The end for passwords – is it time for a new sign-in method?
Passwords are something most of us deal with on a daily basis. But are they the best solution for an internet growing by the day, or is there a better solution staring us in the face?
When I first started using the Internet, I was very green around the gills, and so consequently, I used to use the same password for every site I needed to sign in to. It was more naivety than anything else, but the big problem for me was being able to remember a different password for every single site I used to belong to.
As time has passed and people’s understanding of the need for online security has increased, I and many others have learned to vary it up a little, and use different passwords for different sites. But most of us still use a combination of letters and numbers we feel comfortable remembering, when actually, we should be using a very random grouping.
But however convoluted we make our passwords, the system is so inherently flawed that identity theft scammers and online fraudsters are still likely to be able to bypass a simple password as a security measure. Phishing is the most obvious method, and though we all assume we’re too sensible to fall for it, even the most technology savvy amongst us can fall victim to such plans.
So is it time to actually forget passwords altogether and move on to a secure sign-in method slightly more adept at stumping the criminals? That is exactly what Randall Stross is suggesting in his Digital Domain column of the New York Times. He sides with the experts who suggest we start using digital keys relayed betweena website and your computer by way of an information card.
This method sees us never knowing the random password generated for us to log in to a certain website. Instead we would rely on a cryptographic conversation existing solely between two devices. The good thing is that this technology is already here, with Windows Vista PCs automatically equipped, while XP, Linux, and Mac computers can be updated via download.
The technology also requires websites to adopt the system though, so until they stop requiring simple log-ins, we are still stuck with passwords for the foreseeable future. Stross argues that we are all wasting our time and energy on the OpenID scheme which sees you able to use one password for a whole host of online destinations. OpenID has some big backers, including Google, MySpace, Microsoft, and Yahoo, with more added every few months.
While information cards aren’t flawless either, they do seem to offer a more secure method for controlling access to online accounts. It could well be that we’ll be saying goodbye to password in the future, which for those of us getting on a bit, who can’t remember what day of the week it is, will be an absolute blessing.
Related Posts:
August 10th, 2008
While I completely agree that we need to be moving away from passwords for many interactions online, there is a slight misconception that OpenID is tied to passwords. OpenID does not specify the authentication mechanism for the user to their OpenID Provider which means that we’ve seen many companies (including Microsoft) experiment with alternative authentication mechanisms atop OpenID. The big benefit OpenID then provides them is that they’re instantly able to start letting users use their new authentication mechanism at any site which accepts OpenID logins. More about this over at http://openid.net/2008/08/10/challenges-facing-openid/.