I manage all of my online accounts with three passwords, each serving a different purpose: online banking, daily sites like GMail and sites I don’t trust. The problem in managing my online identities in this way is it’s insecure. Like a house of cards, the leak of one of two more important passwords bring the house of cards crashing down.
Passwords and Car Alarms
The login system we have today is universally understood. When presented with a username/login page, everyone knows what to do – enter in the same username and password they do for every other site.
In fact, it’s much like car alarms. The first car with an alarm works brilliantly at deterring theft, because everyone is intrigued and alarmed at the sound. But with each successive car blaring its alarm, the utility of the car alarm declines until it is negative. In the limit, no one pays attention the alarms; they’re just ambient noise.
The problem with these systems is that once there’s mass adoption of the standard, the system breaks down. OpenID is a technology that’s trying to remedy the situation with a different mechanism – having one username and password for all sites, but it’s not still widely adopted and still subject to phishing attacks.
While waiting for a better solution, I’ve found 1Password which does four important things
- Creates secure passwords full and stores them securely in my keychain.
- Remembers the passwords for different sites and supports mulitple identities for each site
- Integrates into each of my browsers (Safari, FFX) and syncs to my iPhone.
- It backs up automatically in case something goes wrong
It’s not free or perfect, but it’s made my web surfing easier and more secure.