Zuger

Zuger

While we all may have seen the headlines late last week together, it’s likely that we’re feeling various levels of relief or security in their potential. In an amalgamated way those headlines read, “Apple, Microsoft, and Google are making passwords unnecessary.”

You are not alone if you find yourself celebrating. It sometimes seems like as much time and energy goes into managing your passwords than goes into using the websites and applications that require them in the first place. Pitchforks and torches have assembled since the password regimen really amped up around 10 or 12 years ago. When password “strategies” began demanding specialized characters and other rules that took you outside of mere letters and numerals, we in the cyber community heard the clamoring.

At the same time they were growing in complexity, so too did the password’s use expand. More services went from brick-and-mortar to being online. Think banking, insurance, and retail. Thus, more passwords. In the workplace, online trainings supported by outside vendors, HR processes, payroll … much began migrating to computer-based activities. Thus, more passwords. In the classrooms, tablets and all their software have overtaken textbooks. Thus, more passwords. The list is as long as your current list of passwords and it seems like, for me at least, not a month goes by without some newfangled widget that promised to make life easier in fact added another password, making life balance backwards a bit.

Now, with 438 different sets of user credentials, which, let’s face it, amount more simply to 438 passwords—okay, okay … we all are guilty of using the same handful of passwords across those hundreds of entry points—there is the maintenance requirement. This is a rather new edition to security’s theater. The notice that “Your password has expired” compels rolled eyes, arms thrown up like you just do care, or worse. It’s worse because Lo! and Behold creating a different password, such as lazily repeating one you’d used before, merely elicits another error message. Then, attempt three doesn’t include both capital and lower-case letters. Then, you used a special character, but not the specialist of special characters so try another special one. Many oh-so-secure websites don’t require you to create new passwords every 90 days. Those present us with both relief and skepticism.

Heaven forbid you lose or forget your password! Now you’re into another domain altogether, and still not accessing the service, website, or online need behind the password roadblock. Time to answer some questions. What high school did you go to? How about its mascot? Where did your paternal grandfather grow up? Your first pet’s name? How long do you brush your teeth? What song was playing the first time…. You get it. The safety net keeping the whole shebang from crumbling, security-wise, can be found in these crafty, personal, and I suppose never-guessable or -knowable details of life. Not for nuthin; but a security solution to the risk in sharing personal, private information online is to dive deeper and disclose even more? Really dark. For more theater’s sake, meaning to give myself some false confidence, I play this game with the personal questions safety net model. “What is your favorite vacation location?” has as its response in my world, “Turkeyleg75.” “What is your mother’s maiden name?” gets “{}{}grapefruit.” See. I’m soooo smart.

Good news. Once you answer your own very personal questions about the password you forgot, the powers-that-be will send you a link to create, remember, and then forget a new password. All you need to access that link is your email, which requires a password, which may be known to others therefore giving them the privilege of changing your password.

One solution I hear touted in cybersecurity conferences and other gatherings of all we snickering creators of cybersecurity fears and solutions is to incorporate a password manager into your routine. Years ago, not coincidentally when the password approaches became more complicated and time demanding, some Shark Tank-esque entrepreneurs sold some venture capitalists on the notion of another new application needing a password: the password manager. The idea is that we catalog our dozens, scores, or hundreds of user credentials—usernames and passwords, and sometimes the aforementioned personal Q&A—and keep them in one place, easily accessible and convenient.

Yep, please make an incredibly inconvenient part of your workaday, the percentage of productivity that is the noise of password management as compared to the signal of information, become more convenient by way of a password manager. Smart. You could do the following, too. Carefully go room-by-room all throughout your home. Put new locks on every window and door, inside and out. They’re all entry points to your personal private life of course. If you leave one of them unlocked, why lock any? First, though, make sure that all those locks can be opened with but one key. That’s a password manager. Should that one set of user credentials, the one that gives you access to the password manager, fall into the wrong hands … convenience realized … that of the bad guy, at least.

More or less, that’s the newest solution to the convenience problems and all the others associated with passwords. Another hollow hope, if I may be cynical. The strategy is that our smartphone will be the entry point to everything else. Wow! Exciting stuff (that already exists). The biggest tech giants’ solution to our password woes is to fuse our mobile device to our personage, lest we risk that doorway to all the others gets lost, or gets unlocked in some mala fide manner.

I have no better solution, mind you. You and me, we just watch, comply, and complain. And, we endure the inevitable breaches despite all this theater. I’ve been through it all and I feel fine.

Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.

React to this story:

0
0
0
0
0

Trending Video

Recommended for you