By Martin Brampton, 24 May 2005 10:00
COMMENT Keeping track of dozens of user names and passwords is tricky. Martin Brampton asks if there's a better way than writing them down.
After all those years when we ridiculed people for writing their computer passwords on sticky notes under the keyboard, Microsoft comes along and says writing them down is exactly the right thing to do. Perhaps they've got a point.
I thought it was a sign of weakness when I needed a section in my filing cabinet for pieces of paper that have notes of user names and passwords. But now I'm reassured that it was the right thing to do after all.
And remember, it is not just the passwords that have to be recorded, as user names create problems too. Even with a relatively uncommon surname, I quite often find computer systems that will not accept my name because somebody else has already claimed it. You can make up fictitious user names, but everybody else seems to make up the same names, so duplicates frequently crop up.
There is scope for a whole new gift industry now. People love to adorn their possessions with items like leather covers for passports. Those are out of fashion now but there must be a new market for personal password notebooks. Perhaps with brushed aluminium covers to be like the trendiest PC cases? Maybe even LED illumination on the fanciest models?
The real trouble is that we are just not going to find a complete solution to the problem of computers needing to identify people. The elaborate schemes that we invent will work up to a point but attempting complete security is an impossible goal.
After all, it took millennia of evolution for people to achieve the skill they have in recognising one another. A sizeable chunk of the human brain is entirely devoted to facial recognition. And even then, we sometimes get it wrong, especially if circumstances are less than ideal. We also do better within a group of limited size, with large cities increasing the risk of falsely identifying a stranger as someone we know.
Now computers can evolve much more quickly with our assistance and that leads us to capabilities such as voice or iris recognition. So maybe we could solve the problem, if it were not for the fact that in many situations we do not present ourselves directly to the computer that wants to know who we are. Instead, we go through at least one other computer.
Computers are not necessarily honest. So far, they cannot really be said to have such characteristics at all. On a good day, they do pretty much what we ask them to do. In fact, we get quite upset when they fail to do what we ask. But that means that computers are only as honest as the people using them.
Perhaps we should be insisting that people only use computers that are certified to be honest. It would take a lot of research and development to figure out exactly what that implies. It would give the software industry something to do for a while and would almost certainly absorb the increase in processing power provided by the hardware makers for at least the next several years.
When that was done, we could move on to ensuring that computers have high moral standards more generally. Unfortunately, the whole programme would run into difficulties with governments and others who insist that circumstances can justify acting in ways that fall short of the moral high ground. And consumers might be tempted to get these prim and proper computers modified, just as DVD players have had the restriction to one region nullified.
It looks inevitable that the world will continue in its usual messy way, where nothing is really black and white. And we will keep our passwords in a little notebook. Maybe it is better that way.
Comments
There are 8 comments. Join the discussion
1. anonymous
I've just counted the number of entries in my little black book - an awful lot. You are right - there really isnt any other way of doing it. That said, if the black book in question is an encrypted file and only you hold that password then its (probably) safer than a physical book. Less chance of it accidentally going in the washing machine too.
2. anonymous
I believe it is inevitable that one day all human beings will be 'chipped' in one way or another. There are so many applications to which such technology could be used to society's benefit that the objections of civil liberties groups will ultimately be overcome by market forces or a way found to satisy them. This will, of course, take time - during which the technology will continue to advance thus making even more applications readily available. Chips will reduce in size and power consumption ; memory and networking capability and security will increase. Personal chipping will someday take the place of : userid/passwords, wallets, driving licenses, passports, medical records, keys of all descriptions, membership cards, personal and public health monitoring. There is too much good stuff here for it not to happen. With networked chips you need never again forget who you met at that party last night and will always be able to tell how many handshakes away you are from Elvis or other personal God-figure.
3. anonymous
Yes thats all very well having a silver metal password book, but surely you would want to keep the information secure.
So what you would have to do is to make it electronic, with, wait for it......
a password to get into it.
4. anonymous
Somewhat scary that a reader should advocate the chipping of humans.
Let's face it the temptation to misuse such a facility. He must have gone to the same school of control freakery as Tiny Blur
5. David Fletcher
I've said it before on this list, and I'm saying it again. The day I can have a chip to identify myself, I'll be in the line to get one.
All the silly bits of plastic in my wallet are merely duplicated methods of identity, and I will be overjoyed when I can replace all of them with a single secure means of identity, linked to all my memberships for library, gym etc., my visa and bank accounts, driving licence, and of course it will also replace my passport.
6. anonymous
It is only 60 years since the last World War and even less since other bloody conflicts. If the average UK citizen believes that it is peace from now on and that governments can be trusted to act in the citizens’ best interest then they are mistaken. Governments cause wars and any steps taken to increase their powers should be resisted at all costs. ID cards are just such a step to increase government control over us and take away our liberties. Say no to ID cards.
7. anonymous
There are great products out there to solve the problem of remembering passwords, it's just you hardly hear about them. A good example of this is Text Independent Voice verification, where no passwords or usernames are required, just say whatever you like and you will be recognised.
8. Mike Oldman
Humans identify other humans by a sort of fuzzy logic: facial characteristics, eyes, voice, height, bearing, movement characteristics, mode of speech, preferences etc. At the end of this we get a probability that the person is who we think they are. Then depending on the importance of the intended interaction, we accept the match or seek other confirmation.
Eventually machines will have to use a similar process. This would allow for a "fail" on one parameter, provided that there are enough matches on other parameters, again depending on the nature of the transaction.
As to the actions of mendacious governments, we need to find a way of keeping ID independant of government. Perhaps this can be achieved by having the different parameters under the care of different independant agencies? ie. Not one but many master databases.