There was a time when as long as you knew the password for your PC and your email, you were basically fine. Now, however, with the sheer volume of sites and online services we use, we can end up with literally hundreds of passwords to have to think about. Additionally, the requirements sites make for the sort of passwords we have to set can make it very difficult to set memorable ones. While in the early 2000’s you may have just used the name of your cat, these days security is a lot more of a concern, and so you have to usually have a mix of upper and lower case letters, numbers and special characters. We could all start calling our pets things like ‘#Mr_Me0wy142**’, but that seems like it would raise more issues than it solves!
Why Do We Need So Many Passwords Now?
In the past, we mainly only had to have passwords to access private data, such as online banking or email. Now, most content on the web is user generated, and in order to generate it, we need to be logged in to a profile. Whether you want to tweet, update your Facebook status, comment on a YouTube video, discuss something on a forum, add something to your blog, or endorse somebody on LinkedIn, you need to be logged in and this requires a password. The ability to create content is really what has driven the need for so much password activity.
Add to this the fact that sites offer far more customization now. You can create your own preferences on websites you use, but of course for them to deliver you your own personalized view they need you to log in. Customizations like this used to be done with cookies, which meant as long as the cookies from the site were on your computer your settings would persist, but web design technology has advanced and now allows site owners to offer levels of customization that go far beyond what can be done with cookies alone – plus, anytime you clear your cookies, you’d lose your personalization via the older method.
A third reason why we need so many more passwords now is the growth of ‘software as a service’ (or SaaS as it is more often known). In the past most software applications we used were installed as client programs on our PCs, and so didn’t require password protection because your user account on your PC already had it. Now, much of the software we access we do not install, but use over the web, and so of course we need a way to access our own license and account – so we need a profile and a password.
Single Sign On
For many people, the preferred option would be having one profile that allows them to sign into everything. A lot of sites now allow you to set up an account and use it with your existing Facebook or Twitter account, which comes fairly close to this, but obviously assumes that everybody wants to be on Facebook and Twitter. Those who don’t have these or don’t want to give the thing they are trying to register for access to their Facebook or Twitter still have to set up a whole new account with a whole new password.
There are some great tools that manage your sign on credentials for you, like this password manager by Trend Micro which you can read about here, but for now it seems we’re a way off everybody just having one unique profile they can use for everything on the web. Google kind of wanted your Google account to be this, but due to the disappointing uptake of Google+, Facebook and Twitter accounts seem to have been the preferred sign in option for developers.
Why the Crazy Rules?
So why do passwords have to be so complicated now? Obviously it is to make them impossible to guess, preventing people you know from being able to guess that your password is your favorite football team, celebrity or, as we said at the start, your pet’s name, but what would be better is if there were a standard set of password rules so you could at least use the same odd collection of characters for every site. When some sites need a special character and others don’t, and lengths vary, it can be annoying.
At the moment the only real solution to password madness is using a third party password manager. Or keeping them written down somewhere – that thing you are absolutely not supposed to do for security reasons!