronized with the user's device, checks whether it is the right password for that particular time.
Another system relies on the "challenge-response" approach. The user employs a local machine to do a preliminary log-on to a distant machine. That one then sends back a randomly selected number and asks the local computer to perform a set of calculations on it, based on calculations stored in the local computer.
The distant computer has the instructions too, and by doing the calculations itself can determinewhether it gets the right answer back. It is a complex process designed to keep someone from reaching the distant machine by pretending to be connecting from an authorized local computer.
Other proposals include a "bank card" sign-on system. Before putting in a password, people would have to insert a magnetic card, as they do at cash machines.
The list goes on: Theoretically, security systems that scan the retinas of users to verify their identities could become common.
Each system has drawbacks. Giving people a card, or a list of passwords, would presumably lead criminals to focus on finding and stealing them. And all would cost money.
Security experts in the meantime are stressing traditional means of tightening security. People are encouraged not to write down passwords (many people simply tape them to their screens), and to use something other than obvious choices such as their first names or birthdays.
Many systems require too that passwords include such keyboard characters as asterisks or ampersands so they are not real words. This makes it harder for outsiders to launch "dictionary attacks," in which words from an electronic dictionary are tried one after the other as a password with a particular user's name.
But many experts say that in the long term, something new is required. For now, said Bill Wisner, system administrator for The Well, a San Francisco computer service, "we're in that first experimental look at the ideas."
Change passwords after one use, so that any password captured illegally would become worthless. A computer user could have a list of passwords that the computer is programmed to accept in a particular order. Once a password is used, it is struck off the list.
Use a hand-held electronic device that displays passwords but changes them frequently. When signing on, the person types in the password shown. The computer, which is synchronized with the user's password device, checks whether it is the right password for that time.
Program the computer being accessed to send a randomly selected number to the user's own computer. The user's computer then performs a unique set of calculations on the number and sends the answer back. The distant computer knows what the correct answer should be and rejects access if the answer is wrong.
Insert a magnetic card, such as those used at ATM cash machines, before entering a password.