Imagine going into your favourite gift shop, perhaps one you visited at some point last summer.
After much browsing, you pick a few carefully-chosen knick-knacks and take them to the till.
As you’re about to pay, the assistant asks you for your email address, so you grudgingly offer up some mouldering old Hotmail account.
She then asks you what colour shirt the shop assistant who served you last summer was wearing, informing you patiently, but firmly, that until you can drag this information from your memory, your purchase will be forever incomplete. What’s more, she warns you that if you look as if you’re guessing, you’ll be promptly marched outside by security.
While this would never actually happen in a bricks-and-mortar shop of course, we’re subjected to it continuously in the online retail space.
Standing in the way of every online transaction, the words “login or register?” demand two of the most cherished pieces of information in your possession.
The first is for an email address; effectively a licence to distract you from your paid employment, wake you up in the wee small hours with a humorous sound effect, and enrol you in the digital Russian Roulette that is modern spam. And most of us have been around long enough to have the email equivalent of a Motorola flip phone in a bottom drawer.
The second demand is for something far tougher – the dreaded password.
Staring into the oncoming headlights, you do one of two things. Either blurt out a password you can remember, or make something up on the spot.
As a result, you’ve either just told a brand new acquaintance the password to a whole sheaf of your online accounts, or you’ve just condemned yourself to trying to remember exactly what shirt that shop assistant was wearing last summer.
It’s getting bigger
Simply put, we’re all drowning in passwords.
At the last count, I currently use something in the region of 90 online accounts, with more than 20 devices around the house and a further 20 sites at work, all of which need credentials.
And I’m probably behind the curve; a survey from two years ago suggested that the average UK user has around 118 accounts.
Of course a large number of these accounts are there to let you watch dancing hamsters, or make enquiries about tractor engine construction in the 1960s, so not everything requires a high quality password.
The problem’s about to get much worse though.
Right now we pay our taxes, manage our fuel bills, and enrol our children into school online, all of which requires a username and password. In five years’ time many of us won’t be able to change our house’s thermostat, start our car, or even open our front door without somehow identifying ourselves to a computer.
Over the course of the next few posts, I’ll be taking a look at the mythology and truths behind those little black dots which hide the precious letters, digits and, of course, at least one special character.
This is a Security Bloggers Network syndicated blog post authored by Ian Harvey. Read the original post at: Data Security Blog | Thales e-Security