Passwords have outlived their security effectiveness and are no longer a user-friendly solution.
Passwords. We all know they have to be there to keep the data we put online safe – but everyone hates them, and as more and more aspects of our lives have become digitally governed, the problems they bring have got worse. Not only do we need them for growing numbers of accounts, but there’s increasing pressure to make them more secure by introducing kooky characters or making them longer or more random.
You know the story, I’m sure – agonising, after two unsuccessful attempts to log on, over whether it was the one based on your childhood address or the dog’s name, the version with the capital or lower case P, an ‘&’ or a ‘@‘ substituted for the ‘a’; eventually opting to admit failure and hit FORGOTTEN YOUR PASSWORD?, only to be obliged to think of yet another unused, hard-to-hack variant.
Yet we are awash with the things. Dashlane, a password management company (yes, a firm that simply manages other people’s passwords is now a lucrative business model), recently surveyed its own customers and found they have an average 130 password-protected accounts. We’re told not to write them down, but I suspect that most of us do, guiltily, knowing that we’re putting our security at risk if the list falls into the wrong hands, but also well aware of what will undoubtedly happen if we don’t keep a note somewhere. But if password management is a challenge for people of working age, who have after all spent much of their working life in an increasingly computerised environment, it’s potentially much worse for older people with less confidence in their ability to use a laptop, iPad or mobile phone – particularly if they are struggling with memory loss.
Computer says no
The problem was brought home to me by a recent experience with my mother, who is in her mid-80s. She has an iPad, which she uses for emails and other bits and pieces, but she has a somewhat nervous relationship with the internet, so we went round to help her set up an online grocery delivery. The iPad was misbehaving, so we started by installing a raft of updates – only to be asked for a mysterious password which must have been introduced when we bought the thing but hadn’t been needed since. We eventually tracked it down by phoning my brother in Spain.
That was not the end of the computer saying no, however. We lined up the inaugural grocery order with a misplaced sense of achievement, only to find my mother’s credit card verification repeatedly rejected at the online checkout. Once again we resorted to the phone, this time to the card issuer – who refused to speak to me until my mother had provided digits from a security password she had no idea about. The customer services person at the other end of the phone was able in the end to lift the block on the card after she asked instead for memorable information. But it was a genuinely traumatic experience for the whole family and particularly for my poor old mum.
I asked Angela Clifton of Saga, which targets the needs of the over-50s, if she had any suggestions to help people finding it difficult to keep on top of their ranks of passwords. She commented: ‘The most secure passwords are those which consist of three random words, although these may mean something very significant and are therefore memorable to the account holder. For people who struggle to remember the wealth of passwords we’re now expected to have, it may be a good idea to use the same words, but to add different letters at the end which are linked to the accounts they are trying to access.’
Yet the bottom line is that passwords don’t even do a particularly good job of keeping our information safe from prying eyes. According to a 2017 report from US telecoms firm Verizon Communications, insecure passwords cause an estimated 80 per cent of security breaches.
The good news, however, is that the campaign to do away with passwords is well under way, and that the replacement technologies, involving facial scans or fingertip recognition, are likely to make life easier. Thus smartphones now allow people to use fingerprint technology, not just to unlock the phone but also to access certain apps, including those of some banks. I bank with First Direct and can check my account and make payments on my phone using just a thumbprint.
Apple and Google are among the tech giants that have been working hard to undermine the tyranny of the password, while Microsoft announced in February that the new version of its Windows 10S operating system will not use passwords in its default security process.
Clearly the consensus is that passwords have outlived their effectiveness as security barriers and are no longer a user-friendly solution. Their days are numbered; let’s hope the technology that replaces them works better for us all.