I have been dealing with a "disputed charge" on my credit card for the past couple months. With their typical panache, the card company wrote me a letter detailing their plans to close my account right before I was traveling out of the country for 2 weeks, and so I made a point of...dragging my feet and not responding. But now I really do have to do something about it.
As you might imagine, when someone bills $310.00 to "Roman's Liquor" (in Hollywood) and you don't know why, this means that the credit card company will want to close your account and issue you another account number entirely. Unfortunately, this feels really inconvenient, because I have any manner of automatic bill pay services plugged into the card.
I was thinking through my discomfort about changing credit card numbers, and I realized that one reason was standing out more than the others--I have my credit card number memorized! This means that I can type it in on a web form or verify it over the telephone without running around looking for my billfold.
But why am I suddenly so resilient to memorizing a new 16-digit number? I used to do this kind of thing all the time. And I could change my password every month and never forget the password. But now, if I did that, I'd have trouble remembering what I'd changed it to. It's not as easy as when I was 20.
But this makes me think that computer security has a problem--passwords are no good, especially as people get older and more resilient to change (and potentially more influential, busier, and powerful).
For passwords, even if I'm the average case (and by some measures I'm way above the average case), it makes me think that we need some other sorts of identifiers, or we need a way to key these sorts of things to hardware in a way that's easily changeable or hard to compromise.
While nosing around looking at ssl stuff I found this...ReplyDelete
Wired article as well...