Before leaving for work each morning, I check the app for my local bus company, which holds both my pre-paid ticket and their timetables, to see if my bus has left the station.
I couldn’t have written that sentence before 2020. A byproduct of the COVID-19 pandemic was the need to tell passengers if they had a chance of getting on a bus. Social distancing guidelines following the initial outbreak restricted the maximum number of passengers on my local buses to a quarter of their original number so, I am guessing, the bus company added a global positioning system to the ticket machine on each bus, telling you how many spaces were left as each bus moved closer to your stop. Would you be lucky? Or would the additionally reduced timetables cause you to wait for longer still? You could always walk to the next stop in the meantime.
With restrictions having lifted, the real-time map and capacity figures have remained in place, meaning I can leave home when I know a bus is coming. That said, I have only a notional idea of when it should have left the station: my local bus company also stopped providing books of printed timetables in 2020, which were always easier to find and read than a PDF on your phone.
However, one day last week, I couldn’t even access the valuable app. I had made the mistake of allowing my phone to update apps automatically, so when I went to use it as normal, I unexpectedly had to log in, which I am rarely asked to do. Putting my password this time around, an on-screen message said it was incorrect. My phone fills in the password automatically, and even after accessing the secure place where it was kept, so I could remind myself of it and type it in manually, I was still being told it was incorrect.
Passwords are a tyranny of modern life. Until my phone sprouted a dedicated directory for my passwords, I used to keep them written down in a safe place – ideally, that is something I should continue to do, if something ever happens to the phone.
I realised that the update to the bus company’s app had also changed the requirements made of a password, which must now have a minimum length of twelve characters, one capital letter, one number, and one non-alphanumeric number. These requirements had already been decried in 2017 by the person that came up with them, who instead preferred less often used combinations of words.
However, the use of human reasoning will still get you nowhere, as I found out in a separate incident. Because I had removed an e-mail address that was previously used to send passcodes to log into another e-mail address – yes, I know – the login screen started to ask me if I could match two symbols to the shadows they would cast if they existed in real life, or match a symbol to that which a small man was standing on in a ring of other symbols. These strange tasks, using inscrutable symbols that looked downright unclear on screen were, apart from being time-consuming, were enough to wrong-foot me, someone who used to only have to tick a box to confirm they were not a robot. I was being made to feel like one, so I wound up attaching my personal e-mail account to an authenticator app, which I sign into using my face, having now failed to separate its use from what I need to sign in for at work.
With phones now able to collect biometric information via face and fingerprint scans, with the intention (and hope) that this information never leaves the device, it is no wonder that passkeys are being touted as the way to go. The UK’s National Cyber Security Centre unambiguously states that passkeys are safer than passwords, and is as safe, or safer than, two-factor identification. I may well have to move to using more passkeys in future, but it does mean I will dread upgrading my phone in future, having encountered problems at work when I did that last time.
With the password for the bus app no longer meeting two of the new criteria, it was never going to work, and I had never received an e-mail ahead of time to inform me of any changes. By this point, I was on the bus, having paid extra because I couldn’t reach my pre-paid ticket. I had also realised there was no way I could reset my password via the app, resorting to the bus company’s website to change it there.
There was no reason for me to write about any of this except to get it out of my system. If there is a takeaway, it is to be more mindful about your apps, and your passwords, until you can get rid of them.
No comments:
Post a Comment