1 September 2014

Dear diary, please save me from passwords and PINs

I know I am not alone when I say that I loathe passwords! I seem to have hundreds of them (or truth be told a small handful for hundreds of websites). Passwords sit at the top my list of things to place in to Room 101, however, unlike other things in my life that I have an immense dislike of, such as cauliflower, I simply cannot avoid them. Or can I?

One afternoon a few weeks back I decided that I was going to try and go an entire day without using a single password or PIN and keep a diary of my experience. I knew it would be a challenge but truth be told on the day of the task I didn’t make it out of bed before logging on. A little dejected I decided to rethink my strategy and chose to monitor how often I used a password and a PIN, in order to see if my hatred is misplaced.

As I say, the day started with the alarm going off on my Google Nexus 7 at 6.45am, as usual I reached for the device and automatically entered my PIN to access it. Fortunately, I am already logged on to my email account and Facebook, so after watching a dozen or so ALS Ice Bucket Challenges (thankfully no nominations that day!) I ventured out for breakfast.

Latte ordered I sat down and logged on to the cafĂ©’s WIFI network to catch up with my corporate email account. Then it was a short walk to the office where I placed my finger on the pad of the biometric fingerprint reader (true this isn’t a password or PIN but it always takes at least half a dozen attempts before it recognises me).

Once at my desk, I open the laptop and it is CTRL+ALT+DEL and enter password. Already I had used a PIN or Password five times and it wasn’t even 9am. The rest of the morning was spent on the telephone, so the tally didn’t increase. However, all that was to change at lunchtime!

I remembered that I needed to transfer some money for a holiday so went on the HSBC website and logged on with my username, a secret word, my four digit PIN and then the six digits generated by my SecureKey. As I was setting up a new payment I then needed to use a SecureKey for a second time. Of all the things I ‘own’ I think I like this the least.

Having fifteen minutes left I remembered that I wanted to order a shirt (it was a bargain in the sale and an email I read in bed that morning said it was ending today). The good news was that it was available and in my size, but the bad news was that the site used Verified by Visa (or something like that) and as I cannot remember the last time I used it. As a result I had no idea what the password was. I made a few attempts but had to reset it and if you asked me now I would have no clue as to what it is, so I will have to reset it again in the future (that is if I decide to shop with them again).

2pm and it was back to work. I was sent an email about the latest issue of a German security magazine that had just been published. I clicked the link and surprise surprise, to read the pdf/ebook version I need to log in. As with my earlier online shopping experience I only visit the site every month or two, so I again made a couple of educated guesses but to no avail. But this time rather than persevere with a reset I decided to park the idea, get back to work and wait for the printed version to arrive in the post.

The rest of the afternoon consisted of pitching out a news story out to the media and one of the services I use requires a username and password. Fortunately, I know this one as I have it printed on a piece of paper on my desk! That said I did logon to corporate Facebook, Twitter and LinkedIn accounts to share the announcement.

At 6pm the working day done (the office-based part of it anyway) and it was off for a bit of exercise. I have recently changed gyms and it has an access control panel on the door that requires me to enter an eight digit code and the odds of me remembering now or in the future are slim. This is not a big issue as I have it stored in the notes on my iPhone. However, I have to use the code to get in, to get in to the changing room, to get back in after my workout and then to leave the premises. That is four times for the embarrassingly short gym session!

Finally back home after a long day, dinner cooked and I am delighted to report that I can operate the microwave without authenticating myself. So what did I learn? I realised that my hatred of the current methods of authentication that we are all expected to use is not unfounded. In many instances they put up barriers that caused inconvenience and frustration. What is more, my shortcuts of writing them down really isn’t great for the organisations that are expecting us to use them.

This was just one average day for one person, so imagine the amount of time and energy that is being wasted all around the world. Of course, I know that there are bigger things to worry about but, when you know that there are better way of doing things but are forced to use the same old antiquated approach it is just plain annoying. True I could boycott sites using passwords altogether but that would be cutting my nose off to spite my face. But I cannot help think that things must change and soon.

Author: Graham Thatcher, Winfrasoft Press Office

No comments:

Post a Comment