Are passwords passé? It’s starting to seem like it. Everybody hates them, and nobody can remember all the ones they’ve created. These days a typical netizen has dozens of online accounts. If you really want to be safe, you need to have a different password for each one, and each password needs to be incredibly complicated, with a mix of capital letters, symbols, and numbers. Who can keep all that stuff in their head?
Most people don’t bother. Some just make up one password and use it everywhere. Others might have a few passwords—one for all their banking and financial stuff, one for their social networks, one for email. Problem is that if one site gets hacked, the bad guys now have the password that you use elsewhere. These hacks are happening so frequently these days that you might as well assume there is no way to keep a password secret. In one recent attack on Sony, millions of accounts were exposed.
Computer scientists realize the system is broken, and they’re looking for alternatives. But most attempts haven’t been very good. Fingerprint readers require special hardware, and a lot of people find them creepy and don’t want to use them. Smart cards and tokens can be lost or stolen. “We’ve tried all sorts of other approaches, but we end up back with passwords. They’re the least worst in a series of bad options,” says Rich Mogull, CEO of Securosis, a security consultancy.
Markus Jakobsson, a veteran security researcher with a Ph.d. in computer science, has come up with something he calls “fastwords.” Instead of inventing a gobbledygook password, you join three simple words that come from a thought known only to you. If one day you were driving to work and ran over a frog that ended up flat, you might choose “frog work flat.”
Some advantages: You can enter the three words in any order (“flat frog work”), and the system still knows that you’re you. If you totally blank, the fastword system will tell you one of the three words, which should enable you to remember the original thought and thus the three keywords. Jakobsson says one large service provider is evaluating the fastwords concept.
Fastwords represents a step in the right direction, but it’s not the promised land. Someone, somehow, needs to come up with something radically different—and radically better—than what we have today.