Obviously, whoever invented the password system was a jerk. And whoever started adding all those little rules for password creation is a sadist. Not the kind of sex-positive sadist with a flag for their kink and a set of consensual negotiation rules that ensure password creation is hot for everyone involved. No, we’re talking about the kind of sadist that simply likes watching people suffer as they’re told to add special characters, but not dollar signs or exclamation points because… reasons.
But our passwords are more than that. They’re how we prove that we’re really us. They are the cornerstone of our digital identities. And everyone wants a piece of them.
There’s a race on right now to control or reinvent our log-in processes. Companies are offering convenience and security in exchange for handing over critical pieces of our identities. You might call it a fight for the soul of our passwords.
MasterCard and Samsung have attempted “selfie security“, which was easily spoofed with photos. There’s big money being poured into biometric security research, where your device “reads” hundreds of different things about you, like gestures, sounds, and more. We’ll probably find out how it fails when we try to log in while drunk in our Halloween costumes.
Another entry in the verification race is fingerprint readers. Things like Apple’s Touch ID are fast and convenient – great for kids that want to place orders with a parent’s thumb when they’re sleeping or for police who want to unlock your phone without your consent.
Then there’s the password manager bonanza. These apps manage all your annoying logins. You should really get yourself a password manager. In a world so insane we need dozens of different passwords just to pay our bills, get and keep a job, and manage our health care, this particular security invention is a lifesaver.
Most security professionals agree: Everyone should be using one. Which is why the password manager market is getting crowded.
Of course, you can just let companies log in for you. When you choose to “log in with LinkedIn” (or Facebook, Twitter, or Google), that third-party gets permission to use your account information. It’s convenient, you don’t have to remember a password or expose it while you type. Sometimes, though, the third parties get extended permissions, like being able to alter your timeline. Occasionally they get caught abusing that access. It’s why you should always check your “connected apps” and clean out ones you’re not using, or don’t trust.
When you choose this route, it becomes Facebook’s responsibility to tell the site that yes, it’s you. Because while no passwords are actually exchanged, what you’ve really handed Facebook, or any of the others, is authority over your identity
At its recent F8 conference, the company announced developer release of its “Delegated Account Recovery.” Facebook presented its new tool as a solution to everyone’s headaches over forgetting passwords and the account recovery process. It will benefit people just beginning to use the internet, who may have Facebook accounts but not an email or phone number. Except you need an email address or phone number to create a Facebook account in the first place.
“ When you choose this route, it becomes Facebook’s responsibility to tell the site that yes, it’s you. Because while no passwords are actually exchanged, what you’ve really handed Facebook, or any of the others, is authority over your identity. ”
Basically, you’d connect all your accounts to Facebook, which would handle all the authentication for you. In the background, companies send tokens saying they’re legit login requests — taking away the need to verify your identity with individual sites and making Facebook the ultimate authority. Because the architects of identity control are so busy fighting for the souls of our passwords, we need to be moving the needle on the discussion. Away from corporate controlled convenience and toward empowerment: Tools of autonomy. At the very least, handing over account authorization to any company so bloodthirsty to gatekeep our identities should come with a warning label. A big one, about losing our souls.