Jack Michaels had the day off.
He put on his jacket and walked out the door at a little past eight in the morning to run a few errands. His first stop was the hardware store, where he had to buy some paint and caulk to do some work on his bathroom.
“Good morning, James,” said the shopkeeper.
“Mornin’,” replied Jack.
Jack went straight for the paint and caulk, then came back within minutes to check out. The shopkeeper scanned the items and bagged them. “That will be eight dollars and forty eight cents.” Then he pushed a small electronic box forward. “I’m gonna need your print.”
Gingerly, Jack pulled a small box from his jacket pocket and opened it. Inside, there was a neat row of thumb-shaped stamps, each labeled with a number and with a unique fingerprint micro-engraved onto each. He selected the one labeled “B2” and pressed it into the glass of the scanner box.
The box made two buzzes in rapid succession. The shopkeeper shook his head. “That one didn’t work.”
Jack set the stamp on the counter and mindlessly tapped it with his index finger. “I changed my name with this store last week.”
“I have you as James Caldwell,” the shopkeeper said.
“It’s Jim Black now,” said Jack.
“Oh okay, let me put that in the system and you can try your print again.”
***
Wasn’t that confusing? But that’s pretty much how the internet works today. Each place you go, you have a different name and different password. Wouldn’t things be so much easier if you have the same name and same password everywhere you go?
The main problem with having the same login credentials everywhere you go is that once someone knows your name and password, they can log in anywhere as you and impersonate you.
In real life, you can get away with having the same “login” credentials. You have one name, one body, one mind, and one set of fingerprints. Another person can use your name, but they cannot easily replicate your appearance, your memories, or your fingerprints. In real life, if someone collects your name and fingerprints in person, and they match the name and fingerprints in a database, they can reasonably assume that it’s really you.
The story above wouldn’t have been so weird and confusing if Jack Michaels was able to use his real name and his real fingerprints to make the purchase. That represents the holy grail for logging in online.
***
The average person today has 70-80 passwords. That makes password management a major problem. We need secure a way for people to have one user name and one password valid across the internet.
We need technology that will allow us to securely sign in to any website with the same credentials.
Some current solutions are out there, but none of them are ideal:
- You can use the same user name and password on every website you sign up for. But what if your user name is already taken, or your standard password doesn’t meet the requirements of some sites, or someone steals your user name and password?
- You could use a password manager like LastPass or 1Password. But you still have to log in separately at each service, and you still have a problem if someone steals your user name and password at any of the sites.
- You can sign in using a federated social login like Facebook Connect or Google. But those don’t work for all sites and they still require you to select permissions for each site.
The best solution I can think of is to remove anonymity from the internet. If everyone had to use their real identities in order to use the internet, then each person would only have one name and one identity. Multi-factor authentication using things like fingerprints and facial recognition would have to be used to prevent identity theft. Anonymous and fake users would have be blocked off from the internet. In short, every major company and country would have to collaborate to redesign the internet from the ground up.
***
Now that you understand the problem and how the most obvious solution (completely redesigning the internet) is close to impossible in our current environment, can you think of a more elegant solution? Or perhaps a partial solution (like password managers) that is better than what’s already out there?
If you want to dig deeper down this rabbit hole, here are a list of resources to get you started:
Leave a Reply