The tyranny of passwords

17 February 2012

How many passwords do you have? No, wait. Let me guess. TOO MANY.

Why? Because every company in the world has their own password rules.

At least 11 characters. At least one special character. At least one capital letter. At least one numeric. Faaaaaaaaark!

Take online banking for example. I experience deep pain and frustration during the endless stream of password confirmations and OTP’s I’m confronted with.

Life has regressed to simply emailing my banker and requesting transfers or bank statements. Like in the dark ages.

I know why it happened. The stupid people of the world had their way.

In the beginning passwords were simple and the grass was green and the world was safe and God said, “Let me rest.”

And then someone had his bank account “hacked” by a “genius” that guessed the password. Who knew that a birthdate or dogs name or favourite EPL side would be guessable? Money gone. Angry customer. Bank embarrassed.

Result:           New rules to protect the stupid people.

Fast-forward to today, we’re so busy protecting the stupid people from themselves that we’ve made our applications useless. It’s so damn difficult to log in that we’ve simply disengaged.

Screw the password rules. If I want to use 12345 as my password, so be it. If my money gets taken, that’s my problem. Forcing me to use gobbldyGOOk123_snoopdog is not the solution. Its the problem. It creates a false sense of security.

The hackers will get through my password if they really want to. Check out this story, http://www.guardian.co.uk/technology/2012/feb/03/anonymous-hacks-call-fbi-scotland-yard.

Crazy scary.

The truth is companies and regulators implement labyrinthine password rules to protect themselves rather than their customers. http://www.google.com/support/forum/p/gmail/thread?tid=601e415f3cae4aa7&hl=en

Who will be the first to change the game?