Voices: Will Google’s new tech be the death of passwords? If so, sign me up
I was born in the early 1990s, which means that the internet came around just in time to make my high school experience more dramatic than it would have been otherwise, but not early enough to completely ruin my life.
I’m talking MSN. I’m talking Myspace. I’m talking the Dragon Ball Z fan wiki. All the tools a 14-year-old needed to dip their toe into the world of online communication, but not so much that we’d completely destroy our reputations forever. That’s the sweet spot.
We didn’t stress too much about online security back then, because a) we were naïve as to the dangers of cyber-crime and b) there weren’t many valuable secrets to be gleaned from hacking into my Myspace page. What are you going to do, change my homepage song from Limp Bizkit’s “My Way” to something even more embarrassing? We both know that isn’t possible.
We kept our passwords simple, because our needs were simple. The name of that week’s crush. Our favourite member of Hear’Say. W33D_MASTER_6969. The classics.
Nowadays it’s too complicated. Now you have to choose something that’s 20 characters long, contains at least six unique special characters, can’t be a proper noun, can’t be in English, must read the same backwards as it does forwards, and summons one of the Great Old Ones when said under the light of a blood moon.
It looks like even those days will coming to an end soon though, as Google has begun rolling out its new passkey technology. The technology will replace traditional passwords, instead allowing authentication with fingerprint ID, facial ID, or PIN.
Instead of trying to remember 18 different variations of the same password across all your devices (“was weedmaster spelled with an ‘@’ symbol, or was that just for my Facebook account?”), users will instead be able to create a unique passkey that can be used across all their devices.
Like most people, I stay logged into pretty much every website and online service I use 24/7 because I have no regard for my personal data, and because nothing I do online feels real to me. Even though I’ve been using online banking for well over a decade, my account still feels like an abstract series of numbers that have no relation to the real world. Oh, you hacked into my bank account? Have fun stealing my negative-£200, loser.
I also do it because there’s nothing I hate more than having to solve a complex series of riddles and memory tasks every time I want to log into a website. No, I don’t remember the password for the email address I created when I was 14; I just create a new account every time I buy a new laptop and hope nobody important tries to contact me on the old ones.
If I ever get logged out of my Netflix account I’m unsubscribing from the service. because I’m pretty sure the last time I signed in was in 2011 when I first signed up.
When I was doing my PhD I had to change the password for my account every six weeks, and I’d be lying if I said that didn’t play a small part in my decision to quit academia altogether. They wouldn’t let you repeat old passwords, even if the last time you’d used them was years earlier! Sure, it was 10 years of my life down the drain, but it was worth it not to have to think of yet another variation on BTS_army_420.
Here’s a scary thing I found out while writing this article: did you know it can take hacking software an average of around eight hours to crack a password that’s eight characters long and uses numbers, upper and lowercase letters, and special characters? For a seven-character password, that number drops to around six minutes.
You don’t want to know how quickly it takes to crack “SNIPER1” which, in high school, me and two of my friends realised we were all using as our computer passwords for IT class, and had somehow come up with completely independently of one another. That’s a true story about how uncomplicated and predictable teenage boys are. Why do we let them have smartphones?
At a time when a huge portion of our lives take place online, it’s important to be safe. What isn’t safe is making the log in process for most websites contingent on our remembering a random string of numbers and letters that we’re often forced to come up with on the spot, and will likely end up writing down on a Post-it and sticking to our computer monitor because we know we can’t be trusted to remember it.
If Google has come up with a way to kill off passwords, I say sign me up (but don’t sign me out, because I forgot my log-in details).