The day of the password is done
With so many Web sites demanding passwords, no one, but no one, can really be expected to remember all the ones they need
Computerworld - When the popular Web site Gawker was hacked into recently, more than a million user IDs and passwords were released. If you were one of the people compromised that's annoying -- very annoying. Not that it's a big deal that someone could log into a gossip site under your name. But many of those people used those same IDs and passwords on other sites that are a wee bit more important, such as LinkedIn. Now, that's a problem.
What should you do about it? Well, I could tell you that you need to use different passwords for different sites; that you need to pick passwords other than that all-time favorite, 123456; and that you should change your passwords every month for every site. I'm not going to, though. It's all good advice, mind you, but it's also all pretty darn useless.
People never have, and never will, use good security practices. After more than 30 years of working with networks and security, I'm ready to give up on trying to get the general public to do the right things to keep themselves safe. In a company, it's a different matter. It's a pain, but if you keep at it and enforce the rules, eventually you'll get most of the people to do the right things most of the time. But people at home? It's not going to happen.
Besides, there's another issue here. At work, people need to recall, at most, two or three IDs and passwords. If you do single sign-on right, all they'll need is one. On the public Internet, though, people have to remember their IDs and passwords for their bank, Facebook, Twitter, school, Gmail, phone, electric, 401(k), LinkedIn, Computerworld and countless other accounts.
Who can manage to remember dozens of IDs and passwords for dozens of sites? I'll tell you who: no one.
I can't do it, and I'm blessed with a good memory for random alphanumeric strings -- you really don't want me to get a good look at your credit card number. If I can't do it, no one who isn't blessed with a photographic memory can do it.
What I do is keep a long list of user IDs and passwords in my head. Some of them I use only on trivial sites such as Gawker (though I don't have an account there). Others, I keep only for important sites, such as LinkedIn. And a few I save only for vital sites like my bank. Those last are tied in my memory with a specific site. So, for example, I have one ID and password for my health insurance site that I don't use for any other sites.
More by Steven J. Vaughan-Nichols
- Steven J. Vaughan-Nichols: Patent trolls under attack, but not dead yet
- Steven J. Vaughan-Nichols: Bye, Nokia, nice knowing you
- Steven J. Vaughan-Nichols: Who should really worry about Apple/IBM? Microsoft
- Steven J. Vaughan-Nichols: Does HP have a development pipeline or a pipe dream?
- Steven J. Vaughan-Nichols: Give us the Windows 8 Start menu and no one will get hurt
- Steven J. Vaughan-Nichols: Windows 8.1 Update 1, now with less annoyance
- Steven J. Vaughan-Nichols: Here comes the black market for XP patches
- Steven J. Vaughan-Nichols: What's the best smartphone? That's the wrong question.
- Steven J. Vaughan-Nichols: Office for iPad: Big deal, or big yawn?
- Steven J. Vaughan-Nichols: Who needs operating systems anymore? Not you.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!