Passwords Bad

A particular embarrassment is the wide spread use of user names and passwords for pretty much everything we do with computers these days.

See More Serious Breach for real bad.

Passwords were well understood to be inadequate since the '60s, well before the proper cryptographic solution was uncovered a decade later.

The problem is that pretty much anyone can write a program that says, "you must enter your user name and password to continue". No matter how careful you are, if you have work that has to get done, you will type in your user name and password.

Aside: one use to start windows by typing ctrl-alt-delete. This was a hidden master reset that would abort any running program. Microsoft made this part of the startup process to protect users from fake logins which were rampant even back then.

We might ask, if user names and passwords are known to be a bad solution, and good solutions have been known since the '70s, why do user names and passwords continue to exist? Once again it is economics.

Any kid can start an online company. If one in a thousand happen upon something with some uptake then they can get some investment and have a shot at the big life. How do they show uptake? By their count of issued user names and passwords.

It use to be that an entrepreneur had to show that someone will get out their wallet for your product. Now it is sufficient to show that they will go through the registration/login sequence (which everyone hates) to start a relationship. The investors love this because the registration can be tracked in a way that cash couldn't.

Quinn Norton has written about his sorry state of affairs recently. See Journalist's Hypocrisy

I grew up with nightmares of mutual assured destruction so all this is really small potatoes. It is a subject that I follow which has led me to write about it here.