My grandfather, Mansour, is 88 years old. He’s one of the most energetic people I know. Even at 88, he’s always ready to get up and leave the house to try something new. He also has this fantastic ability to draw you in with his stories, which he never seems to run out of. It always boggles my mind how he remembers such specific details about an event that happened 40 years ago.
Despite his remarkable memory, though, grandpa can’t remember his passwords. My dad and I have spent hours resetting passwords, coming up with new systems, and experimenting with ways of helping him get into his accounts, but nothing truly worked. Of course, this isn’t surprising. As someone gets older, their short-term memory starts to go, and I’m not going to blame an 88-year-old man for not remembering whether it was WillowTree123 or Willowtree321.
It’s a bit unusual that authentication is still flawed in the most technologically advanced era of humanity. When you think of yourself, you think of someone unique. Sure, you have similarities with plenty of people, but, ultimately, no one else is exactly like you — so why can’t we use our uniqueness to prove our identity?
We have come up with countless ways to prove that you are who you say you are. And we have failed countless times.
Passwords
People forget passwords all the time. They reuse the same passwords. Even if they use a password manager, they can forget the master password or lose the access key. Writing passwords down on a post-it note is also an option. Great for grandpas, terrible for security.
Login by email
Email is the main service that my grandpa gets locked out of. For him, a single point of failure would mean being locked out of everything. Yes, this works for many technologically-inclined people, but it doesn’t pass the Grandpa Test.
Security questions
I will never understand this one. Most security questions are things that your family would know the answers to. Even worse is that people at risk (celebrities and public figures) are most likely to have this information readily available on the Internet!
Social Security Number
Don’t even get me started.
Physical security key
Have you ever lost your keys? Do you want to lose access to your bank account if you lose your keys?
Fingerprints
Fingerprints can only work for something local like a phone. It would be cool if we could use them for logging into something like Gmail, but that’s not practical nor secure. Also, it turns out that if you like to climb, your fingerprint changes every few weeks. So this authentication method can fails based on the user’s choice of exercise.
FaceID
Twins.
Credit card number
I’ll just leave this here: How I Lost My $50,000 Twitter Username
Phone number / SMS
I’ve seen this happen multiple times: “Hacker” will call Verizon saying they’re person X and need a new SIM card. The Verizon employee will do a sloppy job verifying the caller and sending the SIM to the hacker. If you rely on SMS for authentication, it only takes a phone call with a tired Verizon employee to get past your security.
DNA (?)
Of course, your blood (your own DNA!) must be unique, right? Well, there is a good portion of your DNA that is unique from person to person which we could use for authentication. It’s not easy to do, but let’s say you figure out the technicalities of it all — are you going to feel comfortable giving blood at your next doctor’s visit? Would you ever give your doctor your Gmail password?
Passwords work for most people, but for those that it doesn’t work for, it’s frustrating to think that there’s no good way to prove your identity. Anyone who has been locked out of an important account knows the frustration of exclaiming, “What do you mean unauthorized!? It’s me! I own this account!!” It makes you about the deeper, philosophical question of what makes us unique. Is it my phone number? My ability to remember a 10-character-long-with-an-uppercase-letter password? My fingerprint which seems to change after a few weeks of climbing?
I hope someone comes along and solves this issue in a way that already hasn’t been tried before. But for now, I’ll continue helping grandpa reset his Gmail password whenever he needs it.
3/13/2022