Kenneth Sigel

View Original

Pa22w0rd$ - we can do better

I’ve recently been thinking a bit about passwords. They really are an inferior method of securing our digital selves. Passwords cause a lot of hassle for users, and in fact, they’re counter-productive. That is to say — the stronger you make your password, the harder it is to use. You can even graph this:

The way to make your password stronger (less easily guessed) is to make it less comprehensible to humans (hackers are humans). But that’s also the problem (you’re a human too).

I’ve been designing ecommerce sites that require secure login for a number of years now and at some point in the project the topic of password security always comes up. Sometimes brands have an established guideline for password strength set by an internal security team. Sometimes we make up the rules in the course of the site design. What is always the case however is that we design two ways of logging into the site: The first is the password login flow (obviously). The second is the password recovery flow.

We take it as a fait accompli that users will forget their passwords at some point. So we design a backdoor into the site via password recovery. What we fail to recognize is that this is a legitimate method of entry into a site, and possibly simpler.

I’ve suggested this approach to clients before (Medium implemented this feature for their email login a year ago). Particularly for sites with infrequent logins, this approach seems viable. If it’s a site for which you can’t remember your password, you’re probably already using this method by default.

If we think of password recovery less about resetting a password and more as an authentication flow, we could craft a more secure experience that is also more user friendly.

There are certainly several challenges with this approach.

Single point of failure

If everything routes through a user’s email, then obtaining access to that email give one access to everything. This is true… but it’s also true already. We already use our email to recover passwords so that vulnerability exists. It falls to Google and other to keep working on protecting our emails.

Delayed entrance

We’ve all waited for that reset password email to arrive. And wait, and wait, and let’s hit refresh again, and still not here… It would add time to the process of logging in.


Password recovery as login is one path to replacing passwords. It may not (and probably is not) the best solution. Google is looking into ways of replacing passwords and hope to ditch them completely by the end of 2016. Their approach is by utilizing a collection of lightweight security checks together. Each one by itself would not be secure, but combining several of them together provides greater strength than passwords offer.

Individually weak. Collectively strong.

Still for me, the most convenient login happens on my iPhone, when I use Touch ID. My fingerprint gets me into my phone, along with several other apps — no need to remember, or enter my password. No risk of entering my password incorrectly.

Passwords are not user-friendly and offer little in the way of security. Let’s all work to find a better approach.