Tuesday, February 01, 2005

Passwords

Leigh and I have started doing our taxes, and that meant that I needed to go into an online account that I don't use very often. That, in turn, meant that I had to open up the "File of account IDs and passwords." Since I was in there I decided to count all the accounts. There are about 100 entries in the file. They include:
  • Account IDs and passwords for different email accounts.

  • Account IDs and passwords for different financial institutions.

  • Account IDs and passwords for different credit card accounts.

  • Account IDs and passwords for different servers and systems at work.

  • Account IDs and passwords for different online services (Amazon, B&N, eBay, paypal, ofoto, etc. etc. etc.)

  • Account IDs and passwords for different forums, online games, etc.

  • And many others
My wife has a file with an equal number of her own IDs and passwords. We all do. Any normal person who does lots of stuff electronically has a file like this. It starts when you get the PIN for your first ATM card and stretches out from there.

This file, of course, is absurd. It has to be on paper lest someone hack into your machine and make a copy of it. The paper copy needs to be kept in a safe, and then you need multiple copies in case someone somehow steals the safe. Lord help you if you were to ever lose the file, because you would be locked out of all sorts of things that you really do need. And Lord REALLY help you if the file ever falls into the wrong hands because of identity theft.

The thing that is so funny about all these passwords (and the reason why people in 2050 will laugh hysterically when they look back at us) is that all of these passwords and IDs are needed to say one simple thing: "I am me." All that you are doing when you type in a password is identifying yourself. But this is such an incredibly sad way to do it. Think of all the problems that our current password systems create, including:
  • First and foremost, when someone else gets ahold of your password (by looking over your shoulder, finding your wallet, hearing you speak the password on the telephone, using a keygrabber or whatever), they can masquerade as you. They can take your money, order things in your name, etc.

  • If you use an easy password, people can guess it (or use computers to crack it) and then masquerade as you.

  • When you forget a password, it is a pain to regain access.
It is possible to imagine all sorts of identification systems that do not involve the memorization of easily-stolen passwords. Biometric-based devices (fingerprint scanners, retina scanners, etc.) are the obvious choice, but there are other possibilities as well.

Just imagine having this conversation with your grandkids in 2050:
    Grandkid: You had to do what???

    You: Well, you would walk up to the machine and type in your password and then you could access your account.

    Grandkid: What if someone saw you type in your password?

    You: Well, then they could steal all of your money.

    Grandkid: You must be joking!
There will be howls of laughter all around! The password system that we use today is primitive beyond belief.

Google

7 Comments:

At 5:46 AM, Anonymous Anonymous said...

Funny that you mention taxes. What will taxes look like in 2050? If Manna comes to pass? If not?

 
At 9:18 AM, Anonymous Anonymous said...

Good article:

At least $548 million lost to identity theft"The U.S. Federal Trade Commission said it received 635,000 consumer complaints in 2004 as criminals sold nonexistent products through online auction sites like eBay Inc. or went shopping with stolen credit cards.

Identity theft -- the practice of running up bills or committing crimes in someone else's name -- topped the list with 247,000 complaints, up 15 percent from the previous year."

 
At 5:12 PM, Anonymous Anonymous said...

Good article:

The Password Is Fayleyure

 
At 2:25 PM, Blogger Dimitar Vesselinov said...

Some sites to look at:

Schneier on Securityhttp://www.schneier.com/blogThe Identity Cornerhttp://www.idcorner.orgIdentity Womanhttp://www.identitywoman.netKim Cameron's Identity Webloghttp://www.identityblog.comPresentations & Audio :: Digital ID World 2004 Conferencehttp://conference.digitalidworld.com/2004/attendees/downloads.php

 
At 1:28 PM, Anonymous Anonymous said...

You'd think that if they use Biometrics in the future, criminals would chop off your fingers instead or do similar bodily harm! OUCH!

 
At 1:48 PM, Anonymous Viagra Online said...

It is being said that having the same password for accounts is not recommendable, but that is my method, I use very similar passwords for the purpose of not having to write them on a paper or save them on my computer.

 
At 11:31 PM, Blogger Learn Chinese language on hanbridgemandarin said...

The best place to study mandarin online is in China. However, we understand that it isn't always possible to move here to study Chinese language. The next best thing is to study with our experienced teachers in a virtual classroom. Online students enjoy the same excellent way of mandarin online lesson and custom designed courseware that we provide for our face to face clients.

 

Post a Comment

<< Home