How a simple idea made the internet possible, and how that same idea can make the internet so much more pleasant to use going forward.
BY ANDERS LEMKE-HOLSTEIN // internet // authentication
Let’s say you want to go visit your best friend to see their new residence. They just moved there, and have invited you over. Now, you need to figure out how to get there, and what to bring as a gift.
You open your favourite web browser, and start typing in the address bar: “18.104.22.168”. Great. Now you type “3052 Geraldine Lane” in the search field, and boom, there it is. That will take you 20 minutes to get there. Great.
Then, in the address bar, you start typing: “22.214.171.124”, and then type “royal copenhagen” in the search field, and yes, they have those plates you want to bring as a gift. You’ll pick them up on your way. That’s wonderful.
Now, as the last thing, you type “126.96.36.199” in the address bar, click the button “+ Write” and type “Hi, I’ll be there in 30”, and click “Send email”. And you’re off.
So, that’s how you navigate the internet. And it works. You can navigate the internet just fine.
Sometimes, however, you might forget the numbers for a site you want to visit. In some cases you manage to find them by a more or less obscure process, but in other cases you just have to give up.
There are alternatives to remembering all the numbers, though.
For example, there is a company, let’s call them Facebook, that provides a service, where you can ask if they would please provide you with the numbers for eg. maps.google.com, www.hockridge.com, and hey.com, and you’ll get ‘em. Just like that. It’s clever.
Other companies develop software that let’s you keep your own little database of numbers that you can use to lookup the number when you forget.
None of those feels quite right, though. You end up using a patchwork of all of them. And you’re managing. How frustrating and anger inducing that might be.
OK, back to reality. This is not how we navigate the internet.
Now, let’s take a moment to thank Elizabeth Jocelyn Feinler.
Elizabeth maintained the first ever centralised domain name registry which started out as a single text file.
Elizabeth and her colleagues embraced the fact, that humans are horrible at remembering arbitrary data, and therefore built a central place to map memorable words to IP-addresses.
The Domain Name System (DNS) was born.
That fictive non-DNS reality is actually very similar to our reality within a different yet related area: Authentication.
When authenticating you can either remember and type arbitrary data for each site you want to authenticate on, or you can ask a private company, let’s say Facebook, to please help you authenticate.
The big question is, why do we accept this reality for authentication, when we didn’t accept it for navigation?
I believe the answer is obviously simple: Reuse.
We can not navigate the internet by just reusing one IP-address that we memorize.
We can authenticate everywhere by reusing one password. We know we shouldn’t, but we can, and we do1.
Password reuse is widely recognized as a problem, and efforts are made to help people get healthier password habits2, utilize the biometrics capabilities getting more and more common in the hardware we use3, and reduce the numbers of passwords we need in the first place while potentially centralising the other efforts in one place4.
So while the current situation of authentication is frustrating for most, there is hope for a reality with something as nice as the Domain Name System for authentication. We can do this!
54% of us reuse passwords according to the report 2020 State of Password and Authentication Security Behaviors Report. ⤴
Christiaan Brand from Google presents their effort to integrate WebAuthn: WebAuthn and security keys - unlocking the key to authentication. ⤴