“You are the password”

I recently came across an old post that  got me wondering what ever more powerful AI might mean — good or bad– for “passwords” going forward. I uploaded the post to GPT 4o to get her take.


GPT 4o: Here’s the relevant bit from The Girl Who Kicked the Hornet’s Nest:

“She had broken up the 128-bit encryption code in less than two minutes.”

And from Bangkok Tattoo:

“There is no password. Not in the sense you mean. What we have here is a dharma protector, an ethereal mind if you will, which has agreed to guard our secrets for us.”

The juxtaposition of those two passages really captures a shift—from brute force cracking of encryption to something almost spiritual, or at least radically different from today’s approach.

So what might more powerful AI mean for passwords? Here are a few directions worth chewing on:

Passwords May Become Obsolete

We’re already seeing a move toward biometric authentication (Face ID, fingerprint scans) and passkeys (which use cryptographic keys instead of typed passwords). AI could accelerate this shift by:

  • Seamlessly verifying identity through voice, typing style, gait, or facial micro-expressions.
  • Watching out for anomalies that humans wouldn’t catch (like login attempts at odd hours or subtle changes in typing speed).

In other words: you are the password.

AI as a “Dharma Protector”

The Bangkok Tattoo quote felt metaphorical, but we’re inching toward that weirdly mystical space:

  • Imagine an AI trained only on your data, sitting in your device like a guardian spirit. It knows your behavior so well, it could spot an imposter instantly.
  • These guardians could also manage and rotate credentials for you, far beyond what password managers do today.

The real trick is: you’d need to trust your protector. That brings us to the next part…

The Double-Edged Sword

Powerful AI could also blow the whole idea of secrets wide open:

  • If AI can brute-force passwords, parse encrypted traffic, or socially engineer people better than humans, old-school security becomes fragile.
  • Deepfakes and synthetic voices could fool biometric systems.
  • The very tools protecting you could be used to invade you.

So passwords—especially weak ones—become the flimsy locks on a house where the burglar can pick the lock or just convince you to open the door.

Where We Might Be Headed

  • Zero Trust systems: never assume anything is secure. Always verify everything. Continuously.
  • Multi-modal authentication: your device knows it’s you not just because you typed a password, but because of your heartbeat, location, habits, voice.
  • Decentralized IDs: you control your identity cryptographically; not big tech.

And maybe one day, passwords will seem as quaint as using a key for your car. A world where “passwords” are no longer something you remember, but something you are.

Advanced sign-in security for your Google account

I love most things Google. Gmail, Google Docs, Google Reader and most of the tools and services they’ve come out with (Wave and Buzz notable exceptions).

If someone hijacked my Google accounts, they’d have to take my belt and shoe laces. So I was eager to try their recently announced 2-step verification process. From the Gmail blog:

“…it requires the powerful combination of both something you know—your username and password—and something that only you should have—your phone. A hacker would need access to both of these factors to gain access to your account. If you like, you can always choose a “Remember verification for this computer for 30 days” option, and you won’t need to re-enter a code for another 30 days. You can also set up one-time application-specific passwords to sign in to your account from non-browser based applications that are designed to only ask for a password, and cannot prompt for the code.”

I’ll have a better feel for this in a few days but I’m willing to put up with a little extra hassle to know my account is safe.

The Girl Who Kicked the Hornet’s Nest by Stieg Larsson

I’m reading The Girl Who Kicked The Hornet’s Nest by Stieg Larsson. The final book (Larsson died in 2004) featuring Lisbeth Salander, ” the best hacker in Sweden.” I’m not spoiling anything by sharing this passage of what has to be one of the more secure log-in’s:

“She started by going to a website that advertised rather uninteresting pictures by an unknown and not especially skilled amateur photographers named Gil Bates in Jobsville, Pennsylvania. Salander had once checked it out and confirmed that the town of Jobsvile did not exist. Nevertheless, Bates had taken more than 200 photographs of the community and created a gallery of small thumbnails. She scrolled down to image 167 and clicked to enlarge it. It showed the church in Jobsville. She put her cursor on the spire of the church tower and clicked. She instantly got a pop-up dialog box that asked for her ID and password. She took out her stylus and wrote the word Remarkable on the screen as her ID and A(89)Cx#magnolia as the password.

She got a dialog box with the text [Error–you have the wrong password] and a button that said [OK–try again]. Lisbeth knew that if she clicked on [OK–try again] and tried a different password, she would gt the same dialog box again–for years and years, for as long as she kept trying. Instead she clicked on the ‘o’ in Error.

The screen went blank. Then an animated door opened and a Lara Croft-like figure stepped out. A speech bubble materialized with the text [WHO GOES THERE?]. She clicked on the bubble and wrote Wasp. She got the instant reply [PROVE IT–OR ELSE…] as the animated Lara Croft unlocked the safety catch on her gun. Salander knew it was no empty threat. If she entered the wrong password three times in a row the site would shut down and the name Wasp would be struck from the membership list.”

Which reminded me of this password (to the CIA database) from the novel, Bangkok Tattoo:

AQ82860136574X-Halifax nineteen [lowercase] Oklahoma twenty-2 BLUE WHALE [all uppercase] Amerika stop 783

Put it in the vault with 1Password

I keep up with a lot of passwords. Between WordPress, Twitter, flickr, Gmail, FTP accounts, etc for company and client websites (and my own)… 200+ logins. You have to have a secure way to manage all of this.

I’ve been use an app called Wallet for the last couple of years but recently purchased 1Password (on the solid recommendation of my Mac mentor, George).

I won’t attempt to list the features. There are too many and I’m still new to the program. But it’s as beautiful as it is functional. All my stuff is sync’d via the cloud so I can access from all of my computers and devices (iPhone, iPad, etc). Everything in one place, behind some really good encryption. They make it easy to be smart about my data.

1Password costs about $40 but it’s worth every penny. Mac and PC.

Western concept of Self

John Burdett’s second novel, Bangkok Tattoo, was as good as his first (Bangkok 8). Both stories are set in (you guessed it) Bangkok, where Thai police detective Sonchai Jitpleecheep solves bizarre murders. Sonchai is a devout Buddhist and the plot is laced with Eastern religion. I especially liked this description of the Western concept of Self:

“…a ramshackle collection of coincidences held together by a desperate and irrational clinging, there is no center at all, everything depends on everything else, your body depends on the environment, your thoughts depend on whatever junk floats in from the media, your emotions are largely from the reptilian end of your DNA, your intellect is a chemical computer that can’t add up a zillionth as fast as a pocket calculator, and even your best side is a superficial piece of social programming that will fall apart just as soon as your spouse leaves with the kids and the money in the joint account, or the economy starts to fail and you get the sack, or you get conscripted into some idiot’s war, or they give you the news about your brain tumor.”

Ouch. The wannabe geek in me also enjoyed this password to a CIA online database:

AQ82860136574X-Halifax nineteen [lowercase] Oklahoma twenty-2 BLUE WHALE [all uppercase] Amerika stop 783

Won’t even fit on a Post-It note.