So, it is tax season and I have been taking care of some housekeeping items with my personal finances. If you have messed around with banks and online and even telephone access, you probably noticed that there are some seriously draconian security measures in place these days. In most cases it seems like there is some combination of impossible requirements for the password combined with a requirement that you change it frequently and don’t use a password you have used before.

The end result of all this is that it is impossible to come up with passwords that you can actually remember. With that in mind, you have two choices. You can write down your password (which pretty much destroys the purported security being enforced) or you can call up their support line and have them reset your password each time you need to access whatever obscure service it is they are providing. In other words, the situation is a mess.

Various technical solutions exist for this problem, and sometimes they are used. For example, the place I work uses SecurID for VPN access sometimes. The problem is, they generally cost a lot of money and aren’t standardized. Anyway, I think there’s a lot of opportunity in this field, but I think it would make sense to approach it in an innovative way. Instead of trying to capitalize on it immediately, I think it makes sense to build something everyone can use, maybe making it free, standardized or open source. Once a standard takes hold, then there will be opportunity to provide enhancement for profit.