Seat Belts and Passwords ... and Buggy Whips

I am honored that Dave Kearns mentioned my post about buggy whips in his second newsletter addressing why we need to replace the venerable password.  It's nice to be recognized for knowing some arcane information about buggy whips.  And it is true that buggy whips are still around, even if relegated to a small market niche. 

However, the point we should emphasize is that buggy whips didn't fall from grace because people didn't like buggy whips.  They faded away because they became irrelevant.  It was far easier to use the accelerator in a car than to use a buggy whip to coax your horse to go faster.

Interestingly enough, one of the articles Dave referenced made essentially the same point.  Speaking of the three-point seat belt developed by Nils Bholin of Volvo,  William Escenbarger remarked,
"It was so simple that a driver or passenger could buckle up with one hand."

It was ease of use, not a technology-driven obsession with safety,  that led to wide adoption of the seat belt.

I think we face the same thing with passwords.   Intellectually, it is simple to understand why we should get rid of passwords.   However, in practice, widespread adoption will be triggered more by ease of use than perception of safety.  When an easier method for authentication emerges, people will adopt it - not because it is safer, but because it is easier.  If that easier method is also more secure, voila!  We will have achieved our desired result.

But until ease of use makes passwords irrelevant, people will continue to use buggy whips or drive without seat belts.  How's that for mixing metaphors?

By the way, I'm the kind of guy who always buckles up but resents the government telling me I have to.  Will it be the same with passwords?


Technorati Tags: , , , ,

Comments:

Post a Comment:
Comments are closed for this entry.
About

Discovering Identity was founded on blogs.sun.com in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at DiscoveringIdentity.com. In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.


The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today