Dreaming of a world without passwords

Jon Honeyball wants a better, more secure and more convenient world

I'm so tired of passwords. So tired, indeed, that I don't use them anymore. For my phone, I use a fingerprint. Since the latest releases from Apple, my Watch unlocks my desktop and laptop computers. If I find myself in front of my Microsoft Surface Book, and it hasn't crashed yet again, Windows Hello decides my security credentials by looking at my ugly mug (that's my face, not the steaming cup of heavyweight coffee sat on my desk).

Advertisement - Article continues below

When I visit a website that needs a password, my constant companion Dashlane rushes in to fill out the details for me. If I sign up to a new website, it helpfully generates a complicated random password and then saves it. I have no meaningful idea of what most of my passwords are, because they're all different and look like "Xf65Ty!uP43XTyI108Yiop", or something equally memorable. Of course, I have to rely on Dashlane not imploding and taking out all of my passwords, but then the "password recover" feature works on most sites, most of the time.

The more sensitive sites have two-factor authentication. So my phone beeps with the result of an incoming SMS message, which I tap in to prove it's really me. All sites should offer this as a matter of course. That they don't shows how incompetent their HTML hairdressers are and how little they value my information. What's that? The regulator doesn't care either? Apparently not, given how it doled out a 400k fine for the loss of 157,000 customer records from TalkTalk. Had I been one of the affected, I'm not sure I'd be reassured that my data was worth a couple of quid in the eyes of the law.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Which brings me to a function in Dashlane that I really like. It's called Password Changer - and yes, it changes passwords. Choose the item in your password/website list and hit the button. Dashlane logs into the website, enters your current details and updates the password to a stronger one, which it then puts back in its encrypted store for you.

Simple? For sure. Useful? Most definitely - if you have a weak password on a site, it can sort it out for you. Feeling a little vulnerable on a rainy Monday morning? Go change all your passwords. Remember, you didn't know what each one was before, and you don't know what they are now. But they've been changed, so any leakage has been rendered less of a worry because the leaked data is now, hopefully, invalid.

However, this magic trick only works on websites that Dashlane has managed to reverse engineer. And then it struck me - surely any decent website should expose a standardised way in which third-party tools can change the password? Not just Dashlane, but other password managers too? Not just those websites that have been rectally examined, but any and all. Wouldn't that be useful? We could then help push forward with the move to password managers, taking away the big bag of stupid salty water using "MyBabyIsCalledDavid" in the mistaken belief that absolutely no-one would ever guess that, and make passwords a truly disposable thing.

Advertisement - Article continues below

Wouldn't it be quite fab if I could set my password manager to carry out this change on all of the websites on which I hold accounts? And to do it automatically too? How about once a week? That way, I could be reasonably sure that a mass accounts database leak onto a memory stick in the jeans pocket of a disgruntled hipster employee with a topknot will get knocked into touch within a reasonably short timescale.

Oh, but there's one problem. We need the web world to come together and make it so. And that, dear friends, is not going to happen. This is an industry that took a passably good idea by a scientist at CERN and turned it into one of the nastiest, most opaque, badly designed and badly written pieces of nonsense ever foisted on the public. And then we have the web browser companies that can't even seem to get around the table and decide how big a piece of text should be, and where it should be placed on the page.

Advertisement - Article continues below

The idea of anyone, anywhere, bringing forward a useful API that is consistent, easy to program, easy to use, reliable, cross-platform, and which doesn't make you want to smash its face in within ten minutes, is not particularly likely.

Meanwhile, my data is worth the grand sum of 2.55 in the eyes of the regulator. When it's 255 or, even better, 2,550, someone might wake up and start to take this stuff seriously. There are a range of solutions out there, and some good thinking. It's time they were put to productive use.

Jon Honeyball is a contributing editor to PC Pro. He doesn't have enough hair for a hipster topknot, so you can definitely trust him with your data. Send it to jon@jonhoneyball.com

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020