Thursday, September 28, 2006

Passwords make me Insecure

Wonder how it will be if every Blog that you visit has its own User ID/ Passwords, and you have to Log in everytime you want to view content. Every God Damn Good for Nothing site enables a User ID / Password mechanism. Why ? Just because they know how to code it. It is silly, when nothing really matters even if the User Logon is not in place. Why would an MP3 download site or a free Subscription of Dinamalar ePaper require logon IDs ?

Not just that. Workplace has nearly a Worksheet full of User IDs and funny passwords to remember. My previous workplace, I had nearly 24 user IDs at work, apart from my personal logons. Bank Passwords. Card PINs. eMail accounts. And Many Many More.

I've noticed a few people have a centralized Password Management. How ? They write down everything in a Excel Sheet and Password protect that one. In my opinion, thats not being wise.

Firefox helps me remember passwords, and i trust that at home. Most of the sites just keep coming without asking for a passwords, for Im so very sentimental.. that I click on "Remember Me" or "Please dont forget me, please !" button, everywhere I see. But these Mainframe Passwords and Bank passwords drive me crazy.

Banks have another torture in the name of additional security. Its called the Transaction password, and this password cannot be the same as your Logon password. I completely understand the purpose of this. Infact HSBC goes one step further, and gives its users a RSA SecurID, and thats a third level of security.

But beyond all the protection, the Memory Capability is what irks me. We are so very creative while choosing a password. We make it extremely complex or extermely simple, that we forget it very soon. Well, some people keep the same password everywhere. I once did that. But the moment I gave someone the password to check something on my email, I got insecure. So, I then re-passworded all my accounts with different passwords each, and had some memory capsules with one glass of water.

Thank god there is a "Forgot Password ?" link everywhere. Actually, I feel it says "You forgot your password again, you Amnesia M**** ? ". But the problem with Banks and other Very Secure units is that, it gets reset in a course of days and not immediately.

So, you type your password wrongly, and then wrong again.. and then one last time when you think it is correct, and still it is wrong ... You are done for the day. Forget your bank transaction on the net for one week. I know it is a security measure, and thats good. But it sucks out the purpose..

I'd suggest we pull the future sooner and faster. Thumbs. Programmers please start writing programs that verify identity through Thumb Prints. That should be a very good solution. No more funny passwords.


Anonymous said...

funny and needs analyzing :).. good one.

vatsan said...

its not that hard,
choose a few passwords with various puposes, one for emails, one for banks and financial transactins,one for all download sites/all kuppai on web. and one for work, thereit makes life simpler

pRaBhU said...

i have a solution for u..
break ur pwd into 2 parts 1st part should be generated with the application in mind, say mail for a email app'. The second part should be a const which is confidential to u sa y avyukta(thou this is not that confi') so the final pwd can be
mailavyukta or even

use caps to make it a bit stronger
like - GmailAvyukta.


alex said...

Good insight!

Padma said...

three of my fav chola kings.. and i circulate between them. i always get thru the login authentication at max of three attempts... not too many passwords to remember. Helps when office systems want to keep changing ur passwords (and ur current password should be different from ur previous two passwords)..