The Weakest Link

(Yes, that is me on the left…)

Imagine you have some diamonds. Small, valuable and very, very desirable. You don’t want them to get nicked, so you lock them in a safe with a bloody massive key. Made of splendonium and other magical unbreakable materials. And then you take your splendonium key and you put THAT in ANOTHER safe, just to be sure. And you lock the second safe using the cheapest Yale lock you can find. In a fitting so loose that you don’t even need a credit card to slide the mechanism across. You could probably do it with a beer mat.

A security system is, rather obviously, only as strong as its weakest component. I am reminded of that wretched Verified by Visa thing where it looks rather like there’s a nice splendonium key that you have to use to confirm your transaction, but if you forget it, you only actually need to know your (or your victim’s) date of birth to generate a new one. So why not just ask for the sodding date of birth outright then and spare us all the pretence? (We know it’s some rubbish to do with perceived liability, but that’s not the point of this post.)


UPDATE 23 March 2013

It seems there have been some changes: a new version just popped up, asking me to repeat three fields of information I’d just given the vendor, and asking me to add date of birth. No more of that ridiculous, and often one-use, password. Somebody obviously thought a bit harder about the information flow. But it’s still a heap of shit.

Verified by Visa


So, back to the point. If there’s a short-cut through a system, making the best use of known information, why does the following STILL happen as a matter of course:

  • I go to a website I visit very infrequently, say to buy some teabags.*
  • It asks me to enter my email address. So far so good.
  • It asks me for my password. Uh-oh. Not a clue.
  • I click on the button marked “Forgotten password?”
  • I enter my email address again on the next screen and click SEND.
  • I go to my inbox and find the email.
  • Best case, I can see the password there. Actually, it’s not that great a case, as I might just, carelessly, have used it elsewhere, and now it’s being sent over the Internet in clear. Hmm.
  • Worst case, I get a link to trigger a password reset process, involving me going back to the site and picking a new one.
  • Finally, I limp back to the site with my old/new password, log in, and try and remember what I was going there for. And I have to go through all this–with many password resets–every time I visit.

Not that great, really. And what was really going on, in logical terms? I was being asked if I had access to the email account I claimed to have. That’s all. The rest was all about their convenience–making me think I had some sort of special, sticky “membership” relationship with them–not mine. I just wanted teabags; not to be a sticky member.

So why not just design in that route–or a vastly simplified version of it–from the start?

Try this:

  • I go to a website I visit very infrequently, say to buy some teabags.
  • It asks me to enter my email address. So far so good.
  • It offers me a choice–two options: “enter your password” (if you can remember it) OR “log-in via email”.
  • Being no great fan of having a password for a site I barely use, I click the latter option.
  • I go to my inbox and find the email.
  • It’s only got one thing in it. A big fat link that I click to get straight back to the site, logged in, with all my previous purchases winking at me for a repeat order. No password change. No bother.

Am I missing something? Why doesn’t this happen everywhere, as a matter of course?

*Probably only William Heath who’ll spot the in-joke there…