The Duke’s signet ring.

September 29, 2014 at 12:03 pm Leave a comment

Doomed Duke Leto

At some point in Frank Herbert’s Dune, the doomed Duke Leto gives his signet ring to a trusted messenger
as a way for the recipient to know for sure that the message comes from the Duke.
In less desperate cases the Duke sealed a letter by pressing a ring into hot wax on the envelope, the characteristic engravings on the surface of the ring would leave an imprint which the recipient would be able to recognise and also be able to tell if the seal had been broken and the letter read in transit.

Wax sealed letter

Wax sealed letter

In order to communicate with my bank I need to remember the following things:

1) my PIN
2) my username
3) my internet banking password
4) my secure key pass phrase
5) my telephone banking password
6) my postcode

I also have a business account with the same bank, but unaccountably, they use a similar but subtly different system, requiring an equal number of similar but different tokens.

That’s 12 ‘secrets’ shared between me and an institution.

Closed bank

If I forget any of these, which often happens, since the bank changes the interface at increasingly frequent intervals and each ‘improvement’ adds more or different things to remember.

I then need to recall the answers to some fatuous questions:
1) what is my favourite band?
2) what is my favourite airline ?
3) what is your favourite restaurant?
4) name your first grade teacher.
A problem with these password recovery questions is that they are subjective.

What happens if I have a terrible flight with KLM and my new faves are Air France? I need to recall when I set the questions, what mood I was in and therefore what answer I gave back then.

When I opened these accounts, all I needed was a signature and a gas bill.

What’s worse, every app on my phone, or website I log into has the same appalling design pattern, along with a random set of password rules and recovery options.

As the internet using population ages and the number of apps multiply this issue is going to spiral out of control. There are already sites where I routinely use password recovery (to my email) because it is easier than remembering yet another token for a site I don’t care about or visit so rarely that I don’t stand a chance of remembering the password.

You may feel that we have reached the peak of sites and apps, so the problem may be manageable. If you look at the wave of internet connected fridges, solar panels, heating systems, pet feeders, doorbells, clothes etc. that is about to crash on onto the market in the next 2 years, I think you’ll agree that the password count is about to explode.

LG internet fridge

LG internet fridge

Nest connected thermostat

Nest connected thermostat

This isn’t tenable. We need better, more sensible authentication and security, I’m not sure how it will work, but my bet would be on a wearable (like the ducal signet ring of old) or some form of non invasive biometrics. Or more likely a re-think of the security model. Are passwords and permissions the way we want to relate to our devices.

For now I’m resorting to telephone banking, since it poses the lowest cognitive demand on me and the highest costs on my bank (short of me paying my ‘branch’ a visit).
With any luck the increased costs of calls will persuade my bright friends in FinTech to improve the situation. Meanwhile I’m working on a solution for the rest of us.


Entry filed under: Uncategorized. Tags: , , , , .

The practicalities of running a laptop on solar power. The worst WebRTC demo yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Follow me on Twitter

%d bloggers like this: