We saw it coming.
As far back as several decades ago. Remember those innocent, nostalgic days when we only had to remember a few passwords? Like an email account, or maybe an online banking account?
Those days are gone. The passwords I am now expected to remember have accumulated…like barnacles on the hull of the ship of life…like warts on the frog of society…like hangnails on the fingers of ambition. Like…
You get the point.
All My Keys Were Locked in my Car As it Was Running
In my college years, I used to keep all my keys on a chain. This included my apartment keys, my car keys, my bike keys, my work keys…a feck-load o’ keys. It was a blustering snowy night in Syracuse, and I had started the car. I had to step out to wipe the snow off the windshield – not realizing that I had locked and closed the door. THE CAR WAS RUNNING. I couldn’t get into my car to turn off the engine. I couldn’t get into my apartment, which was across the street…I was stuck.
I won’t get into the story of how I solved the problem. I just wanted to make a comparison. IT SUCKS.
Now that most of our keys are virtual (and require memory), we have new problems.
I HAVE TO CHANGE MY PASSWORDS FREQUENTLY (because I keep forgetting them) AND THEY ARE SUPPOSED TO BE HARD FOR OTHERS TO FIGURE OUT (which means…I keep forgetting them).
Have you noticed that some web sites will rate your new password right as you are typing it? Like, it’ll say your password is STRONG or WEAK, etc? Don’t you hate it when you squeeze another password into your brain, and you strain to remember it, only to discover that you have to start all over because you forgot to include at least one number, one capital letter, at least three Chinese characters, two trigonometric symbols, and four Egyptian hieroglyphics.
Does this sound familiar? …
“I’m locked out after too many login attempts”
Many people are giving a shout-out for the new services that provide a solution by remembering all of your passwords, and reducing your need of memory to one single password that you to use for that service. It basically does the remembering for you.
I don’t know about you, but that just kinda creeps me out. A blow to the head is all it would take to knock that single password out of my memory. Then what?
WHAT’S THE SOLUTION? Multiple Biometrics
It is already becoming a standard practice to use multiple assurances (like security questions) to recover accounts, so things are moving in the right direction. It may be a while though before technology for biometrics becomes commonplace. But I think it’s INEVITABLE.
Imagine that your password is 80% reliable. Now imagine that you are using a computer that has hardware to take your fingerprint. Imagine that your fingerprint is 80% reliable. If you enter both the password and the fingerprint, then you have 96% reliability.
Imagine that you can announce your name, and the microphone picks up your voice and compares that to a pre-recorded sound of you saying your name, and that is 50% reliable. Now we are up to 98% reliability.
If the threshold for entry into an account were set to some value (like 78% for a casual social media app or, 99.5%, for a sensitive financial account) then you could issue a combination of biometric data to get the % up the the necessary threshold. This would allow for more variability, and flexibility.
Just Try To Steal My EyeBall, My Voice box, My Fingers, Or My Memory
In the future, when biometrics is a common form of password protection, you might try to run off with one of my eyeballs and use that to forge my iris scan, in an attempt to hack into my bank account.
But you won’t get very far.
One reason is that my cousin Guido doesn’t take too kindly to people running off with my body parts…if you catch my meaning.
Another reason is that there’s a lot left of me that would still be needed. And one of those things just might be a password. And the whole point is that we should have many modes of identity detection. This is the way nature prefers it.
Imagine that you and I are friends. We meet on a street corner and I tell you that I am in a bad way, and I need to borrow $200 dollars, and I promise to pay you back next month. After talking this over for a few minutes, you are probably not going to stop and say…..hmmm, are you really Jeffrey Ventrella? Prove to me that you are who you say you are!” No. You will be 100% sure it is me; you will have no hesitation about who I am (although you may have some hesitation about trusting me to pay you back – but that’s another issue, which I prefer not to get into).
Why do you know it’s me? Multimodal communication: the sound of my voice, the shape of my face, the words I speak, the clothes I wear, the fact that we are in front of the local coffee shop…the list goes on. Multiple assurances are built in to natural language. Only a rich combination of multimodal identity assurances will get us past the current password crisis.
This is of course not all that there is to say about how to solve the password crisis. It’s a little scary to have bits of my identity flying across the internet and being processes on servers out there in the world. A corporation or a government will probably run that server. I damn-well better trust that server!
For now, I’ll just leave it at that. I’d love to hear your thoughts. Unless you are a flower child living in a remote forest and subsisting on mushrooms and larvae, you probably have experienced password anxiety.
Tell me what YOU think!