Stop the Madness: Password Proliferation
The growth of the internet has been blamed for a good deal: the decline of conversation, an explosion of pornography, and even the re-wiring of the human brain. But perhaps the most egregious crime is the proliferation of passwords required to navigate one’s everyday life. From newspaper subscriptions to checking accounts to all flavors of online retail, we’re relentlessly prompted to create and remember passwords. Each site has its own rules around the length, capitalization, and the number of special characters permitted (or required). Effectively, we’re reinforcing a system that trains people to create passwords that are hard for humans to remember, but easy for computers to guess. And if you work in an enterprise IT environment, Sharepoint and Peoplesoft will cheerfully remind you to recall and re-enter those passwords again and again as Draconian settings time out within minutes.
And guess what — it’s not working. This week SplashData released the top 25 passwords of 2012 — and once again, “password” topped the list. It’s easy to mock passwords like “123456” and “abc123” (although I like the vaguely paranoid “trustno1”) but the fault is with the system, and not the users. The proliferation is unmanageable, and leads to people either using the same password for everything or keeping long lists in Google docs and sticky notes — exactly the kind of data insecurity passwords were designed to prevent. Password management services like LastPass and 1Password address this need, but have yet to see widespread adoption.
So, what’s the answer? Within the enterprise, it means tackling single sign-on, which is challenging in any organization with large legacy systems. Web applications are relying heavily on social network integration before smartcards or retinal scans obviate the need.
And as passwords get harder to manage, Facebook has cleverly capitalized on this pain point ever since it launched Facebook Connect back in 2008. I’d never want Facebook feed to allow Spotify to display my dubious taste in music, but I was damned if I’d create yet another password and defaulted to Facebook login. Innovations like the news feed in 2006 and acquisitions like Instagram in 2012 are often cited as drivers for Facebook’s success. Perhaps we’ve got it all wrong: the creation of Facebook as a seamless password management system with a social network on the side may have been the cleverest innovation of them all.