May 19, 2013

Passwords becoming too complicated


---- — For many of us, huge portions of our lives are entwined with technology and the online world.

In many ways, this is great. We have easy access to endless information and conveniences. Maintaining friendships from halfway across the world is as easy as a tweet or an Instagram.

The biggest problem with being able to do everything and anything from a laptop computer — or a mobile phone — is that every single thing you do, every virtual place that you visit, requires a password.

This, of course, is for security. Don’t want anyone to steal our identities or empty our bank accounts or order 47 cartons of adult diapers on and have them delivered to our place of business. Unfortunately, passwords have gotten completely out of control.

Once upon a time, they were cute and simple. Easy to remember. Nothing but a formality, really.

Use your first name. Your gerbil’s name. Use “1234” or “password.” What difference did it make? Hackers? What’s a hacker?

Now, however, we are not safe. We are told to use a unique password for every single website we frequent.

I know that, for me, that’s a lot of passwords. I don’t have that many easy-to-remember words to utilize … which I guess is OK, because the experts don’t want you to use easy-to-remember words, because those are easy to break.

I’m told that we should “avoid dictionary words in any language.” Also no dictionary words spelled backwards, and no words “misspelled in a common way.”

They must be on to something; every TV and movie character ever created is able to guess a password — sometimes under the pressure of imminent explosion — within 30 seconds. That’s because no TV villain ever uses ,,#g6Y-)(9xQ> as a password.

The experts, however, don’t want you to write down your passwords — that’s a no-no; someone could find your list!

So, I have to remember 187 separate combinations of random characters and keystrokes without any physical reminders? Heck, I don’t know where I put my car keys, and I’m not 100 percent sure if I changed my underwear this morning.

I know that if I forget a password, in most instances I can be sent a new one. But that’s a nuisance, and what if I forget which email address the reminder was supposed to be sent to? Worse, what if I forget my email password?

There’s also another problem that some experts like to emphasize. You know how sites will often ask you personal questions to help establish your identity? Well, sometimes those personal answers can be stolen or hacked, and your new passwords then sent to the evildoers.

The solution? Come up with a whole extra set of passwords to answer your personal questions.

That’s right. You should tell a website that your mother’s maiden name is rObOb00gerz53!. And don’t forget it.

The computer-hacking world thinks we’re lazy and unimaginative when it comes to passwords, but really, we’re just tired and forgetful. And we’re not alone.

A password-management company called SplashData publishes a list of the most-used passwords every year. Once again, the No. 1 password in all of America: “password.” Must be a lot of Allen Ludden fans on the Internet.

No. 2 is “123456,” followed closely by “12345678,” because stupid sites have started requiring eight characters instead of six.

Other favorites include “letmein” (No. 7), “iloveyou” (No. 11) and “trustno1” (No. 12; thank you “X-Files"). There are a couple of popular first names on the list — one source estimates that 16 percent of people use a first name as a password — including a newcomer in 2012: “jesus” (No. 21).

Our national pastime, “baseball,” sits at No. 10, still ahead of “football” (No. 20). For some reason, “monkey” is No. 6, the only furry mammal in the top 20.

I don’t know what to do anymore. I suppose I could use a password-protection company or get password-saving software. Don’t those need passwords as well? What if you put all of your passwords onto a protected-password cloud, and that cloud gets hacked?

Every day some website tells me that I need to change my password, which I already can’t remember, into something else. If not, I will no longer be able to access my own stuff.

Is this not America? Shouldn’t we have the option to risk identify theft if we choose to?

I don’t want to give up using Google or Facebook or online shopping. I don’t want to turn in my cell phone and go back to the dark ages of the '90s.

Surely we must have the technology now to implant microchips or magnetic strips underneath our skin, containing all of our personal information, right there alongside our genetic code. I can’t imagine anything bad that could come from that.

For now, I guess I’ll just have to mix things up. The hackers will never suspect that I’d use “drowssap” for every online password. I’ll be completely safe.

Email Steve Ouellette: