When I was in the mortgage banking industry, we discussed security on a regular basis. My team was constantly looking at additional ways to add layers of security to our data, office, and servers. One particular discussion stands out, and that was a discussion about the growing use of biometrics such as fingerprints and eye scans.

One of the large private banks in town had a new state-of-the-art server room which only allowed access with a PIN and an eye scanner. They used the eye scanner instead of having additional passcodes for access. Being the tech lovers that we were, this was an excited discussion for all but one of our colleagues. His response was “I wouldn’t want access to that area, because I don’t want someone to cut out my eye to try to get access.”

This is an interesting perspective, especially given the growing adoption of biometric devices such as fingerprint, facial, palm, and iris scanners.  These devices are being looked at more and more closely in an attempt to prevent unauthorized access and fraud, and to relieve many of the issues associated with remembering multiple, ever-changing passwords.

According to a recent article in the New Zealand Herald, 81% of New Zealanders are happy to use fingerprint scans to prove their identity and 68% are willing to have their eyes scanned. I wonder if they’d reconsider if they were presented with the possibility losing an eye or a finger? We do live in a time where fear is often used as a motivator. Or maybe you think my ex-colleague watched too many movies.   

The use of biometrics is steadily growing. As of June 2009, the sellers of a home in Cooke County Chicago are required to fingerprint the contract. A new California law now requires firearms dealers to fingerprint people who buy ammo. As biometric methods gain wider adoption, there are many potential complications. First, there is always the question of privacy, and the misuse of your information. You can change your password if someone steals it, you can’t change your fingerprint. And are places going to require more than one method of biometric identification to accommodate everyone (for example read this story about how a bank would not allow an armless man to cash a check without a thumbprint).

This issue has many complexities associated with it. What are your thoughts? Are you willing to potentially lose an eye or a finger for the convenience of fewer passwords and better fraud protection? What about the potential for having your privacy exposed? Let us know by leaving your comments below.
 

For many people traveling is unpleasant, so having good service makes flying a better experience. Nothing can make your flight seem longer than a rude or irritated airline employee. This past weekend I had a chance to fly Southwest Airlines (NYSE:LUV), a company I really like because of their customer service. Over the years I’ve flown with them a lot, and I’ve personally witnessed Southwest employees handling difficult situations with incredible patience and sensitivity. Try calmly handling a terrified, drunk woman who has never flown before over a four hour flight. It’s not easy.

From my experience, it takes a lot to frustrate a typical Southwest employee. Every once in a while, someone has an off day, but for the most part it’s smiles and humor over there. So I thought, “What about forgetting passwords? I wonder if that irritates them.” When I landed in Phoenix, I decided to go to the Southwest lost baggage customer service desk to find out. These employees regularly deal with angry customers with lost baggage without losing their cool, and I wanted to know if managing their passwords was a source of irritation. In order to maintain the security of their systems, I asked them to speak only to the personal passwords they needed to manage.

The result: password management frustrates everyone, even Southwest employees. Most of them struggled with all of the different personal passwords they needed, and for a brief moment, I saw glimpses of frustration, an emotion that I’ve seldom seen at Southwest.  Between all of them, their methods of password management covered the four common and dangerous password habits that people resort to because they can’t found a solution that’s both secure and convenient. What they really needed was Mitto.

Security and Convenience

When we designed Mitto, our focus was on providing a secure AND convenient way to manage your passwords. There is no software to install, it’s available from any computer on the Internet, and extra security doesn’t require a special hardware token or key fob, only a cell phone. We encourage all Mitto users to set up extra security with their cell phones. It’s easy, and provides you an extra layer of protection to guard your private information. Combined with one-click automatic logins, your time on the Internet can be more secure, pleasant, and productive.

People are always more fun to be around when they’re not frustrated, and that doesn’t just apply to airline employees. Don’t let your friends suffer from password frustration. Tell them about Mitto.

 

Is a pattern emerging? Why is it that some people think that you are obligated to give them your passwords?

We’re hearing more and more that schools and/or teachers are attempting to force students to turn over passwords to various social networking sites such as Facebook and MySpace. Just a few days ago, we heard that a South Carolina school wants access to student’s social networking pages when they supect behavior that deosn comply with the school’s code.  Last month we heard about a cheerleader in Mississippi who was forced to hand over her Facebook password to a coach during school. We’re sure that we’ll hear more stories like this in the coming months.

In June, we heard how the city of Bozeman, MO used to require job applicants to provide usernames and passwords to social networking sites (although their policy has since then been changed). Again, the city of Bozeman probably isn’t the only group that has tried to get away with something like this.

What are your thoughts? Are there instances where you should be required to turn over your passwords? Or are these people crossing the line? Let us know what you think by leaving a comment below.