Things that I own or subscribe to that I can access without a password: the books on my bookshelf, the magazines that arrive in my mailbox, the radio on our kitchen counter, the cable service on our television, our landline telephone, my DSLR camera.
Things that I own or subscribe to that I must access with a password: almost everything on all of my computers and all of my mobile devices.
The Security State
This is a big problem, and for lots of people. Over the past few months, while working on various projects, I’ve seen computer users of all levels of expertise struggle again and again with remembering their passwords. Part of what I’ve been doing has been helping people install test versions of software, and doing so always requires signing into this or that and accepting this or that invitation and plugging into this or that computer or updating this or that software.
To do these things, nearly everyone I’ve worked with in this capacity has had to take pause and reach back into their brains to come up with their Apple ID or their TestFlight password or something else. There’s always a moment of suspense when it’s not clear if they’ll be able to produce the right credentials. Often they come up with the wrong ones, have to try multiple passwords or even multiple user names, or consult terribly non-secure caches where they’ve written down this information. It’s painful to watch.
The preponderance of digital credentials that are required of us daily is clearly already beyond reasonability, and yet there’s little apparent interest in this problem. Apple’s iOS would seem to be the single best hope for amending this situation — it’s the freshest start that we’ve had in decades, the first one in a long time that allows us to rethink the protocols through which humans and computers interact with one another — and yet neither my iPhone nor my iPad are shy about asking me for passwords, again and again. Worse yet, there’s virtually no password management solution built into its mobile Safari browser — that would be the minimum requirement to demonstrate that the company cares about this problem, but it would still be far shy of integrating a 1Password-like solution into the fabric of the operating system, which is truly what’s necessary in the short term. Long term, we need a complete rethinking of credentialing, but there’s no sign of that at all yet.
Everybody seems to agree that this is a problem, and yet no one is interested in it or sufficiently motivated to protest, much less create a solution. I just don’t understand why this is the case.