I had big plans for this blog. Like America – or most of humanity for that matter – I’m sick of being stuck in neutral. I suppose there are things worse than being stuck in neutral, but it’s still no way to live. Like I said: I had big plans for this blog.
Then I sat down to get started and spent the better part of an hour retrieving the password for the website I imagined would host this blog. Why I thought I needed this password and why retrieving it took nearly an hour are not important so I’ll spare you those details. The important thing is that all I wanted to do was access an account that I own and it took me almost an hour to do that. Having invested so much time already, it seemed worth the five seconds it would take to check my calendar and make sure I was really living in the year 2012. I am.
That revelation cost me my will to create. It is 2012, yet we’re still using username/password combinations, and are in fact using them almost exclusively, to authenticate ourselves over the Internet. With at least 5 email accounts, another 3 online bank accounts, scores of “PIN” numbers to keep track of, half a dozen utilities that have roped me into e-billing, and a distinct identity for every Groupon/WordPress/eBay/skype/Amazon/iTunes/yahoo!/Twitter/wankipedia site du jour, each of which wants its own username/password combination, how am I supposed to keep track? Lest I set myself up for a lame #firstworldproblems crack, let me be clear that bemoaning my bevy of Internet identities isn’t an inane attempt at a humblebrag, either. It’s a daily reality for anyone that uses the Internet as more than a glorified pr0n tube. So of course we end up re-using the same passwords whenever we can. And of course those passwords were never very secure to begin with. Ultimately, any security system that requires me to spend 30 minutes poking around “support” documentation and to then send an email requesting a password reset, wait 15 minutes for a reply, and send another email to “verify my identity” (oh, the irony!) – only to wait another 15 minutes for an email containing my password in plain text – is a security system that succeeds only in securing one’s property from oneself.
Here’s an idea: stop asking users to conceive of, remember, and recall a never-ending series of text-based passwords. Don’t ask users to conceive of, remember, or recall anything. Ask them to present their thumb and place it on a biometric reader that maps the fingerprint to a unique string and uses that string to authenticate the user, like a smart card. This isn’t rocket science; it isn’t even a new idea. Forbes Magazine reported that this technology was on its way 12 years ago. Is America’s entrepreneurial talent too preoccupied turning a billion dollars out of a set of faux-nostalgic photo filters to build something that might actually improve our lives? Or has Wall Street so deeply lodged its talons into America’s colleges and universities that America’s entrepreneurial talent is too preoccupied turning many billions of dollars out of the latest economic bubble to actually engage in entrepreneurship anymore?
Big plans, man. Big plans…