Despite advances in password systems, choosing and remembering passwords are still major user interface or UI issues. In fact, the very advances that make passwords more secure make them harder to remember. Requiring users to create passwords that include letters, numbers and special characters, or requiring users to create unique passwords every 30 days, generates passwords that are in theory secure. However, the difficulty in remembering these passwords prompts users to choose insecure password options.
Choosing and remembering a large number of unique passwords is nearly always difficult. To combat this difficulty, users often deliberately select insecure passwords. They choose the same password for multiple sites, or choose passwords that are easy to remember, such as birthdays or children's names.
Knowing that many users automatically choose insecure passwords, many companies and software designers create password systems that force users to choose strong passwords. These are the systems that require 15-character passwords and demand uppercase characters, lowercase characters, special characters and numbers. These systems also often require users to create new passwords every 30 or 90 days.
Since remembering passwords becomes difficult within this system, users resort to shortcuts such as writing down their passwords. Just under half of all users write down passwords in an effort to remember them. This method of remembering passwords quickly turns a strong password into a weak one, as anyone who finds the user's handwritten list of passwords gains access to that user's computer and files.
Many software systems build in security safeguards in case of lost passwords. One of the most common safeguards is the security question. If a user forgets a password but answers the security question correctly, the password is provided.
This type of safeguard helps users who have trouble remembering passwords, but comes with its own UI issues. Many of the security questions involve material that is easily searchable online, such as the question "What is your mother's maiden name?" If a hacker wants to gain access to a user's system, it is easy to find the answers to these security questions and use them to retrieve a user's password. In fact, a hacker gained access to 2008 vice presidential candidate Sarah Palin's email account using this exact method.
New systems are developing in order to prevent these password issues. The iPhone 5s, for example, allows users to sign in with a fingerprint instead of a password. It is likely that the future of password security lies in biometrics such as fingerprints or optical scans, which will in turn make remembering passwords a thing of the past.
The very systems designed to make passwords stronger often make them weaker. When remembering passwords becomes difficult, users choose methods of storing and retaining passwords that compromise password security. Ultimately, the future of software login systems may involve fingerprints, optical scans and other technologies that are unique identifiers and do not require users to remember passwords.
(Photo courtesy of Salvatore Vuono / freedigitalphotos.net)