Advice to Web Developers: Forget the Password

This weekend while wandering down the aisles of our local Super Target, we found a dinner table and a side board we though would go great in our living/dining room. After checking out, a couple of teenage boys wheeled the still flat-packed pieces to our awaiting PT Cruiser.

Now, after flattening the inside of the car, both pieces fit. Though either Jen or myself wouldn’t. We kindly asked the boys if they could hold the pieces until I returned.

Sure.

After dropping Jen and the little man home, I returned to pick up the furniture – now in the Customer Service area.

“I’m here for those pieces.”

“Do you have the receipt?”

“No.”

We chatted for a bit, trying confirm that the pieces were in-fact mine and paid for sans receipt.

I told her we couldn’t take them before, because we couldn’t get them both in the car.

She called over the same teenage boy and off we went.

One of my bigger irritations these days is with the number of passwords I need to remember to try out the latest browser-based Web2dotOhGodNo beta.

Frequently, there’s no real need for a specific web service to require registration of a unique identity, let alone I’ve already generated a pile of them elsewhere (can’t I use one of those?).

Sometimes, my browser will pre-populate the login/pass – that’s great while at the same time completely defeating the purpose of security. Security and identity are separate concepts, though security may confirm identity, there are other ways.

Point is the two concepts are mixed up so much there’s an inherent security problem.
The more passwords I create, use, manage, and remember on a regular basis, the greater the chance I’ll use something like “1234” and the whole ecosystem becomes insecure.

I’m using Apple’s Keychain Access to store passwords both me and my browser have since forgotten. Passwords for trials that have expired and services that no longer exist. Thing is, I’m far less likely to click ‘forgot password’ than I am to never return (Who knew Friendster was still around?).

Forget the password, it’s a security risk for customers and a barriers-to-entry for providers.

ELSEWHERE:

“Some teens chew through IM handles like candy; their nicks are things like “o-so-funny” rather than the first name, last name standard that seems to pervade professional worlds. It’s not seen as something to build an extensive identity around, but something to use to talk to friends in the moment.” – Dana Boyd