Must Read: First Windows XP now Exchange 2003: What happens when the clock stops on support?

Topic: Social Enterprise

Let's get rid of usernames and passwords for good

Summary: Username and password combinations are old, outdated, confusing and often taken over by other tools. Can the next-generation inspire a solution to this?

Zack Whittaker

By for iGeneration |

Usernames and passwords annoy me. Expert advice says to have a different username and password for various services, but the amount of subscriptions, email accounts, social networks and other sites we subscribe to can run into the dozens, if not hundreds.

Password managers help, and single sign-on solutions for an array of sites are useful, and devices like smart cards and biometric devices save us remembering a whole array of combinations. But what if you're away from your primary computer? You still need to remember all of the sequences and mishmashes of letters and numbers whether you like it or not.

Facebook Connect has helped me out greatly. On my home computer, I never sign out because there's just no point as nobody else lives with me (thank God), and on my office computer, I always lock my screen so again, no need to log out. With this, it means I can not only sign in straight away to supporting services but it means I can cut down on the number of user names and passwords I need.

Perhaps it is time we worked on a new system. No longer should be need to push the "forgot your password?" link, or have to look up a long list of passwords in the filing cabinet, or even have to rely on a browser to take the workload for us. There needs to be a solution.

OpenID has the right idea, but it works in a similar way to university federation services and doesn't really share any unique factor. Even CBS Interactive sites like ZDNet, TechRepublic, and BNET have a good idea by sharing the same login details across sites so you don't need to re-register. But again, this isn't enough.

I'd like something to change but simply don't see a system being implemented which wouldn't cost about a zillion dollars. For now, this thirty-year solution may have to stick with the byline of "if it ain't broken, don't fix it". Then again, Google thought e-mail was broken when it brought out Wave...

How would you fix it?

Topic: Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

52 comments
Log in or register to join the discussion

  • Common sense & best practices

    First off social networking sites are a DISASTER waiting to happen, private data into a public domain that is used by someone else for their benefit.

    Second, these sites are used by fools who have no idea of the ramification of putting their private life's history to be sold and exploited.

    Lastly, if I want to speak to someone or communicate it is NOT by chat/email or other electronic means. I will do it in person or by phone.

    People have lost all art of communication and writing, what happened to hand-writing a letter, email is for work or other purposes not to live by and the silly social networking sites.

    All of it is nothing more than a Trojan horse with fools laying down their guard to later be invaded by. Plus you cannot erase the data from these sites because YOU do not own it any longer!

    ;)
    linux_kernel
    Reply Vote

    • What happened to the art of a hand written letter.

      You might as well ask whatever happened to the art of Jousting or Calligraphy, or Chariot riding.

      Things evolve.

      My 3rd grader is busy learning the dying "art of cursive" while she SHOULD be learning how to type at school.

      Instead, I am teaching her that useful "art" while keeping holding my tongue on the archaic usage of cursive writing.

      Bodazapha
      Reply 1 Vote

      • I have to disagree

        Have you ever held a hand written letter that is from a Parent/Spouse/Relative that has passed away? It is much more meaningful than an email or typed letter from that same person.
        I have only a few of these types of letters, but they are very precious to me.
        Just saying....
        An Apple a Day
        Reply Vote

        • Agree with your disagreeing

          Yup, the same thing with other non-digital artifacts, like photos. I have a
          shoebox of my late mother's photos which I see every now and then.
          Some of them almost 100 years old. When I die, my children have tens of
          thousands of inaccessible photos on my dead computers hard disk.
          kisap
          Reply Vote

      • Typing in 3rd grade?

        I thought they taught that in 1st grade, before you could go into the computer lab. Handwriting is important. People will not always have a keyboard handy when trying to document or communicate. But maybe teaching it as calligraphy would yield better results. Learning horseback riding is important too, but more for a childs safety now than as a tool of transportation. Jousting? I don't know, depends on your neighborhood.
        mcsystemsgb
        Reply Vote

      • re: hand written letter...I feel sorry for your kid...

        Are you kidding? Cursive writing is suddenly archaic? Are you also telling your kid to avoid speaking to or making eye contact with others, as text, e-mail and IM can do it more efficiently? When did you conclude that the retirement of the "personal touch" equates to evolving?

        Do you think it'd be alright if she at least learned how to sign her own name? You know- in case she ever wants to buy a house or a car?
        ddferrari
        Reply Vote

        • Time to let go

          I was born in '88 (21 now) and learned cursive
          writing in grade 3/4 (I think). The only thing
          I've used it for since then is my signature,
          which is really just 3 large letters and some
          scribbles between them. Would have I been able
          to come up with a signature without cursive
          writing? Yup, no problem.

          Personally I hate cursive writing. Everyone's
          looks different and many (if not most) peoples'
          writing is difficult to read. I can't count the
          number of times I've had to ask my father what
          the $%&& a certain word means. If he had taken
          a tiny little bit longer and printed it legibly
          I wouldn't have run into a problem.

          Schools really need to stop teaching cursive
          writng, printing is much more useful & clear
          and typing is far far more useful in today's
          world. As time goes on there are more and more
          things kids need to be taught and something has
          got to be cut. Why not make it that useless
          waste of time that most kids hate doing anyway.

          Heck, I was never even taught how to type; I
          just picked it up. I'm sure if my school had
          been teaching me typing instead, I'd be able to
          type much faster and make fewer typing errors.
          It might be too late for me, but stop wasting
          these kids' time with something they'll never
          use.
          Atlantic13
          Reply 1 Vote

    • Agree 100%

      nt
      wackoae
      Reply Vote

  • Username and passwords are the only....

    true secure way to protect data. Just because people tend to use weak passwords or use the in a less than smart manner doesn't mean they aren't still the best form of security. I don't trust SSL and certificates. They are being hacked because of weaknesses in the technology.

    My own ability to secure my data makes it more secure than any other form of security. Strong passwords with failed login policies make my network as secure as it can be.

    Secure your data any way you want. Just expect it to be hacked.
    bjbrock
    Reply Vote

    • What you know or have...

      is the only security mechanism there is. It has worked for millennia.
      Physical and cyber locks are only secure against honest people. Oceans
      11 is an example how determined thieves can bypass physical systems.
      The same is true of skilled and determined hackers getting into almost
      any system. Money is a powerful motivator. That's why banks get
      robbed and computers get broken into. A crook can steal thousands
      with a gun, but nowadays can steal millions with a computer. Robbing a
      bank can get the crook of bullet, but using a computer is much safer.
      arminw
      Reply Vote

    • Expect your data to be hacked...

      I like that. In fact, we designed ThreadThat.com with exactly that in mind. Every bit of data users enter on or upload to the site is encrypted using AES256. If you want to be sure only your invited parties can read what you write, use secret threaded conversations protected by passkeys. This site was just launched on November 1st. Please have a look. It's free (for now at least). https://www.threadthat.com
      mr_S54
      Reply Vote

  • RE: Let's get rid of usernames and passwords for good

    If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.


    -Bruce Schneier
    Josh_D
    Reply Vote

  • Let's get rid of usernames and passwords .... they are too difficult for me

    That is what the headline should say.

    So because you are too dumb to remember a username and password, we should all have to suffer the consequences of bad security, data leaks, loss of privacy, etc.???

    Oh, please spare us from idiocy. Show me a single, low cost solution that can do better than a good username and password ... then we talk.
    wackoae
    Reply Vote

  • RE: Let's get rid of usernames and passwords for good

    Some very interesting and enlightening thoughts about technology here. One of the things I'm afraid we lose by depending too much on technology is the basic human interaction. We go from face to face conversation to phone calls to voicemails or from written to email to IM and think we don't lose anything in the process. When I taught HS Math, I limited use of calculators to make sure they know how to add, subtract, multiply and divide. Now I interview college grads who have trouble with these grade school skills. It's time to rethink, technology is NOT the saviour. At best, it's a mixed blessing with lots of hazards.
    BTW... User Names and Passwords work just fine.
    eweingartner@...
    Reply Vote

  • RE: Let's get rid of usernames and passwords for good

    The headline itself is the answer.

    Let's get real. We're already down the slippery slope.
    Anyone who thinks they have any real privacy or anonymity
    left is just deluding themselves. That goes for any so-
    called online "security", as well. "Security is no more real
    online than it is offline.

    So let's do away with the the notions of privacy and
    anonymity. The world online will know you as you.

    So, let's be who we really are and realize there are
    consequences to that... just as there are in the "real" world.

    And let's make identity theft a capital crime. At the very
    least, it will help cull the gene pool by getting rid of
    "stupid" smart people.
    JonA_z
    Reply Vote

  • RE: Let's get rid of usernames and passwords for good

    Not about Twitter, etc., but generally speaking, the computer world has gone totally crazy about about passwords. A password to access a help system? Makes no sense at all, and just adds to the frustration of dealing with new hardware and software. I sometimes think that the purpose of some online "help" systems is to sell books--viz. M$ W7.
    Allen
    AllenT_z
    Reply Vote

  • ZDNet First

    I had to sign on to enter this reply. Let's see ZDNet figure out who I am on whatever computer I use to post this reply and then we'll talk.
    cwallen19803@...
    Reply Vote

  • Passwords etc.

    Perhaps the fingerprint reader? If it could be connected to online services then simply supplying my fingerprint would allow me access.
    1101doc
    Reply Vote

  • The whole point...

    The whole point of separate user names and passwords for different "accounts" is to not have all your eggs in one basket. If somebody hacks into a portion of my data, they don't automatically get access to everything.

    What you seem to be wanting is exactly the opposite, some single identifier (whether "smart card" or thumbprint or cornia print or voice print or whatever) that is used to access everything. If somebody figures out how to replicate that, then they are you.

    Over the years, I have come to feel insecure about the equivalents of those we already use, i.e. Social Security Number, mother's maiden name, high school I graduated from, etc.. IT seems that every site I need a password to access also wants me to answer a slew of "security questions" so I can use these to gain access if I forget my password. The problem is, if I give those answers to all of these sites to store in their databases and be stolen, then they really aren't secure any longer.

    So, I disagree with the idea of getting rid of user names and passwords because my ability to change these things on a whim is the only real security I have. Too difficult? Do you leave your house open because it is too difficult to unlock the door when you get home? Do you leave your car running because it is too difficult to start it when you want to go somewhere? The biggest product of technology seems to be that it makes what used to be considered a simple task, now seem "too difficult" to perform.

    And by the way, linux_kernel. You are an idiot. I see you have a feedback entry in every blog, and not a single one even relates to the story you are giving the feedback on. Get a life!
    *Gman*
    Reply Vote

  • Touch Screen Solution

    Fingerprint scanning combined with use of thermo-technologies.
    chasmosaur
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close