Why Passwords Suck.

Here’s a quick rant about something which has always been annoying, but seems to worsen every year.

Every time I do anything on a website, whether it’s use e-mail, buy something, manage insurance or bank accounts, even view the newspaper or edit my running log, I need to provide a password.  This is good in theory; it ensures that random people don’t have access to my private information and that they can’t, for example, change my settings at nytimes.com on a whim or write obscenities in running log.  Passwords of some sort are clearly essential, as much important financial business is now conducted via the internet.

When creating a password, the common advice is to pick something not easily guessed or itself private; birthdays and social security numbers are obvious poor choices.  To encourage a degree of cleverness in password selection, many sites require that both letters and numbers be used, and give length requirements.  Some allow or require special characters, and some even detect repetition of characters or the use of one’s name or username.  Bank sites especially use multiple passwords under different names along with “site keys,” or pictures to which the user gives a caption.

All well and good, except that with the different requirements of every site, I have to make up new passwords all the time while the restrictions become tighter and tighter.  Sites now make it so hard to create a password that not only could no other person guess my password, I can only guess myself perhaps 40% of the time.  I realize that the purpose is to prevent the theft of my private information, but do passwords really need to be so tricky that I get locked out of my own running log?  This seems extreme.  I’d much rather run the risk of someone breaking into my log and finding out (gasp!) how many minutes I ran on some date in 2005 than having to go through the routine of having my password emailed to me or changed every time I use a different computer which hasn’t already saved it.  After all, isn’t it my own choice to pick simple passwords, knowing the risk?  If I use my birthday as the password to my bank account and someone guesses it, I’m clearly at fault for my unwise decision, not the bank.  So why do they persist in making me create one complicated username and two complicated passwords?

This brings me to my next gripe.  These sites are aware that people have trouble remembering their own passwords.  Their remedy is to place convenient “Forgot your password?” links next to every sign-in box.  Enter your username, or e-mail address, and maybe answer a few “secret questions” and your account is magically reopened for you.  But wait: passwords must be impossibly complicated to prevent fraud, yet getting access to another’s e-mail or finding out what hospital they were born in, or their pet’s name, or whatever other bullshit they ask is ridiculously easy.  Someone who wanted to break into my account would simply have to get into my e-mail or find out an account number (not very secret ) and supply the name of some family member and they’d be in, no matter how sneaky of a password I chose.

Furthermore, passwords themselves are routinely saved on computers or written down, in hopes of recalling or circumventing them later, rather than committing all 75 of them to memory.  How hard can it be to just use someone else’s computer and get into their accounts with the passwords saved in there already?  Probably not very.

My advice to the website gods out there:  find a system that might be both effective and tolerable.  Please.


4 Responses to Why Passwords Suck.

  1. Dan says:

    It had to be said. But where are the dick jokes?

  2. Jose says:

    Intellectually stimulating! I love your very insightful and observant comments. Thank you so much!

  3. Patricia says:

    You’re very welcome.

  4. shiruba2009 says:

    Hmm ok first of all, although web mail accounts have been routinely compromised, breaking into a random person’s email is not as easy as you seem to think. If you know the person well you may know their birthday, etc., however.

    Anyway writing the passwords down isn’t such a bad thing, to protect against far-away people from getting them. Think about it, if you write down your password on a post-it note next to your computer… it might not stop people who live in or visit your house from breaking in, but it will stop that guy in another city or country.

    One of my ex-bosses used to write his passwords on a folded up sheet of paper, which he kept in his wallet. His theory was “it’s at least as safe as my cash”. Saving in the web browser is a really bad idea, especially in windows, but it’s still a better idea than using easy or all the same passwords for online sites.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: