So at the invitation of the fine people at Nixu, I spoke on a panel, around the topic “Secure Digital Transformation in the Future“.

Interesting discussion all round, and I took great pleasure in finding points of disagreement with my co-panellists to ensure there was a bit of real debate.

For me, the most interesting discussion was a question around identity and authentication: “is the password dead” where Joonatan Henriksson and I ended taking opposing views. (He said “yes”, I said “no”).

Joonatan’s view was that passwords are irredeemably insecure and we all need to move on to improved authentication schemes. For the record, I do actually very much hope that the Nixu-sponsored identity scheme, SisuID will see a good deal of success: this is an area where strong technology and governmental backing might make a real difference. And if SisuID can help do away with passwords, so much the better.

My view is though that there is so much infrastructure and UX built around the notion of passwords that they will end up living on indefinitely, even if they have increasingly baroque protections around them. We might have MFA, but we’ll still have a password at the core of that whether we like it or not. Good news for password-manager vendors at least!