Posted 2 years ago
Why you have a password
Let me first say that at this point in time I work in IT. I am a nerd, that’s a given. I care about things so you don’t have to. This, however, is something I care about and you should too.
If I were to ask most people why they have a password, their answer would probably be “so other people can’t get into my account”. They are right, on some levels. I would call what our pretend user just described as access control. That’s an important reason for a password. There is however one other reason, which is often overlooked: authentication.
What’s the word inside that word? Authentic. Your username and password are there to prove that it’s really you logging in. Of course once that has been established, access control can come into play, but authentication has greater implications.
As an administrator, I work a lot with other people’s accounts, but I will rarely - if ever - solicit a user’s password. Why? Authentication and acountibility. If something happens inside the user’s account while only they know their password, only they can be responsible. If I also know their password, suddenly I’m also implicated because two people know the user’s login details.
The long and the short of it is this: I don’t want to know your password.
Notes