Sunday, November 30, 2014

Time to get rid of passwords? Not so fast

Read that NY times article about passwords? Well, it’s pretty interesting. I actually don’t hate passwords, but that’s because I’m not using them correctly. I don’t change them that often and I certainly don’t have a different password for every account. Of course my online bank-account password is not the same as the one I use for Twitter, but if someone obtains my “main” password, they will have access to a lot of my accounts.

My most important password is the one I use for my Google account. It’s tied to almost every consumer product Google has available, but if you have access to my Google account, you will also be able to change the passwords on every other account I have. My Google password is unique and quite long and I have 2-step verification enabled.

In Chrome, the browser I use most of the time, I saved a lot of passwords, so clicking the sign-in button would be enough. Of course my computer account is locked, so my Microsoft password might be as important as my Google password. I’ve been reading about passwords for the past week and like I said, I don’t hate them, but it’s proven that people use pretty bad passwords. Some people simply use “password” or “incorrect” so if they forget their password, the site would say “your password is incorrect”. Something that seemed quite safe to me was using a completely random password that you don’t remember and hit “forgot password” the next time you want to sign in. That way, the only password you need to remember is the one you use for your mail account.

But what if we completely get rid of the password and only use a code that’s sent to our phone, like with 2-step verification? You need to secure your phone obviously, but you never ever have to remember a password. I was convinced that this was a pretty good solution, until I read that NY Times article. A few months ago I read an article on Medium called “how a password changed my life” so I knew that passwords were more to people than just a bunch of (random) characters. I really like the idea of setting goals through passwords, but like I said, I almost never have to type them.

But the NY Times article really showed me that for some people, passwords are a way to forget things, or remember them. It showed me that sometimes an emotional story is attached to what seems to be a normal word. It could hide a secret, or refer to a desire. If your password is anything like that to you, it’s not easy to get rid of it.

But still, there are many people who choose a password that is so weak that it’s not more than a formality. Simple passwords are easier to remember, they say. My passwords are not based on an emotional story, but they consist of multiple words that don’t make any sense when combined. They don’t seem very difficult, but for some reason I made them up this way. They’re coming out of my mind. Perhaps I attached a story to them, unconsciously. And yes, now I’m thinking of it, there might be a story. It might have something to do with curiosity, something I’ve always found interesting but I wasn’t very good at. Am I saying to myself to try again? Is that really what happened in my mind during the creation, that took not longer than a minute? In the end they’re just passwords, right?


Further reading:

The Secret Life of Passwords — NY Times

How a password changed my life. — Medium, @manicho

Let’s Boycott Passwords — Medium, @ninjudd

Passwords are Obsolete — Medium, @ninjudd

No comments:

Post a Comment