kg logo
Back to thoughts

Authenticating grandpa

3/13/2022

My grandfather, Mansour, is 88 years old. He’s one of the most energetic people I know. Even at 88, he’s always ready to get up and leave the house to try something new. He also has this fantastic ability to draw you in with his stories, which he never seems to run out of. It always boggles my mind how he remembers such specific details about an event that happened 40 years ago.

Despite his remarkable memory, though, grandpa can’t remember his passwords. My dad and I have spent hours resetting passwords, coming up with new systems, and calling customer support to get him into his accounts. Of course, this isn’t surprising. As someone gets older, their short-term memory starts to decline, and I’m not going to blame my 88-year-old grandpa for not remembering whether it was WillowTree123 or Willowtree321.

It’s a bit unusual that authentication is still flawed in the most technologically-advanced era of humanity. When you think of yourself, you think of someone unique. Sure, you have similarities with plenty of people, but, ultimately, no one else is exactly like you — so why can’t we use our uniqueness to prove our identity?

We have come up with countless ways to prove that you are who you say you are. And we have failed countless times.


Passwords

People forget passwords all the time. And it doesn't help that different sites have their own rules for a "strong" password, forcing users to conjure up a new, forgettable password. Even if they use a password manager, they can forget the master password or lose the access key. Writing passwords down on a post-it note is an option that is passable for grandpas, but terrible for security.

Login by email

Email is the main service that my grandpa gets locked out of. For him, a single point of failure would mean being locked out of everything. Yes, this works for most technically-inclined people, but it won't work for grandpa.

Security questions

I will never understand this one. Most security questions are things that your family would know the answers to. Even worse is for people most at risk (celebrities and public figures), the answers to common security questions is readily available on the Internet!

Social security number

Don’t even get me started.

Physical security key

Have you ever lost your keys? Do you want to lose access to your bank account if you lose your keys?

Fingerprints

Fingerprints can only work for something local like a phone. It would be amazing if we could use them for logging into something like Gmail, but that’s not practical nor secure. Also, it turns out that if you like to climb, your fingerprint changes every few weeks. So this authentication method can fail based on the user’s choice of exercise.

FaceID

Twins.

Credit card number

I’ll just leave this here: How I Lost My $50,000 Twitter Username

Phone number / SMS

I’ve seen this happen multiple times: “Hacker” will call Verizon saying they’re person X and need a new SIM card. The Verizon employee will do a sloppy job verifying the caller and sending the SIM to the hacker. If you rely on SMS for authentication, it only takes a phone call with a tired Verizon employee to get past your security.

DNA (?)

Of course, your DNA (your own blood!) must be unique, right? Well, there is a good portion of your DNA that is unique from person to person which we could use for authentication. It’s not easy to do, but let’s say you figure out the technical and practical challenges of it all — are you going to feel comfortable giving blood at your next doctor’s visit? Would you ever give your doctor your Gmail password?


Passwords work for most people, but for those that it doesn’t work for, it’s frustrating to think that there’s no good way to prove your identity. Anyone who has been locked out of an important account knows the frustration of exclaiming, “What do you mean unauthorized!? It’s me! I own this account!” It makes you think about the deeper, philosophical question of what makes us unique. Is it my phone number? My ability to remember a 10-character-long-with-an-uppercase-letter password? My fingerprint which seems to change after a few weeks of climbing?

I hope someone comes along and solves this issue in a way that already hasn’t been attempted before. But, for now, I’ll continue helping grandpa reset his Gmail password whenever he needs it.