This is oh so familiar.... having to remember multiple passwords :P
Must I remember my kids’ ages just to log on?
By Lucy Kellaway
Published: May 8 2011 17:00 | Last updated: May 8 2011 17:00
Returning to the office last Tuesday after a long weekend, I couldn’t start work as I’d forgotten my computer password. Perhaps it was the combined excitement of a spectacular wedding followed by a spectacular death, but my brain was no longer able to retrieve a simple sequence of seven characters.
In the early days of computers I never forgot my password. But that’s because the top secret word I’d chosen was “Kellaway”, which I found could be effortlessly recalled even in the most fraught moments. Things only started to go awry when the computer security experts told me this password would no longer do. Reluctantly, I went for something a bit more elaborate and, to make sure I didn’t forget it, I wrote the word on a Post-it note and stuck it to my screen.
Lucy Kellaway: Dull monikers - May-01
Lucy Kellaway: China conniptions - Mar-20
But now Post-it notes are frowned on and the computer insists that my new password must contain a confusing mixture of cases, numbers and squiggles and be endlessly changed. To help me cope, I have devised a system: I rotate people in my family, with capital letters, punctuation and ages. Yet, as I found on Tuesday, this system is not foolproof. I daresay it is simple enough for any hacker to crack in a nanosecond, but it is complicated enough to foil me. I can’t remember which family member’s turn it is, whether it’s a full-stop or a comma, or how old they are.
It would be bad enough if there was just one password to remember. But I have passwords for my bank, e-mail, Amazon and for everything else I’ve ever bought online. Most of these are variations on a theme, some longer than others, but which is which?
I take some comfort from the fact that my remedial performance is better than that of some. A recent study of 23m passwords showed that by far the most popular password is still 123456. Of words, “Password” is in first place, followed by “Iloveyou” and then – bafflingly – by “princess” and “rockyou”.
There is a new App that will shortly be available on iPhones offering a series of pictures to help us remember random passwords, but it looks a bit complicated to me. Instead, I can think of a simpler mnemonic based on the only thing I can ever remember perfectly – Beatles’ lyrics. Thus a splendid password could be H!Ins, H!Nja – (“Help! I need somebody, Help! Not just anybody”). But there are two problems with this. First, I’m not sure I have the punctuation right, and, according to a recent academic study, mnemonic passwords may be no more difficult to hack than your kid’s names.
Many sites try to make things more secure by asking supposedly memorable questions. But I find the answers to these tend not to be memorable at all. Indeed, I often have to invent answers and then write them in my diary so that I don’t forget them. Which zip code were you born in? Er, no idea. What was your father’s middle name? He didn’t have one.
Even worse are the websites that think preferences are more secure than facts. Whenever I want to check how much money I have in my account, my bank asks me: What is your favourite food? As I don’t really have a favourite food, I found myself writing: Maltesers, but this didn’t feel quite right. Worse still is being asked to name your best friend. Like most adults I’ve advanced beyond the stage of having one. So do I write down my best friend from primary school? And should I still write her down even though we’ve had a bit of a falling out?
In the end, however obscure your password, we now know that it isn’t safe. Whoever hacked into the PlayStation network last month now has access to 100m passwords, and even though these are apparently “hashed” – ie scrambled – with a bit of further hacking they can presumably be unhashed. And given that most of the users probably use the same passwords for everything, the hackers could well have a high old time dipping into bank accounts and spending other people’s money online.
The few real techies I know have tried to protect themselves by buying software that generates an endless stream of random passwords and remembers the lot of them. There is a problem with this, too. You have to remember a master password to get into the system.
In the end, I can’t help wondering why it’s all so complicated. In order to do the most sensitive thing of all – get my hands on my own cash – all I need is a plastic card and a simple PIN code of four numbers. I don’t need to know my favourite food or remember how old my children are. Why is it that we still can’t do the same thing on a computer?
Copyright The Financial Times Limited 2011.