I believe that what Apple releases next week will herald the end of broad adoption of general computing devices. The introduction of their tablet will begin in earnest a trend towards tightly integrated, tightly controlled sealed-hardware computer devices that allow the majority of the population to accomplish the most popular computing tasks without doing anything more than visiting the app store. Not as your “mobile” computing solution by the way — as your only computing solution.
Why wouldn’t the world move in this direction? Why shouldn’t your computer be as easy to use as your smartphone? Why fiddle with drivers and desktops and operating systems if all you ever do is surf the web and send email to your grandchildren? Even if you want more than the basics, why go through long and complicated application installs when you can just click a button?
This is the future, and those of us in industries like identity management had better stop and pause right now, because per-application passwords have no place in the world of the app store. They are difficult to type on a touchscreen, and inconvenient in exactly the way that the new push-button paradigm seeks to overcome. This could be the best thing — or the worst thing to happen to those of us working on protocols which replace password storage.
There is no doubt that passwords *will* be hidden from the user from now on. In the same way that nobody types a telephone number into their phone anymore (they just use Contacts), nobody will type a username or a password. Heck, they won’t even type the URL of the service. Details will be hidden, the pain taken away. We have a small window in time to affect the way in which that happens, before users forget what it was like to have to figure out which user name went with which password and which site.
Don’t believe me? If you have an iPhone, you should try PageOnce‘s Personal Assistant app. I reviewed PageOnce ages ago: it aggregates accounts of all kinds, giving a consolidated dashboard and allowing you to login without typing your password. I panned the service: not only do you have to give your passwords away, but you have to go out of your way to pageonce for that very first account login – why do that when you can go directly to the website and log in? On a general purpose computing device, the service has no use to me. On the iPhone however? Pure solid gold. Clicking that little “Personal Assistant” icon is always easier than typing in a URL for the original website. Not only do I never have to remember credentials, I am essentially given a menu of my accounts, and I’m one click away from transacting.
But, you say – it’s just mobile. What really matters is the desktop. I say you’re wrong. I say that the ubiquity of the smartphone is coming to a desktop near you, courtesy of Apple Computers Inc. I say that we had better *start* our strategy thinking about what happens when a user has an expectation that authentication should be no more complicated than making a phone call on a smartphone.
If we don’t make it that easy, somebody else will do it. Of that you can rest assured.