Rants

Security

I don’t understand the need for all of the increasing security on the internet. I appreciate that a lot of things need safety, but there is just too much being […]

I don’t understand the need for all of the increasing security on the internet. I appreciate that a lot of things need safety, but there is just too much being done in order to increase security that seems to be having a negative effect.

Passwords were originally used for a small measure of security to protect a few files on a computer. The need to have protected or sensitive information for so many places on the internet was never predicted, but that doesn’t explain why everywhere insists on setting their own restrictions.
Generally, you are always told to use a unique password for every website, email address, computer profile, etc, and many people try to follow this rule of thumb, but it’s completely impractical. I use the internet constantly so maybe I do have more accounts than most, but I don’t disbelieve that there most people will have dozens of accounts: many dormant, but still something they may return to in time. For each of these sites you need to have a unique password. I don’t know about anyone else, but I sure as hell can’t remember that. Hell, I can’t remember if ‘i’ comes before ‘e’ in ‘friends’, let alone multiple different passwords.

In addition to this, many sites make you change your password regularly; every 72 days seeming to become a standard (why the hell 72?); and won’t allow you to use one that you’ve used in the last 5/10 times, or even ever in one case I’ve seen. This comes to 5 passwords a year for your sites, bringing you to 60 passwords for 10 sites. Far too many for me to remember.

Further still, each site forces its own rules on you. Rules which you don’t always see or know when trying to put in the password to log in. Some sites force you to use numbers, letters, capitalisation, punctuation, and any combinations thereof. With this, you’re effectively losing the choice to use a password that you can actually remember anyway. People resort to just adding the requirements on to the end – kinda defeating the point. Or else they resort to other methods to remember for each site – I’d be interested to know how many people have “amazon” as their password for Amazon.com.

Considering that the password is just data to be stored in a database I don’t understand why these restrictions must be forced upon us. Sites should use a standard between them so that any password can be used – if it is only going to be hashed and kept in the database then there is no reason for it to have anything we don’t want in it. Regardless of the actual code it’s going to be a long string of unreadable digits when saved. If people want to have the same password thats their choice. I’m confident enough of my password that I not only use the same one, with the occasional addition of “!1”, but keep it visible in a picture on my desktop. It’s a bit geeky Da-Vinci code sort of thing, but it’s there (and my friends have been told this in case they should ever need).

My personal favourite is that many of these sites are now using “Facebook Connect” to allow logins. While I dislike Facebook itself, I’m a fan of the system which allows you to connect a site to Facebook and then automatically login using your Facebook account. The irony is that many of the sites enforcing password changes use this, which bypasses the whole security issue. Getting access to peoples Facebook accounts is surprisingly easy in comparison to most things, odd since so many have their entire lives on it.
While that minor bit of security is a slight issue, I think it’s great having a centralised login system. I’d actually welcome something like this in the future for an official way to do things. It would be so much easier, and a great improvement on the current cacophony of “systems”.

Leave a Reply