Have you ever struggled to log-in to a site (like I did this morning as I tried to check my online bank statement) only to realize that you no longer remember what codes you used as your username and/or password? That’s when I turn to my friend and web designer, Annette, for her help. Somehow she always has the information I need. How does she do it? What magic does Annette use to remember these security settings that drive me up a wall? 
You’ll find the answer in this very informative and relevant blog this week by Annette van Ommeren
In our virtual life we often come against the tedious, challenging and somewhat frustrating exercise of “Setting Passwords & Security Answers”. Seems any web site of interest demands ‘registration’ before we can access the real meat within. And this requires us to compose suitable passwords.
Way back when.. when bills were paid by checks, shopping was done with the exchange of cash for the actual item handed over, when life was simple – or should I say “convenient in a quaint sort of way” we didn’t worry about passwords. No need to force our brain to invent some jumbled up set of characters that are “easy to remember”. Easy..? How can gibberish be easy to remember? So we come up with something super-simple – a pet’s name or such, and keep it forever. And to make it really easy, we write it on a post-it and ‘hide’ that under the keyboard? (Do I hear any “yup, done that”?)
But then came the alarming news about the proliferation of identity theft, hacks and security breaches at those “trusted” websites, leading to the realization that nothing is private or secret in the ‘cloud’.
The online organizations fight back with all their might against hackers and predators, but in the process reduce us (the customer) to digital misfits as we try to play by the new rules.
How many people struggle with the required inane “security questions”? We have to chose from several stock questions, and provide a personalized answer. A well intentioned programmer decided these additional steps helped fortify the walls, and create a good and secure system – and actually, the technique is good.
But who invents these questions? Recently faced by a daunting list of stock questions to chose from, it became apparent they were decidedly prejudiced. Some 15 questions, 4 of which had to be selected and answers provided. Almost 50% assumed marriage. Almost all assumed a US upbringing and education. The target demographic was no doubt “middle class, affluent, clean-cut Americans”.
Who hasn’t come across these or similar?
“Who played at your first concert?” Huh.. I was about 3 when my parents took me to a music performance, do I remember who played?
“Color of your first car?” What if you grew up in a city and never had a car?
“Where did you honeymoon?” What if I married multiple times? Or never married?
“Who was your date at your prom” What if your date stood you up, or you didn’t go to a prom. Talk about rubbing salt into old wounds!
“Last name of your first teacher” Does anyone remember their kindergarten first teacher’s name? I sure don’t – didn’t like her/him and did all I could to forget.
“Favorite food?” This one really throws me. My favorite food changes weekly – I can’t imagine anyone specifying a food that will be their favorite for years to come. If so.. they must be on a very limited diet.
“Your husband’s mother’s maiden name?” Which husband; his birth or step mother… the options are endless.
So we wade through these required steps, desperately thinking of answers we will instantly remember when prompted years from now. A simple registration process can turn into hours of hand-wringing and agonizing!
Of course the actual passwords we chose are indeed very central to our security. We’re left in a quandary: “The harder to hack, the harder to remember”.
This is where I agree with those (tedious) alarmists who tell us to create super-difficult passwords. No, your pet’s name or kids birthday just doesn’t cut it these days. It must be complex, and non-guessable by others.
There is an excellent article about security at The Atlantic with ideas to help you deal with these contemporary frustrations.
Some ideas of them include:
“Choose a long, familiar-to-you sequence of ordinary words, with spaces between them as in a sentence, which more sites now allow.”
“Choose a short sequence of words that are not “real” English words.”
“Choose a truly obscure, gibberish password—“V*!amYeG4M5!3R” —and then find a way to store it. [perhaps] entrust them to online managers like LastPass or RoboForm.”
“Never use “password,” “123456,” or your own birthday”!
Use different passwords – “The guide should be: any site that matters needs its own password“
You can read the entire Atlantic article here
There’s more information in this New York Times article
And here’s a Google Blog post on the subject
Annette van Ommeren started her career in fine art, but after an initial reluctance to join the digital world, she became fascinated by its possibilities. She established “AnnaGraphics Web & Graphic Design” in Westchester, NY, 13 years ago, and enjoys guiding her clients through a web site development process. As an antidote to sedentary computer work she loves dancing, skiing and hiking.
(Addendum from CJ: Annette and “AnnaGraphics” is the savvy and creative force behind my Tao and Defiant and Tao Girl websites. She’s brilliant and a joy to work with!)
I also keep a cheat sheet. But I have created my own, personal, encryption system. I have several “root” passwords. Let’s say my root password #1 is “taogirl123″ Then, if my real password needs mixed case, I may use “TaoGirl123″, and on my cheat sheet I put “XxxXxxx###”. If I use “tao12Girl”, I put “xxx##Xxxx”. It’s a pain, but it is better than not having it, and better than having it spelled out for someone else to see. I do have to memorize my root passwords.
Very good suggestion! When we construct our own, personalized version of encryption or a cheat-sheet system, it will have the best chance of success. Always easier to remember our own invention, than adjusting to someone else’s ideas. Occasionally I use a “main” password, but customize the last few characters depending where it will be used. Also remember to regularly change passwords, especially for web sites with sensitive content, such as banks. You can’t be too careful, the “bad robots” are constantly trolling the internet, looking for vulnerabilities.
Take a peek at this page to see how fast a password can be cracked.
http://www.ghacks.net/2010/06/12/how-quickly-can-your-password-be-cracked/
And I thought I was the only one who struggled with this! The real time consuming stuff is when you forget that intricate password and have to jump through all the hoops only to find it will not be reinstated, but you need to chose yet another password!
I hear your frustration! Let’s hope that sooner or later the security systems will become more user-friendly. Unfortunately we have no choice but to tolerate it for now, we certainly don’t want to let the “bad guys” win.
I love this post! I have a sheet of paper in my desk drawer with all my different log-ins and passwords and anything else I need to know to get into a program or a site I use. How secure is that? At least when I pass on my kids will be able to find my stuff on-line if so needed.
By the way when I started to make this comment and used the CAPTCHA Code – I must not have done it correctly because it knocked me off the response!! augh!!! What does that say when I cannot even do the right code when it is printed in front of me. So when Dec. 12, 2012 hits us – will we all go back to paper and pre- 60′s? since the alignment of the stars and planets will probably kick us all off websites and computers? just wondering
We all have our systems of remembering, and I admit I use stickynotes around my computer sreen too. (Did I just admit that?) It’s a sad sign of the times that we have to encourage this paranoia. And as for 12/21/2012, If all computers went up in smoke, it might not be a totally bad thing! (Just kidding)
Annette