So I was reading this article a couple of months ago, and it struck me as, well….odd. There is a company called World Wide Web Consortium that is coming out with a device that will provide, maintain and update all your passwords for you. You plug the thing into your USB while you’re using your computer and you will be off to the races. No more trying to come up with difficult to remember (let alone guess) passwords. Sounds good right? Here’s the thing, I would advise against it. Yes, I can see the benefits of having a single device that will generate and keep your passwords for you. In this modern world where we’re all running around ragged, having one less thing on your mind is always good to have. The problem is that while it’s presenting itself as a solution, it creates its own set of issues.
1) Centralised password keeping – so the way that this device is going to work is that it will act as a transmitter which will keep your passwords in a central location that the device will access through your system and keep your passwords for you. That’s all well and good, but what happens when you lose or break the password keeper? I would assume that it will have some level of portability which will mean that you will need to be able to keep it on you somehow. I don’t know about you, but I (on occasion) lose my car keys for a day because I put them in the wrong spot and forget where I put them, so I can foresee a time when I misplace my password keeper. The other option is being caught short, and I would need to log into something, and I wouldn’t be able to because I left my password device at home.
2) The “Equinox conundrum” – Do we all remember the Equifax breach back in 2017? Right, So for those of you who don’t this was about a credit company that got hacked and all of the information about their customers was put out in the open. Social Security numbers, banking information, the works. The problem was underwhelming security, but also the long-lasting damage of what people could do with that information. All your passwords for your e-mail, for your bank account, for your bills. If you were to keep all that information in a centralised place where it is “secured” there is a chance (however remote) that the place where all that information is kept could be hacked. Now I want you to think about all the things that you would need passwords for, and because even you don’t know what they are, you won’t be able to change them. Typically to change your password you need to be able to input your old password before entering the new one. The problem here is that if you don’t KNOW the old password, you will have a hard time trying to change it. In the worst-case scenario, if someone hacks into the central database where all the passwords are kept, then they will be able to change your password without your knowledge, and again, you won’t be able to reclaim your account.
3) You give up control – It’s always essential for you to try and create strong passwords for your accounts. I’m fully aware that some people use fairly simple passwords and it would be way easier to have something else figure out more complex passwords for them. The problem is that when you give up the control you have over your passwords, then you potentially give up control of the access to whatever the password gets you into. Being able to control your passwords by assigning them yourself makes it so that if you need to (or even if you want to), you can change them to make them more complicated as you feel it is necessary. If you give up that control, you will be at the mercy of a device that holds and controls your passwords for you.
My issue with a device that you use to establish and maintain your passwords for you is that you are leaving yourself open to hacking and having your passwords stolen. Making strong passwords is a skill that we all need to be able to develop so that we can protect the systems that we use every day. We use so many things that require passwords every day I can fully understand wanted to have something that will handle it, so we don’t have to think about it. Making sure that we generate your o
Do you want to leave the passwords for all your life up to a device you can’t control?
Let me know in the comments section below. If you like this blog post and want to see more, you can follow me on Social Media (LinkedIn, Twitter, Instagram, and Facebook @jasonlovefiles) or Subscribe to my blog to get new content delivered directly to your mailbox.