I can’t keep track of how many different passwords I have, although I know it’s not nearly enough — I tend to be lazy like most people and re-use the same passwords for many different accounts.
But here’s a new idea — what if passwords for online accounts were replaced entirely by cryptographic keys that sat on our desktops like icons, and functioned in the background, so we wouldn’t need to remember a string of letters or numbers?

An interesting blog post this morning discusses the obstacles and implications of this kind of technology, in part quoting a recent New York Times article —

In short, we need a log-on system that relies on cryptography, not mnemonics. As users, we would replace passwords with so-called information cards, icons on our screen that we select with a click to log on to a Web site. The click starts a handshake between machines that relies on hard-to-crack cryptographic code.

An obstacle to this kind of system are the current initiatives toward Open ID and single-sign on services, strategies that are backed by large industry players such as the Equifax, Google, Novell, Microsoft, Oracle, etc. In the open ID system, you would log in to a session on the web with one password, which would be accepted by any application/account supporting the open ID infrastructure.

To me Open ID sounds like a step backwards, toward less security…
then again, I would think that encrypting everything could also make your system run significantly slower, and that it wouldn’t prevent all the risks either…