Tuesday, January 5, 2010

Stop Password Abuse Now!

The closest thing to a password anyone needed when I was growing up was the combination for a locker at school. It was just three numbers between one and 40 that stayed the same all year. If you forgot, you could go to the office and they would look it up for you. I know because I was in there all the time.

I had to get my Social Security Number when I was 14 and got my first job. By high school I needed a Personal Identification Number (PIN) to withdraw money using the fancy new ATMs. In college my Social Security Number appeared on my personal checks, student ID, driver's license, time cards, and grade lists posted on bulletin boards all over campus.

When we got e-mail at work I needed my first password. We were strongly encouraged to pick something we would easily remember, like the name of a pet or a child. Your password could not exceed eight characters. Special characters, punctuation and spaces were expressly prohibited. You wrote it down because unlike your locker combination, nobody could look it up if you forgot.

The need for passwords increased gradually. Mostly you could use the same username and password for everything. But every now and then you'd run into a weird requirement that forced you to come up with something new. Hence the birth of usernames and passwords written on post-it notes stuck all over the monitor.

Now usernames and/or passwords are required every time you turn around. Shop online and you'll need a username and password for every retailer you use. Want to keep up with investments and bank accounts or pay bills online? You'll need a password for each account. Throw in passwords needed for e-mail, social networking and recreation and I have more passwords than the CIA and the FBI combined.

Along came strong passwords requiring the use of upper case, lower case, special characters and numbers. The passwords on post-its around the monitor became an open invitation to identity thieves. Now we're advised to keep passwords in a secure location, like Fort Knox or the nearest Federal Reserve Bank. Most of us just moved the post-it notes to the top desk drawer.

My employer and a few sites now make me change my password every six months. At work I can switch back and forth between two different passwords. Another site prohibits re-use of the last SIX passwords and, just to keep it interesting, blocks you after two failed attempts. Damn!

I understand the need for security and appreciate the effort to protect my personal information from prying eyes. But enough is enough. The government needs to step in with some rules to protect consumers from password abuse. I should be able to use the same username and strong password for every site. Then I wouldn't have to keep track of 152 different combos of usernames and passwords.

Probably wouldn't work. We'll never know because it will never happen. Just another reason I remain...

The Crotchety Old Man


Brian K said...

More and more people are feeling this pain. You should check out Mitto (http://mitto.com). It's a free, safe, and easy to use online password manager that not only let's you store the passwords to each of your sites, but it also let's you lick into them by clicking a button. It works with almost every site!

I have over 150 passwords stored there now (each unique and strong). They take a lot of security measures, and have certifications for Privacy (TRUSTe) and Security (McAfee).

Toodles said...

Wow...you found this post within 60 minutes of publication. Wow. I'm not sure if I should be flattered or frightened!

Follow CrotchetyMan on Twitter