A simple question about logins

More secure passwords are hard to remember.

Memorable passwords are easy to crack.

All passwords should be unique (one for each site/service).

Why the heck, in this day and age, are we still attached to the password? I’m sick and tired about hearing stories of mass password dumps from popular websites, of having to deal with people relentlessly trying to guess my password on different sites (and having to deal with the fallout). I’m fed up with having to have a password manager, of trying to remember so many different pieces of information, of feeling constantly jeopardised if some major site announces another leak.

The industry has resolutely failed to tackle this properly. We have half-baked ‘solutions’ like password managers and two factor authentication. We end up with identity managers: Persona, OpenID, Google and Passport come to mind, but these ultimately fall foul of the same password issue as before: you still need a bloody good master password.

Why is my device not authenticating me directly – Web of Trust and all that? Whatever happened to all those fingerprint scanners on laptops – did they not work? If my tablet, laptop or phone can absolutely confirm my identity, that should surely be available to all services and sites that I use on that device – just a thought. This is not a new idea in enterprise networks.

I might not give the ‘right’ solution (I have ideas), but I can observe that I think the current one is wrong. We continue to be failed by a lacklustre and ultimately lazy industry. Every time I see a relative or non-technical friend struggle with passwords, I despair. We collectively need to find a solution that will once and for all rid us of this awful mess of passwords.