The End of Passwords (And Maybe Privacy, Too)

The Wall Street Journal carried an interesting and provocative article a few weeks ago on the potential implications of a new form of technology called ultra wide band (“UWB”) that is gradually being adopted by a number of devices and manufacturers. Like seemingly all new forms of technology being introduced these days, UWB is like a good news/bad news joke n steroids, with positives and negatives galore.

The technological enhancement offered by UWB is that it allows devices to precisely–within a centimeter, in fact–locate themselves in three dimensions and broadcast that information to any devices using UWB technology in the vicinity. The technology “triangulates the position of an object by measuring how long it takes radio waves to travel between devices and beacons.” The WSJ article explains that this capability would “let anyone with a late-model smartphone or Apple Watch unlock and start their cars simply by walking up to them. It could make it easy for us to control any connected light, lock, speaker or other smart-home gadget simply by pointing at it with our phone or watch. It could even, claim its architects, end passwords.”

End passwords? For those of us who hate constantly changing (and then remembering) passwords, that sounds pretty good. But there’s a catch, of course. The WSJ article poses the question thusly: “Once our gadgets are broadcasting their location at all times, how do we assure that information doesn’t fall into the hands of those who would use it to harm us?” And there’s another element to it, too. Do we really want our smartphones, equipped with UWB technology, to become the center of everything we do, serving as car keys, home keys, wallets, phones, and cameras, authorizing us us to get into our laptops and computer systems, turning on our lights and TVs, and performing virtually every function we need to survive in the modern world–particularly when they are broadcasting our position to any other UWB device?

The privacy aspect of UWB is significant. As the article notes, UWB would make it a lot easier to stalk a particular person, or to pinpoint a car that is a particularly attractive target for theft. And, given what has happened in recent years, you wonder how data about your location will be stored, who will have access to it, and how it will be used. And that’s not just a concern about the potentially nefarious uses of such precise location information by creative crooks, intrusive governments, and faceless corporations. Are we heading to a world where, when we pass a brick-and-mortar store, information about a big sale flashes on our phones, reminding us that people know precisely where we are at every given moment?

Like many other recent developments, UWB seems to offer trade-offs of convenience versus confidentiality. But if every modern device ultimately adopts it, what choice will we have?

In Password Hell

Today I went to get a new iPhone.  The battery on the old one was running down at Usain Bolt-like speed, and clearly, it was time.

When I got to the Verizon store, the pleasant young guy who took care of me looked at my phone, chuckled softly, and noted that the phone was more than five years old.  That’s like taking world history back to the Pharaonic period — when cell phone data storage was miniscule, cell phone cameras were crappy, cell phone batteries were tiny . . . and, not incidentally, cell phones were a lot cheaper than they are now.

So, I had to decide how much I wanted to spend for my new phone.   It didn’t take me long to decide that I didn’t need to spend $1500 (which, amazingly to me, is what the Verizon store employee who is probably making not much over minimum wage confessed he had spent on his phone) and would be perfectly happy with the cheapest iPhone 10 they had — which was still incredibly expensive.  Then I had to pick a color (red), and a phone case (a clear Pelican) and then it was iPhone set-up time.  And that’s where the process ran off the rails.

“What’s your Apple password?” he asked pleasantly — and I felt cold, icy fingers of fear clutching my heart.  And then he asked for my iTunes password, and then for my gmail password, and the depths of angst and despair burrowed ever deeper into my soul.  “I’m not sure,” I said uncertainly.  “Well, what do you think it might be?” he asked, slightly baffled and no doubt wondering how could anyone who uses a modern phone wouldn’t have all of their passwords memorized and ready to use at any moment.  So I gave a few half-hearted attempts, using passwords that I know that I’ve used for something or another over the years — but there was no conviction in my efforts.  Sure enough, none of the passwords worked, and I got the accusatory buzzings and beepings that inevitably accompany password failure.  So the pleasant kid had to reset my passwords — passwords that will now promptly be forgotten, and vanish on the wings of the wind down the password memory hole.  It made the new phone process even longer and even more embarrassing.

As I left the store I realized that there is a reason I get a new phone only every five years.

Passworded Out

Over the weekend I got another of those messages telling me that my password for my handheld device was expiring, and it was time to come up with another one.

I groaned with dismay, then I sat there for a few minutes, thinking hard about how I could possibly come up with yet another “unique combination” of letters, numerals, and characters that I would be capable of remembering.  Because, after years of coming up with passwords, I’ve just about run dry.

At first, way back at the dawn of the data security era, coming up with passwords for my handheld and the computer system at work was kind of fun — like being a secret agent who knew the right code word to gain access to information.  Then it became a part of the routine.  But over time passwords became viewed as more important in the war against hackers, and longer and more complex “strong passwords” became the norm, and new policies were implemented to require that passwords be changed much more frequently.  After years passed in which passwords needed to be changed every 60 days, and I’ve therefore had to create and remember dozens and dozens of separate passwords only to see them vanish without a trace after only a few months, the act of password creation became drudgery, and finally it became a telltale sign of my clearly dwindling resources in the password creation creativity department.

I’ve used just about every mnemonic technique I can think of to create passwords.  Dog names.  Nicknames.  Streets where I’ve lived.  Places where I’ve worked.  Rock bands I’ve enjoyed listening to.  Old addresses.  The year our family first moved to Columbus.  The name of the unfortunate defendant in a legal case that my law school classmates and I made into a running joke. The phone number from a commercial jingle that I’ve somehow remembered since childhood.  The name of the robot maid on The Jetsons.   Pretty much everything in the memory bin, down to the most trivial bit of debris, has been hauled out and applied to satisfy the insatiable appetite for fresh passwords . . . and still the demands for new passwords keep coming.  It’s exhausting.

Can we please go back to the days of password1234?

Password Obscenity Roulette

Hacking hackers are everywhere these days, and all at once.  For the IT guys amongst us, that means tinkering with firewalls and new defensive software and systems vulnerability checks and incident response plans and all of the other technical gibberish that makes IT guys boring death at a party.  For the rest of us, we can only groan in grim anticipation, because we know that we’re going to be asked to change our password . . . again.

One of the great challenges of modern life is remembering all of the different “passwords” that we must inevitably use to access our various electronic devices and internet accounts and computer access points.  Unfortunately, we can’t use passwords like Allen Ludden would recognize. In fact, they can’t be a properly spelled word at all.  So that it’s a “strong” password, it’s got to include a weird combination of capitalized and lower case letters, numbers substituting for letters, and random characters, like ampersands and pound signs and question marks.  The result often looks like the sanitized representation of cursing that you might see from the Sarge in a Beetle Bailey cartoon — minus only the lightning bolts.  (@#%*$^@#!)  In a way, that’s pretty appropriate.

Of course, all of these suB5t!tu+ed characters, plus the fact that you need different passwords for different devices and accounts, plus the fact that passwords now must be changed much more frequently, make it impossible for the average human being to remember the passwords in the first place.  How many of us sit down at a computer or pick up our tablet and idly wonder for a moment what the &*%$# the password is?  And there’s the new year/check writing phenomenon to deal with, too.  When a new year comes, how long does it take you to stop automatically writing the old year in the date, because you’d been doing that for the past 346 days?  I had to change my iPhone password several weeks ago, and I still reflexively type in the old password every time I’m prompted, until I dimly realize that I’ve changed it and it’s time to key in the new one — if I can remember it.

There’s a positive aspect to this.  We’re all getting older, and people who deal with aging say that if you want to stay mentally sharp as the joints creak and the brain cells croak you need to play word games or solve puzzles.  Well, this generation has got that covered.  We don’t need silly games, because we’ve got frustrating passwords.