Wednesday, April 14, 2010

Not just names - passwords are hard too!

I was driving home yesterday evening when NPR was informing me about passwords. Especially they talked about what we all universally know about. An average user (includes me!) has many many passwords to manage. As a result the user tries to find the easy way out - reuse the same password everywhere or create minor variations in the password. Naturally this leads to poor security measures. What can the poor mortal do when every site wants to hide behind a secure wall and require password!

NPR went on to talk about an elaborate research work done by Microsoft. Presumably Microsoft researchers saw an opportunity to encourage all users to just log into Windows and have bliss. See the Micrsosoft research paper here. The study is very enlightening to see that range of passwords users try out, the strength of such passowrds, frequency with which users change passwords etc. Mind you, the study is baesd on the selective distribution of the special application that the research team created to study user habits. One could have done this based on similarity of passwords on Microsoft's ID system - windows Live ID, or working with other such massive vendors - say Amazon.com, eBay.com, etc. The security and privacy laws will prohibit anyone from getting access to the secure password data.

Nonetheless, we live in a world we are governed to remember funky sequence of letters and numbers if not all the fun special characters we learnt as punctuation marks in elementary school. We live in a world, where the rate of proliferation of secure sites far outnumbers the capacity of human brain to remember various things. Let us hope that all the research yields better solutions. Say for example, my computer camera will look at me and instantly recognize that i am who i am. And perhaps the keyboard will recognize that I have the same old keyboard habit which makes me type errors in and use backspaces once every 5 or 10 characters being typed!

Till better solutions arrive, let us have fun remembering the funky passwords :)

No comments:

Post a Comment