Jotsite Water Cooler Area




Post a New Topic

Show Recent Topics 

reflecting on lost connections


No this has nothing to do with old friendships though I do regret not keeping in touch with certain people throughout the years. This has to do with online accounts, passwords, cookies, certificates, and other information that allows each of us to maintain unique identities and the pain of losing such information so that I'm unable to log in.

Like most other folks I have numerous Internet-based accounts ranging from an identity on a certain online video game I play to the identity I present to get access to online banking. The status quo for most online accounts is currently a username/password combination, though because of different rules for different services I believe I have more than ten different usernames I can try out whenever my computer decides to log me off these services. Matching the passwords is a bit easier since I can cycle through three or four major password templates with only two or three minor variations each (symbols or numbers might be required/prohibited even in passwords).

Normally I force my own desktop to keep me logged in or at least remember my username, though bad situations (example: the ISP's technician tells me to clear all browser memory including cookies because the faulty connection is a "software problem") can't be avoided and so sometimes I need to re-establish connections to numerous services. For these times I wish I had a cheatsheet where I could look up a particular service and find my username and password, but I am not foolish enough to have such a piece of paper lying around and so I need to either guess or wander the website for an hour or so to find a way to get this data sent to me.

Here's a possible pet project: design a tool that incorporates this cheatsheet mechanism with a UI that makes it easy to enter new information but difficult to view the information. This program would encrypt the username/password information for storage, and even the service names can be encrypted to defend against attacks targetting these specific services. Ironically this mechanism would require its own password which when entered would decrypt the stored username/password combinations.

Sonny Talag
January 26, 2004 (02:23)


A company that I had interviewed with (digital persona) used biometrics to facilitate keeping track of accounts and passwords. I thought that was a good idea because you would never lose your fingerprints. Additionally, imprinting on a pad is not as cumbersome as remembering passwords or storing it inside other programs.

Now if we can get our hands on a cheap biometric device.

Hoang
January 27, 2004 (11:38)


Biometrics -- specifically fingerprint ID -- is an interesting identification mechanism in that it's more difficult to spoof than a username/password pair and as you indicate pretty hard to lose. However where I think this falls on its face is that everything needs to be built up to use the biometric interfaces rather than a cheaper (username/password) mechanism, and so I don't believe we'll see popular biometric devices anytime soon. I was and continue to be interested in those pen pads made by Wacom and similar companies, but I know that unless I build some software as an intermediary I won't use that pad for more than drawing.

Sonny
February 04, 2004 (11:46)


You are right Sonny. Having gone through many waves of computing, an observant person can see devices come and go. Some examples are: the Zip drive, Syquest, EISA bus, and lots of others you can think of. More important is to recognize the ones that persist. These include: the floppy drive, serial ports, parallel port, keyboard, USB (becoming more prevalent). It is more beneficial and profitable to create software for the ones that remain around for a while. This ensures that your software will get used. If you are lucky and enough people use it, you might just make some money from it.

I see proliferation of passwords as becoming a problem when our reliance on computers continue. The problem is like the problem of SPAM today. The solution to the identity problem can be biometric or something else depending upon what is cheap, readily available, and easy to use.

Hoang
February 06, 2004 (09:53)


Keep a cheat sheet in ASCII.
ZIP it with a password.
ZIP the zipfile again with another password.
Pray your perpetrator moves on to an easier target.

Ich
February 17, 2004 (12:59)




Write a Reply