Faces rule, brains drool. What’s this Apple, Google and Microsoft have decreed earlier this month when they announced they would be expanding their support for the industry group FIDO Allianceis fighting to replace the billions of password-based Internet connections with smartphone-based access keys, which are unlocked by your PIN, fingerprint or face. The announcement from the three browser giants, made on World Password Day (who could forget?), marks what Microsoft calls a “monumental step towards a world without passwords.” It’s also a monumental victory for your face. So step up to a mirror and kiss this mug – it sniffs, it burps, it blinks and it could soon open doors to the universe.
The FIDO Alliance wants to completely take our dumb brains out of authentication. With reason. In the world most common passwords are still 123456, 123456789, qwerty and password. The most common animal as a password is monkey; we like to remember how little we have evolved. If we’re not hacked with weak passwords, we’re stuck with strong passwords we can’t remember. By some estimates, four out of five of us have forgotten at least one password in the last 90 days, and a quarter of us lose a password at least once a day.
But maybe our brains have been set up to fail. Between apps, subscriptions, banks, and email accounts, the average person has about 100 passwords. By contrast, the average person has about one face, and it’s unforgettable (just look at you!) and above all, impossible to hack. A world without a password is a more secure world. But it’s a world with fewer reminders that we forget. And let’s not forget that forgetting reminds us of who we are.
(Disclosure: I don’t have a password manager, which rules out the need to memorize your passwords. This is a source of belittlement and rage from my wife and employer, which has many essential to guide and precautionary tales on why you must, must, must to have a password managerand which one you should take. WIRED publishes an ode to forgetting your password, it’s like a locksmith preaching to his customers why they should replace their front door with beaded curtains. I’m talking exclusively about the psychic benefits of forgetting, not the cybersecurity benefits, which are almost non-existent.)
After all, but forgetting passwords is pretty much forgotten online. Long ago, we mixed our brains with Google and burned our past into social media and the cloud, where haunting memories can resurface at or against our will instantly. (Kate Eichorn writes about this in her book The end of oblivion.) We also traversed an Internet almost entirely without friction. We seek, we share, we spend and we shout at strangers without even an algorithmic superego asking, “Are you sure?” Along this omnipotent slide, rare are the moments that we don’t know, or can’t know or remember, when we confront our limits, our humanity. For this reason, one of the Internet’s most annoying questions is also one of its most exhilarating: Forgot your password?
Yes Hulu. Yes, Band Camp. Yes, New York Times. You stopped my wayward ride. I lost my password again, because I lost my password before. You see, for all my passwords, I oscillate from uppercase to lowercase like the AIM bUdDy PROFILE of a seventh grader circa 2004. I sprinkle random numbers and special characters in the middle of the words. I never stop until the password strength meter turns green and tells me I’m “strong”. But the stronger the magic words, the harder they are to remember.
The existential irony is that I often create new passwords with the recommended level of “entropy” (i.e. unpredictability) while in an entropy state. I want to hate watching SNL now. I want this recipe now. And so, like a monkey, my paw tap tap tap refreshes until the reset password link appears in my inbox. Then, rather than take the opportunity to create a whole new password – to build a new portal to where I want to be – in my frazzled state, I usually change two or three characters of what I thought my old password was, almost randomly, daring to remind me of the adjustments each time the time came to log in again. Or write it down. Or to get a password manager. I never do. And a week, a month or two years later, the cycle repeats itself. Each time, the strength of my password is my weakness. Each time, the security of my password exacerbates my insecurity about my inability to grow. This is the samsara of cybersecurity. It’s infuriating, it’s humiliating, it’s one of the only places online where we have to come to terms with ourselves.
Nirvana will not be found by connecting with your face without friction. While it will make us more secure, freeing up passwords will also chain us more to our way of being always online and always connected. Nirvana will sometimes be found in letting go of connections altogether, something oblivion tempts you to do. As poet Kay Ryan writes of forgetting, “lack of memory doesn’t make you stupid; one could say that it makes free. A forgotten old password is a forged new path. I could follow the prompt to create another password and stay en route to my original destination. Or I could let myself think I forgot my password for some reason, choose to come back to LinkedIn or Grubhub another day – or never – and instead meander somewhere else, maybe somewhere that doesn’t know the secrets that I forgot.
#Memoriam #Forgot #password