Passwords are one of the worst user interface problems that has been imposed on every-day people. The problem is worse if you use a computer but even if you don't you are forced to remember more and more random charecters for voice mail, bank machines, movie rentals, video games and of course most websites.
Why are passwords bad?
- First off passwords are not really secure. Passwords have been broken for years and even when users are encouraged to pick words with numbers and special charecters many people end up choosing weak passwords. A computer can crack many passwords in a few hours using a dictionary search.
- The number of passwords needed today encourges people to use the same password for multiple systems. It's too easy to compromise password security. In other words I can ask you to sign up on for something free on a website and many people are likely giving me the combo to their bank account.
- Users tend to forget passwords.
- Users are asked to create passwords for information that they may not care to make secure. I don't need a password to read the wall street journal in print but I need a password to read it online?
Ok maybe I've coninced you that passwords aren't the best thing in the world but how do you fix it? Many people take a technical view of things.... including bio-metrics, face-recognition, fingerprints, RFID, and other electronic wizardry.
It needs to be easier.
Let's take a simple example. I visit an ecommerce site and find something I like. I add the item to my shopping cart and proceed to checkout. But wait! I can't simply enter my credit card, I need to choose a user name, enter all my personal information, pick a password, confirm my email, re-enter my password, read a end user liscense agreement, choose a billing address, choose my shipping address, and in some cases give up my first born. No wonder conversion rates are so low.
Why are there so many steps?
- The steps in such a process are caused by programmers who like to quantify users as if they are data. They want to know how often you visit, how often you buy and what they can do to make you buy more. Programmers believe that if you have a username and password then they can store your address, telephone number and credit card in a database and save you time when you decide to order from them again.
- Imagine if every shop tried to do this sort of thing, before walking into a store 24 you have to fill out a complete personal profile.
What happens when you forget your password on a website. You click the "forgot password" link and the website resets your password and sends you an email. The transaction is almost instant and within a minute you're logged into the site. For all intents and purposes you didn't use a password to login. You relied on your email as a master key. Now imagine the same transaction with something a little more instant then email.
You go to a website and enter your email address. The server checks to see if you have an account. If so it sends a secure instant message to your computer and you get auto-logged in. If you don't have an account it sends a different IM to your computer asking it to generate a unique password for that website. Your identity is connected directly to your email address and since your IM can travels on your cell phone, PDA and labtop you don't have to use passwords.
In another example, I walk into a bank and swipe my card or enter my email address. The bank sends an instant message to my address. My cell phone gets the instant message and uses bluetooth to verify both my location and my identity to the bank.