Saturday, May 07, 2005
Passwords are passe
So when was the last time you changed your password? Maybe the company you work for requires you to change your work password every 60 or 90 days or something like that. They might have stricter rules about not reusing any of the previous 5-6 passwords or how they have to be alpha numeric with a special character blah blah.
But how about your personal passwords? Lets say your hotmail password. Did you *ever* change it since you created it? I have only changed my hotmail password once since I created my account in 1998. Thats not just me, that is a typical user behavior. There are a gazillion issues with passwords and managing them. Here are a few:
Computer manufacturers need to ship keyboards and/or mice with inbuilt fingerprint scanners. Browsers like IE and Firefox should be able to scan your index finger and send it to a website whenever it asks for you to sign-up or sign-in. Ofcourse the whole process of sending across fingerprints should be encrypted end-to-end. Mobile phones need to be equipped with fingerprint scanners as well, that let you sign-in into your email account.
The password issue is going to become messier as we move ahead with putting stuff like videos, photos, blogs, music on the network. The network could be a home network or something like a file store online. Everything needs a password these days: phones, wireless routers, voicemail accounts, websites, TV's etc. Our reliance on digital stuff is increasing. We need to rely on the digit (aka finger ~ pun intended) to make the digitization of our lives simpler.
But how about your personal passwords? Lets say your hotmail password. Did you *ever* change it since you created it? I have only changed my hotmail password once since I created my account in 1998. Thats not just me, that is a typical user behavior. There are a gazillion issues with passwords and managing them. Here are a few:
- Each website or service that you register with requires you to create a new username and password.
- Each one has a different rule for what constitutes a safe password or the length of your password.
- You typically have 2-3 passwords that you resuse everytime you register on a website. One the them might be the cryptic one that you use with your bank accounts and such, one of them might be the lousy (eg 1234) one that you use for stuff like hotmail.
- You dont change your password ever. (you think: who is break into my free New York Times registration?)
- You write down your passwords in a text file that you put on your desktop or carry in your wallet.
- You think of a genius password (or so you think!) that no one should be able to guess. Like some word in your native language. This doesnt work, because crackers usually conduct dictionary attacks and yes they use native dictionaries. I have around 40 native language password dictionaries, that can be used for an attack.
Computer manufacturers need to ship keyboards and/or mice with inbuilt fingerprint scanners. Browsers like IE and Firefox should be able to scan your index finger and send it to a website whenever it asks for you to sign-up or sign-in. Ofcourse the whole process of sending across fingerprints should be encrypted end-to-end. Mobile phones need to be equipped with fingerprint scanners as well, that let you sign-in into your email account.
The password issue is going to become messier as we move ahead with putting stuff like videos, photos, blogs, music on the network. The network could be a home network or something like a file store online. Everything needs a password these days: phones, wireless routers, voicemail accounts, websites, TV's etc. Our reliance on digital stuff is increasing. We need to rely on the digit (aka finger ~ pun intended) to make the digitization of our lives simpler.
Copyright Anand Jain 2004, 2005. All rights
reserved.
Webmaster
