Our passwords, ourselves -- the nightmare of authentication

Rant on. Signing on to my bank account on a computer – there is that two-factor authentication (2FA) thing again.  a) Find your phone, b) accept the text message, c) copy the ‘we will never share your information with others’ privacy token into the appropriate location on the screen.  And that’s after your password is accepted – and your identity is verified after you checked 'I'm not a robot' box. Feeling safe and protected. Okay, sort of safe, for already having my identity stolen due to a log-in at a health center during the Anthem breach in 2015.  And having a paper check stolen out of an envelope and readdressed to a thief this past year.  And so on.

Back to 2-factor authentication. Consider the myriad of problems with 2-factor authentication (before the new smartphone-using older adults began to experience it.) Someone else that you don’t know picked up your phone. Cell phone numbers are recycled – and 10% of them are getting 2-factor authentication requests from the original owner. And cyber-criminals can intercept message requests -- with a Bot. Apple suggests adding another device – go ahead and read those instructions – the whole thing, I dare you.  Sigh.

Adding insult to injury.  Older adults (forget that insulting ‘grandma’ in the title) do not love 2-factor authentication with security tokens either (too small).  And they haven’t found passwords all that appealing either (losing, forgetting, and don't forget expiring). [Note that only one in five Americans use a password manager. 87% of millennials reuse their passwords.] The result of us are being told that the password we pick (which we already remember) is too weak, too short, already used, etc.  Or used three passwords ago. Then consider the federal agency password guidelines – first read what NIST is, then yes, go ahead, you must read down the full list. Yet password policies don't make systems more secure and some feel that password expirations weaken security.  Who knew? Perhaps biometrics will save us (eyes? finger?) Sigh.

What does all of this serve to deliver, other than frustration?  How many people, never mind ‘older adults’ just give up and say ‘I’ll think about this tomorrow.’ More likely when they get one that works, they write it down on a sheet of paper (38.6% of surveyed do this, all ages), taping that yellow sticky (or full sheet of passwords to accounts) next to their computer or they put it in a word file so they can carry with them. Finally, when all else fails, they get in the car and go to the bank if it is within driving distance – even if it is a bank with an armed guard at the front door.  Rant off.