Monday, May 4, 2015

The Password Problem

We all spend too much time typing in passwords. If you shop and pay bills online, you may spend 10 minutes a day just signing in to one site after another. Maybe you keep your cell phone locked, so that you have to enter a passcode every time you turn it on. The situation is worse for corporate information workers, who also have to sign in to computers, databases, printers, voice mail, and internal applications for messaging, timekeeping, goals, and training. With the tighter security rules found in corporations that have the more sensitive customer data, there can be as many as five levels of passwords (for example, desktop, soft token, gateway, server, and database). Sessions may expire after just 15 minutes, so that a worker has to sign in repeatedly over the course of the day. The cloud computing trend has increased the number of passwords, with workers signing in separately to a dozen disconnected services spread around the world. It is not an exaggeration to say that some workers spend one hour per day typing the same few dozen passwords over and over again.

Previous attempts to solve this problem by having a central database that holds all your passwords have failed with security gaps. Retina scans are effective for secure building access but don’t work for networks, which by nature are spread out. There nevertheless has to be an answer. There is inherently a tradeoff between productivity and security, but if workers are spending 100 million hours a day just signing in and signing out, that isn’t a sustainable pattern. There is a great deal of productivity to be gained by finding ways around the password problem.