7 thoughts on “The Password Era”

  1. I don’t see how getting rid of usernames and passwords would in any way be a hard sell. My younger son is experimenting with cryptocurrency as an investment (and has made some real money), and the identification system is invisible to the user. Contrast that to my workplace, where there are a dozen different work-related sites we have to visit, and every one of them has a different username/password system. And you’re not supposed to write down your passwords. This would be deliverance, in my humble opinion.

  2. It’s still a type of password except if you lose this one you no longer exist. With the current system you can have partial failure and recover. Replacing that with a single point of total failure is not a good idea.

    It would work great until it doesn’t.

      1. Which is why it’s a non-starter for Normal People, who can’t even back up a phone or their computer – even if you handhold them, half the time.

        I keep hearing “blockchain, blockchain” but very few if any of the suggested uses pass a smell test.

        I read it as “a solution looking for a problem”, most of the time.

  3. Blockchains seem needlessly and pointlessly complex for this application. If you’re willing to assume that the user has a secure, private computer (e.g. a smartphone) available whenever he wants to use a service, just do a straight public-key challenge and response; we’ve had the technology to do that for decades. But we don’t, because as Ken notes it turns the smartphone into a hard single-point failure mode – blockchains and public keys both are too mathematically complex for direct human manipulation. Lose the phone, leave the phone at home when you go out, find out your phone has been hacked, and you’re locked out of your entire digital life.

    Until you borrow a friend’s phone, say “Give me my digital life back! My mother’s maiden name is [X], I grew up on [Y] street, my first car was a [Z]”, and you’ve just reinvented the password in the worst possible form.

    The blockchain just hides the complex math, and the necessity for a really stupid backup system, behind some even more needlessly complex math that maybe nobody will notice because it’s so hot right now.

    1. If you can self-publish one identity, you can self-publish more than one. You just need to be careful about using the ‘naughty’ one too often right after using the ‘nice’ one.

      It boils down to the question of how they’re resolving the PGP web-of-trust problem where you get your key signed by people that are trusted by people you’re dealing with. That’s fine in small communities but doesn’t scale to transactions with anonymous strangers.

      Plus, this is about verified identities. If that’s used to stop accepting unverified comments, then *that* is the problem, not the nature of the password.

      Final note, the comment about failure modes is very well taken. It’s one of several reasons why I have a flip phone as my phone and a non-phone as my applications platform. I did finally “give up” and get a tablet with a data plan, but it’s a secondary device.

Comments are closed.