The Password Crisis is NOW

We saw it coming.

As far back as several decades ago. Remember those innocent, nostalgic days when we only had to remember a few passwords? Like an email account, or maybe an online banking account?

Those days are gone. The passwords I am now expected to remember have accumulated…like barnacles on the hull of the ship of life…like warts on the frog of society…like hangnails on the fingers of ambition. Like…

You get the point.

change-all-the-passwords

All My Keys Were Locked in my Car As it Was Running

In my college years, I used to keep all my keys on a chain. This included my apartment keys, my car keys, my bike keys, my work keys…a feck-load o’ keys. It was a blustering snowy night in Syracuse, and I had started the car. I had to step out to wipe the snow off the windshield – not realizing that I had locked and closed the door. THE CAR WAS RUNNING. I couldn’t get into my car to turn off the engine. I couldn’t get into my apartment, which was across the street…I was stuck.

top-worst-passwordsI won’t get into the story of how I solved the problem. I just wanted to make a comparison. IT SUCKS.

Now that most of our keys are virtual (and require memory), we have new problems.

I HAVE TO CHANGE MY PASSWORDS FREQUENTLY (because I keep forgetting them) AND THEY ARE SUPPOSED TO BE HARD FOR OTHERS TO FIGURE OUT (which means…I keep forgetting them).

Passwords_Tattoo

Have you noticed that some web sites will rate your new password right as you are typing it? Like, it’ll say your password is STRONG or WEAK, etc? Don’t you hate it when you squeeze another password into your brain, and you strain to remember it, only to discover that you have to start all over because you forgot to include at least one number, one capital letter, at least three Chinese characters, two trigonometric symbols, and four Egyptian hieroglyphics.

Does this sound familiar? …

“I’m locked out after too many login attempts”

Many people are giving a shout-out for the new services that provide a solution by remembering all of your passwords, and reducing your need of memory to one single password that you to use for that service. It basically does the remembering for you.

I don’t know about you, but that just kinda creeps me out. A blow to the head is all it would take to knock that single password out of my memory. Then what?

WHAT’S THE SOLUTION? Multiple Biometrics

Biometrics_traits_classification[1]

It is already becoming a standard practice to use multiple assurances (like security questions) to recover accounts, so things are moving in the right direction. It may be a while though before technology for biometrics becomes commonplace. But I think it’s INEVITABLE.

Imagine that your password is 80% reliable. Now imagine that you are using a computer that has hardware to take your fingerprint. Imagine that your fingerprint is 80% reliable. If you enter both the password and the fingerprint, then you have 96% reliability.

Imagine that you can announce your name, and the microphone picks up your voice and compares that to a pre-recorded sound of you saying your name, and that is 50% reliable. Now we are up to 98% reliability.

If the threshold for entry into an account were set to some value (like 78% for a casual social media app or, 99.5%, for a sensitive financial account) then you could issue a combination of biometric data to get the % up the the necessary threshold. This would allow for more variability, and flexibility.

Just Try To Steal My EyeBall, My Voice box, My Fingers, Or My Memory

In the future, when biometrics is a common form of password protection, you might try to run off with one of my eyeballs and use that to forge my iris scan, in an attempt to hack into my bank account.

But you won’t get very far.

thumbOne reason is that my cousin Guido doesn’t take too kindly to people running off with my body parts…if you catch my meaning.

Another reason is that there’s a lot left of me that would still be needed. And one of those things just might be a password. And the whole point is that we should have many modes of identity detection. This is the way nature prefers it.

Imagine that you and I are friends. We meet on a street corner and I tell you that I am in a bad way, and I need to borrow $200 dollars, and I promise to pay you back next month. After talking this over for a few minutes, you are probably not going to stop and say…..hmmm, are you really Jeffrey Ventrella? Prove to me that you are who you say you are!” No. You will be 100% sure it is me; you will have no hesitation about who I am (although you may have some hesitation about trusting me to pay you back – but that’s another issue, which I prefer not to get into).

Why do you know it’s me? Multimodal communication: the sound of my voice, the shape of my face, the words I speak, the clothes I wear, the fact that we are in front of the local coffee shop…the list goes on. Multiple assurances are built in to natural language. Only a rich combination of multimodal identity assurances will get us past the current password crisis.

Big Bro

This is of course not all that there is to say about how to solve the password crisis. It’s a little scary to have bits of my identity flying across the internet and being processes on servers out there in the world. A corporation or a government will probably run that server. I damn-well better trust that server!

For now, I’ll just leave it at that. I’d love to hear your thoughts. Unless you are a flower child living in a remote forest and subsisting on mushrooms and larvae, you probably have experienced password anxiety.

Tell me what YOU think!

.

Advertisements

The Case for Slow Programming

My dad used to say, “Slow down, son. You’ll get the job done faster.”

I’ve worked in many high-tech startup companies in the San Francisco Bay area. I am now 52, and I program slowly and thoughtfully. I’m kind of like a designer who writes code; this may become apparent as you read on :)

Programming slowly was a problem for me when I recently worked on a project with some young coders who believe in making really fast, small iterative changes to the code. At the job, we were encouraged to work in the same codebase, as if it were a big cauldron of soup, and if we all just kept stirring it continuously and vigorously, a fully-formed thing of wonder would emerge.

It didn’t.

Many of these coders believed in the fallacy that all engineers are fungible, and that no one should be responsible for any particular aspect of the code; any coder should be able to change any part of the code at any time. After all, we have awesome services like github to manage and merge any number of asynchronous contributions from any number of coders. As long as everyone makes frequent commits, and doesn’t break anything, everything will come out just fine. 

Bullshit.

You can’t wish away Design Process. It has been in existence since the dawn of civilization. And the latest clever development tools, no matter how clever, cannot replace the best practices and real-life collaboration that built cathedrals, railroads, and feature-length films.

Nor can any amount of programming ever result in a tool that reduces the time of software development to the speed at which a team of code monkeys can type.

Dysrhythmia

The casualty of my being a slow programmer among fast programmers was a form of dysrhythmia – whereby my coding rhythm got aliased out of existence by the pummeling of other coders’ machine gun iterations. My programming style is defined by organic arcs of different sizes and timescales, Each arc starts with exploration, trial and error, hacks, and temporary variables. Basically, a good deal of scaffolding. A picture begins to take shape. Later on, I come back and dot my i’s and cross my t’s. The end of each arc is something like implementation-ready code. (“Cleaning my studio” is a necessary part of finishing the cycle). The development arc of my code contribution is synonymous with the emergence of a strategy, a design scheme, an architecture.

And sometimes, after a mature organism has emerged, I go back and start over, because I think I have a better idea of how to do it. Sometimes I’m wrong. Sometimes I’m right. There is no way to really know until the organism is fully formed and staring me in the face.

Anyway, back to the cauldron-soup-programmers. The problem is this: with no stasis in the overall software ecosystem – no pools of stillness within which to gain traction and apply design process, how can anyone, even a fast coder, do good design?

brain

Any coder who claims that fast programming is the same as slow programming (except that it’s fast), doesn’t understand Design Process. For the same reason that many neuroscientists now believe that the fluid-like flow of neuronal firing throughout the brain has a temporal reverberation which has everything to do with thought and consciousness, good design takes time.

The Slow Programming Movement

According to Wikipedia: “The slow programming movement is part of the slow movement. It is a software development philosophy that emphasises careful design, quality code, software testing and thinking. It strives to avoid kludges, buggy code, and overly quick release cycles.

Wikipedia also says this about “Slow Software Development”: “As part of the agile software development movement, groups of software developers around the world look for more predictive projects, and aiming at a more sustainable career and work-life balance. They propose some practices such as pair programmingcode reviews, and code refactorings that result in more reliable and robust software applications.”

Venture-backed software development here in the San Francisco Bay area is on a fever-pitch fast-track. Money dynamics puts unnatural demands on a process that would be best left to the natural circadian rhythms of design evolution. Fast is not always better. In fact, slower sometimes actually means faster – when all is said and done. The subject of how digital technology is usurping our natural temporal rhythm is addressed in Rushkoff’s Present Shock.

There’s another problem: the almost religious obsession with technology – and a fetish-like love for tools. People wonder why software sucks (and yes, it sucks). Software sucks because of navel-gazing. Fast programmers build hacky tools to get around the hacky tools that they built to get around the hacky tools that they built to help them code.

This is why I believe that we need older people, women, and educators INSIDE the software development cycle. More people-people, fewer thing-people. And I don’t mean on the outside, sitting at help desks or doing UI flower arranging. I mean on the INSIDE – making sure that software resonates with humanity at large.

I’m Glad I’m not a Touch-Typist.

A friend of mine who is a mature, female software engineer made an interesting quip: “software programming is not typing”. Everyone knows this, but it doesn’t hurt to remind ourselves every so often. Brendan Enrick discusses this. The fact that we programmers spend our time jabbing our fingers at keyboards makes it appear that this physical activity is synonymous with programming. But programming is actually the act of bringing thought, design, language, logic, and mental construction into a form that can be stored in computer memory.

My wife often comes out into the yard and asks me: “are you coding?” Often my answer is “yes”. Usually I am cutting twigs with a garden clipper, or moving compost around.

Plants, dirt, and clippers have just as much to do with programming as keyboards and glowing screens.

We are transitioning from an industrial age and an economic era defined by growth to an age of sustainability. Yes, new software and new businesses need to grow. But to be sustainable, they need to grow slowly and with loving care. Like good wine. Like a baby.