Geekfoolery

Commentary on emerging trends, especially cool or absurd innovations across a broad range of geekiness. ...with your Host, Mr. Alex.

The Password is… ARRGGGGGHHHH.

Posted Aug 19th, 2007

I was prompted to reset a password to a web-based tool I use at work the other day. It was something I don’t use everyday, so I assumed I had used some variant on my “standard” password, but it didn’t work. Tried a few other that I thought it might be, but no luck. So I was then sent to the “Forgot Password” link. I verified some data, and then a link to reset the password was sent to my mailbox, and there I was trying to choose a new one.

So I enter my Standard Password. You know you do this… even though it’s not good security. You have one password that you remember for all your accounts. Most of them, anyway. Big shot security experts would no doubt tell you how to create strong passwords… no dictionary words, mixtures of letters and numbers, interspersed with upper and lower case. And every password-protected account should have a unique password. If you’re password is compromised, then only one account is open, not all of them.

The problem is the explosion in the number of passwords the average person has to keep track of. There’s email and Internet access. Work email. Your ATM PIN. Your bank’s website password. If you do online bill pay, the passwords to all your monthly creditors that you pay, like utilities, credit cards, phone bills. That’s just the ones for things you HAVE to do. Then there’s comment forum usernames and passwords, Netflix, your voicemail, your Flickr page, your Gmail account, and your IM logins. I easily have two to three dozen passwords to manage, and that’s just for IMPORTANT stuff.

Then there’s the periodic prompts to change your password. Again, in the interest of security… great idea. In the interest of the average person who already has nearly three dozen passwords. to remember? First, you have the rules about “must include one number and one letter,” “must include one upper and one lowercase,” and “can’t be a previous password, or the username.” I got a new one the other day… “can’t have consecutive letters.”

And I am not even working on nuclear missile secrets here, people.

The problem is that all of this forces people to do what any normal person would do in this situation, yet it is the first thing security people say you should never, ever, ever do–you write them down.

Once upon a time all I had to remember was the combination to my school locker. My kids already have to keep track of at least a dozen of their own passwords, and they don’t work or manage money.


Permalink | Trackback | del.icio.us Digg Reddit

 

 

 




Comments RSS

Leave a comment




Comments: