Devil's Advocate: A little black book of passwords

Keeping track of dozens of user names and passwords is tricky. Martin Brampton asks if there's a better way than writing them down.

After all those years when we ridiculed people for writing their computer passwords on sticky notes under the keyboard, Microsoft comes along and says writing them down is exactly the right thing to do. Perhaps they've got a point.

I thought it was a sign of weakness when I needed a section in my filing cabinet for pieces of paper that have notes of user names and passwords. But now I'm reassured that it was the right thing to do after all.

And remember, it is not just the passwords that have to be recorded, as user names create problems too. Even with a relatively uncommon surname, I quite often find computer systems that will not accept my name because somebody else has already claimed it. You can make up fictitious user names, but everybody else seems to make up the same names, so duplicates frequently crop up.

There is scope for a whole new gift industry now. People love to adorn their possessions with items like leather covers for passports. Those are out of fashion now but there must be a new market for personal password notebooks. Perhaps with brushed aluminium covers to be like the trendiest PC cases? Maybe even LED illumination on the fanciest models?

The real trouble is that we are just not going to find a complete solution to the problem of computers needing to identify people. The elaborate schemes that we invent will work up to a point but attempting complete security is an impossible goal.

After all, it took millennia of evolution for people to achieve the skill they have in recognising one another. A sizeable chunk of the human brain is entirely devoted to facial recognition. And even then, we sometimes get it wrong, especially if circumstances are less than ideal. We also do better within a group of limited size, with large cities increasing the risk of falsely identifying a stranger as someone we know.

Now computers can evolve much more quickly with our assistance and that leads us to capabilities such as voice or iris recognition. So maybe we could solve the problem, if it were not for the fact that in many situations we do not present ourselves directly to the computer that wants to know who we are. Instead, we go through at least one other computer.

Computers are not necessarily honest. So far, they cannot really be said to have such characteristics at all. On a good day, they do pretty much what we ask them to do. In fact, we get quite upset when they fail to do what we ask. But that means that computers are only as honest as the people using them.

Perhaps we should be insisting that people only use computers that are certified to be honest. It would take a lot of research and development to figure out exactly what that implies. It would give the software industry something to do for a while and would almost certainly absorb the increase in processing power provided by the hardware makers for at least the next several years.

When that was done, we could move on to ensuring that computers have high moral standards more generally. Unfortunately, the whole programme would run into difficulties with governments and others who insist that circumstances can justify acting in ways that fall short of the moral high ground. And consumers might be tempted to get these prim and proper computers modified, just as DVD players have had the restriction to one region nullified.

It looks inevitable that the world will continue in its usual messy way, where nothing is really black and white. And we will keep our passwords in a little notebook. Maybe it is better that way.