Gongol.com Archives: August 2023
August 10, 2023
Signet rings of the 21st Century
To anyone paying even modest attention, it has become painfully obvious that passwords are almost completely inadequate to the task of Internet security. The requirements are inconsistent across sites, apps, and services (some prohibit all but a few special characters, others won't work without them), and all too few permit the use of spaces or extended-length pass phrases (even though a good 48-character passphrase without special characters would be exponentially more secure than a 12-character password using them). Passwords thus get recycled, pressed into use across scores of logins, and written down or stored where they can be revealed or stolen with ease. ■ Some services and devices have tried to substitute biometric identification instead -- think Apple's Face ID or Samsung's fingerprint sensors -- but the data has to be stored somewhere, and the risks of storage are non-trivial. We only have so many unique biometric identifiers; if they become compromised or if the records are corrupted, then there isn't much room for substitution. ■ Thus it presents a mystery why we haven't seen a more widely-accepted alternative emerge to permit secure, non-repudiable, fraud-resistant identification and authentication for our countless daily interactions with the Internet. ■ A solution that doesn't even seem to meet the patent-law requirement of non-obviousness is to have some form of unique user identification integrated within a ring. Rings are an obvious choice for wearable identification, since they are (generally) non-obtrusive, durable, easy to reach, and difficult to steal. ■ Human beings have been wearing rings for thousands of years, and they have shown themselves to be useful beyond decoration: Secret decoder rings may be mostly a joke, but signet rings have been used as authentication tools for centuries. Their digital-era counterparts wouldn't even need to leave an impression on wax: NFC tags are tiny and cheap already. ■ We'll see society come around to adopting rings as digital identification tools sooner or later, particularly as it becomes ever more painfully clear that we really must grow beyond the limitations of passwords and impose real security on the many tools upon which the modern world depends. It's too obvious a solution not to happen.
