Last week Rob Conery pointed out how lame web authentication models really are. And surprisingly, so are the leading edge concepts of it. This week Jeff Atwood picks up the torch, kicks open the door, and sheds more light. Web authentication is far more tedious, far more cognitively burdensome, and simply far more fraught with risk, than say opening your wallet to show credentials to an authority figure, in everyday use.
Unrecognized by his readers Jeff is doing a good job of reducing a complex topic into sesame street manageability, and everyday street smarts. Making plain that one of these things, is not like the other.
If you read past the excerpt and connect back to the ‘alpha-geek’ debate you notice an inevitable rise what I call metaphor hostility. The troubling and all to common practice of thrashing the future with the stick of the present. What is increasingly being called is-ism.
In plain language, a metaphor is a shuttle, that carries a general idea, from a well known situation to another one altogether.
In my experience metaphor hostility is a petri dish of logical fallacy, and it can be recognized in two forms.
1) the label sucks.
When the reader fails to recognize what is suppressing his own imagination, he casts blame on the form of the shuttle.
2) the general idea sucks.
When the reader fails to re-frame the general idea for use in an unfamiliar situation, he casts blame on the general idea for being faulty.
What is the alternative? Play the metaphor as a game. Take it for a walk. Try it on for size. But mostly, make believe to understand where your natural discomfort comes from when doing something entirely new.
But back to authentication, and some ways that we might make it usable again in everyday life, here are the words of Jeff Atwood:
It always pained me greatly that every rinky-dink website on the entire internet demanded that I create a special username and password just for them. Yes, if you’re an alpha geek, then you probably use a combination of special software and USB key from your utility belt to generate secure usernames and passwords for the dozens of websites you frequent. But for the vast, silent majority of normals, who know nothing of security but desire convenience above all, this means one thing: using the same username and password over and over. And it’s probably a simple password, too.
This is the status quo of identity on the internet. It is deeply and fundamentally broken.
But it doesn’t have to be this way. If you open your wallet (or purse, or man-purse, or whatever), I bet you’ll find a variety of credentials you use to prove your identity wherever you go.