Alternatives to Passwords

I get that security on the internet is important, but creating and having to remember so many passwords is very cumbersome process. There are ways to have software generate passwords and then store them in a “secure” location, but I don’t really care for this approach. In my view, there is no such that are something truly secure on the internet. With enough motivation and skill, security can be defeated–or so I believe. Is there a method that is less cumbersome and more secure? I don’t have a good answer for this, but I want to address this problem in this thread.

To kick things off, here are some thoughts off the top of my head:

  • I like the idea of having a physical key to insert in your device to gain access to an account. But losing and then replacing the key would seem like a big issue. Additionally, having an individual key for each accounts could get unwieldy. One possible solution: a few keys for certain broader categories of accounts–e.g., one key for entertainment sites, one for financial sites, etc. (Note: I’m not sure how physical keys like this work. If the key creates some digital signal, then I would think this signal could be replicated. If so, that would weaken the appeal of a physical key for me.)
  • Another type of key: Instead of a physical key-like object, this “key” would be a small external device, say the size of a pager or even a thumbdrive, that would randomly generate passwords and then store the passwords. Plug in the device into the phone or computer and it will act like a key to unlock the device. To make it more secure, maybe the the site can sent a code to the “key” and the key would either use that to get into an account or reveal the code for the user to type in.
  • Using some unique object, information, etc. one has in one’s possession as a key. For example, I have some painting or art that my children made in school. I think the problem is that the site would have to have a record of this, and someone could get that information. Also, having an unique thing for every account would be the same problem as a physical key.
  • What about this: create accounts (plural) based on a password+a physical key+a specific device. All three things become a key that gives access to all the accounts you’ve set up. It’s only one “key” but a specific (unique) device and a unique physical key should make this acceptable. (This assumes that a hacker can find a way to mimic the signature of the physical device and “copy” the physical key.)

Leave a Reply

Your email address will not be published. Required fields are marked *