The day of the password is done

With so many Web sites demanding passwords, no one, but no one, can really be expected to remember all the ones they need

When the popular Web site Gawker was hacked into recently, more than a million user IDs and passwords were released. If you were one of the people compromised that's annoying -- very annoying. Not that it's a big deal that someone could log into a gossip site under your name. But many of those people used those same IDs and passwords on other sites that are a wee bit more important, such as LinkedIn. Now, that's a problem.

What should you do about it? Well, I could tell you that you need to use different passwords for different sites; that you need to pick passwords other than that all-time favorite, 123456; and that you should change your passwords every month for every site. I'm not going to, though. It's all good advice, mind you, but it's also all pretty darn useless.

People never have, and never will, use good security practices. After more than 30 years of working with networks and security, I'm ready to give up on trying to get the general public to do the right things to keep themselves safe. In a company, it's a different matter. It's a pain, but if you keep at it and enforce the rules, eventually you'll get most of the people to do the right things most of the time. But people at home? It's not going to happen.

Besides, there's another issue here. At work, people need to recall, at most, two or three IDs and passwords. If you do single sign-on right, all they'll need is one. On the public Internet, though, people have to remember their IDs and passwords for their bank, Facebook, Twitter, school, Gmail, phone, electric, 401(k), LinkedIn, Computerworld and countless other accounts.

Who can manage to remember dozens of IDs and passwords for dozens of sites? I'll tell you who: no one.

I can't do it, and I'm blessed with a good memory for random alphanumeric strings -- you really don't want me to get a good look at your credit card number. If I can't do it, no one who isn't blessed with a photographic memory can do it.

What I do is keep a long list of user IDs and passwords in my head. Some of them I use only on trivial sites such as Gawker (though I don't have an account there). Others, I keep only for important sites, such as LinkedIn. And a few I save only for vital sites like my bank. Those last are tied in my memory with a specific site. So, for example, I have one ID and password for my health insurance site that I don't use for any other sites.

You can do a similar trick -- and this is security heresy -- by making a list of your account numbers, IDs and passwords. I don't mean a physical list, though. Make the list on your computer, encrypt it with a program like TrueCrypt , which can handle Linux , Mac OS X and Windows; AxCrypt , which is Windows only; or FolderLock , another Windows-only program.

You also really should use "real" passwords. No "123456" or "abcdef;" no "password" or "your_user_name" or "my hometown" or "favorite sports team." Those kinds of passwords are so easy to break, they barely count as passwords.

If that option doesn't appeal to you, I've got another one: LastPass . This program runs on all the desktop operating systems that matter and the major smartphone operating systems -- Android , iOS, Symbian and Windows Phone -- as well. It will automatically capture your log-in credentials and then enter them into the site for you the next time you visit. So, go ahead and use JK1127MarvelFan4TossSaladed! as a password. You won't have to remember it, LastPass, the password manager, will do it for you.

While I'd rather it didn't store all these passwords in an encrypted form on the Web, LastPass's advantages more than outweigh its disadvantages to my mind. It certainly beats having your one real password to every system on earth available to anyone who hacks into any site that you visit.

The real solution, though, is to find something else to replace user IDs and passwords. I don't know what that will be. I do know that as we spend more and more of our computing time online at dozens of different sites, we have to come up with a better answer that will really work for people. User IDs and passwords simply don't cut it anymore.

Steven J. Vaughan-Nichols has been writing about technology and the business of technology since CP/M-80 was cutting-edge and 300bit/sec. was a fast Internet connection -- and we liked it! He can be reached at .

Read more about security in Computerworld's Security Topic Center.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityLinkedIn

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Steven J. Vaughan-Nichols

Computerworld (US)
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?