Consumer Internet

More musings on passwords–solution needs to be easier as well as more secure

By February 12, 2013 No Comments

Last week I wrote about my frustration with passwords. A number of you chipped in saying you shared the feeling and a few of you suggested services that can help with the problem.

These services break down into two groups.

The first group run client software (maybe in the browser) and automatically enter passwords so users don’t have to remember them. They can also generate complex passwords that are hard to hack. I haven’t seen their numbers but my impression is that they are doing ok, but haven’t penetrated the mainstream. They have been in the market for a while. I started using one of them myself a year or so back but didn’t really stick with it. I think they are good services, but to use them effectively takes a bit of work from the user, who has to install the software on multiple devices (and it might not work on all their phones) and may have to pay for a premium subscription. My guess is that the money and effort is worth it for the people who most worried about password security, maybe because they have been hacked or because they place a very high value on peace of mind, but not for the mainstream. I haven’t named these services because I don’t want to be critical of specific companies (at least not when they are startups).

The second group can be classed as new approaches. PixelPin is one, Nok Nok Labs is another. Rather than work with existing text based password systems they seek to replace the ‘password’ dialogue box with another form of authentication. PixelPin asks users to remember specific points on a photo whilst Nok Nok uses smartphones to identify via voice recognition and fingerprints. Like the first group they are primarily focused on solving the memory problem, but they have chosen a different go-to-market route. Instead of going after consumers they are going after websites and services that ask their users to enter passwords. If the products are designed well this has the merit of potentially being simultaneously less effort for consumers and much more secure, which would be a massive step forward. They will, however, have to convince website operators to implement their systems. To do that they will have to on the right side of the cost/convenience equation for them too, although the calculations of the costs of existing systems should include the cost of replacing passwords and sorting out people whose accounts have been hacked.

So it all comes down to ease of use – either from the consumer side or the perspective of the site operator. That tells me that the lack of security which comes with users using the same password across multiple services doesn’t worry most consumers or site operators that much.