The Security Mentor

Security people have spent decades studying how humans can identify themselves to computers. They've come up with lots of ideas and have reached some definite conclusions about some of them. For example, security researchers have established something about passwords.

Pardon the technical language, but passwords suck. They suck golf balls through thirty foot hoses. They suck hard-boiled eggs. Passwords are too hard to use and too insecure.

Imagine a password that you don't have to memorize. Imagine that it changes by itself every minute, so that it doesn't matter whether someone copies it or tricks you into telling it to them. Imagine that it's completely random so there's no good way to guess it.

That's what you can get from AOL now. For a small extra fee they offer a small box which displays a constantly changing 6-digit password. AOL's own computers know which 6-digit number should be up at any given time. You log in by typing the number on the screen of the "Passcode" device along with your regular password. If someone steals your password they can't get into your account without your little box to tell them the right 6-digit number. If someone steals your little Passcode box, they can't get in without your password.

AOL's nullified a whole range of threats with this move. I hope a lot of others follow their example.