May 14, 2002
Did you ever forget your house key? ... Let's take five with Moira Gunn. This is "Five Minutes".
How many times have we all been admonished to regularly change our computer passwords? And change them into something totally unrecognizable, and therefore hard to remember?
We are also told: Don't write it down. And if you do write it down, put it in a remote, safe place. Otherwise, someone could find it and use it, completely defeating the purpose of all this security.
What is typically asked for is some obscure combination of upper and lower case letters, interspersed with numbers and a few special characters like a dollar sign or semi-colon. I can't remember these strange sequences for the life of me. And my habit of writing them down on a sticker glued to my screen is akin to hanging my front door key on a hook next to the doorbell.
But I'm staunch on this point. Any technology that requires humans to behave like we're not human is never a workable solution. The tail is wagging the dog here, and we're the dog.
--
There's been lots of effort put into better ways of maintaining security, in addition to the new biometric devices currently on the horizon. And as far as I'm concerned, that's a good thing. For biometrics to work, the system would have to recognize my thumbprint or my iris, and the fewer computers who know this, the better.
These other approaches are generally graphical. You're shown a complicated picture - an Escher-like drawing or a mosaic of tiny photos. Your password entails clicking on a selection of points on the screen in a certain order.
Now, I personally have a much better shot at remembering a sequence of graphical cues. And if I wrote them down, I would be writing down a reminder, not the password itself. A cyber-thief would have to interpret what I meant by my notes.
But if the operating system placed all our cursors at exactly the same starting point, and no one could be bothered to move the cursor all over the screen, our passwords might still become pretty predictable.
--
Other approaches to the password challenge are like video games. You start up your computer and find yourself somewhere in a virtual neighborhood. Then you navigate your way to where your password is stashed, and you're in. This one's perfect for people with lots of time on their hands.
Now, let's get to the Computer Science of it. How well any of these forays into new passwords will work is still an open question. How rich do the pictures they show us need to be? How many options do we need to choose from? Are we predictably attracted to particular areas of the screen? And the true test - in actual operation, do the systems end up being more secure, or less?
What I have to say is pretty simple, and it's not all that different from what I said about the locks on our front doors. A lock doesn't do much in the presence of intent and opportunity. And I still need to get in and out of my home without a lot of complexity.
It's time to stop trying to make trickier locks, and start thinking about the big picture. And something else is a given here.
We are now, and will always be, human.
I'm Moira Gunn. This is Five Minutes.
