I’ve been on the internet a long time. A long time.
And in that time I’ve signed up to a lot of different things.
An awful lot.
And most of the time, there is a username/email and password combo that is required. And most don’t use Multi Factor Authentication of course.
And I hate it.
I hate passwords. Totally hate them.
They are annoying and I have to remember them.
And don’t get me started on password managers.
Oh… point to note… just start using one of them. It doesn’t matter which one, just start using one. It’ll make life a bit easier (eventually), but they are annoying to start with.
But I have a few issues with my internet usage over the past… more than 2 decades.
I can’t remember what I’ve signed up for.
I can’t even remember what my account details are for most things (or even if I have an account!).
So who the heck has my passwords?
And are they secure?
And have any of the sites I signed up to been hacked at any point?
Would they even know?
Have I reused passwords somewhere? (because nobody ever does that do they… no never… especially not me)
Expire my passwords
What I really want is a big button.
(A big red button preferably)
That allows me to hit it and expire any account passwords I haven’t used in … 3 months (say).
So long as there is a way to reset my password, this would be fine.
But it kind of relies on everybody doing it.
And that I can’t guarantee of course.
But it would at least be a start.
In fact, if the button just expired all my passwords for a given email address, that would be even better.
Although that’s not perfect either, because some of my emails I don’t have access to any more (that might not be a problem except accounts can sometimes store more than one email, so it wouldn’t be a leap to assume anything).
Passwords are broken
The idea of a password is essentially broken.
The advent of Multi Factor Authentication is hugely useful, to stop people being hacked left right and centre. I use Authy on a daily basis with work, and while it’s an extra step, it’s helps me feel a little better.
It does bother me that since the advent of the internet we still have not come up with a better solution than username/password.
In fact, sending someone an expiring link to their email strikes me as a better solution to logging in than a username/email combo.
Simply put, I hate passwords.
They rely on people to manage their own security via good password choosing and until you understand what a good password is (and the advice changes) you really can’t do that.
And the people who force us to use capitals and numbers and one non-alphanumeric character basically means that we’re being made less, not more secure.
Come on tech world, we can do better than this!
I am certain that we can produce a better solution that will produce a more secure and robust system for the world.
I primarily blame techies for basically copying and pasting code about usernames and passwords from site to site and framework to framework. It’s easy and a common path, which means that we can sit back and relax.
Oh and social sign on (with Google/Twitter/Facebook etc) is not a huge amount better. Because if you get into my Google/Twitter/Facebook account, you might be able to access pretty much everything else. EVERYTHING.
We must come up with a better solution, and one that doesn’t rely on extra devices, and it must also work on mobiles.
I like Twitter Digits which sends an SMS to your number to provide the login. But the mobile network isn’t exactly renowned for it’s security (it does seem ridiculously simple to spoof and hack actually). But it may be a better solution than passwords (maybe).
I’m off to change my twitter, facebook and google passwords (again)… because internet.