Password Paranoia
Revenge of the Nerds
July, 2012 - Issue #93
This is getting out of hand. If passwords are today's keys, I'm lugging around a ring that would make a high school janitor jealous.

I reached the tipping point at work. We operate multiple systems, each of which requires a different password. The security staff, convinced that legions of crafty hackers lurk just beyond our firewall, has decreed that passwords be changed monthly, must include a number, and cannot be reused. Today it's time to re-set my email password. I input my selection.

"Password not unique." What? The computer deems my one-word literary effort a cliche? I get enough criticism from my boss. I don't need this.

Shopping. That's what I need, an e-commerce break from routine. I order a T-shirt for my wife: $16 plus shipping and handling for a plain white tee with a funny slogan. I'm not looking for a relationship here, just a shirt. But the website demands a password. Do I really have to dream up a special word just to get an hour's worth of sweatshop labor delivered to my door? Is internet tee-shirt theft that rampant?
"Nothing boosts the ego like hearing
half of Bangalore reduced to tears
over your

I've learned my lesson about choosing passwords. They should be private and easy to remember. And by private, I mean non-public. My wife's pet name for me was my 401(k) account password. When I forgot it, I called customer support. After 20 minutes of nameless techno-pop hold music, "John" came on the line promising to fix things. I listened to his confident keystrokes clacking through the phone followed by what I swear was the sound of him waving over his co-workers. The next thing I heard was 50 voices simultaneously screaming "schmoopie" and bursting into uncontrollable giggles. Nothing boosts the ego like hearing half of Bangalore reduced to tears over your private information. Trust me, keep the password bland.

Passwords don't enhance security. Despite using passwords that make Bob Dylan's lyrics seem coherent, my accounts are far more exposed than my car. The car keys stay on that hook by the garage door - if they go missing I'll notice soon enough and there's a decent chance a Good Samaritan has already turned them in. But I don't even have to drop my passwords - the companies do it for me. It seems every week we hear of another firm confessing to another 40,000 passwords lost. It's as if Ford managed to fling my Pinto keys into a Ukrainian internet cafe along with first-class airfare direct to the lot where I parked it.

Fine, I'll enter something for the shirt. It's not my bank or my email account, so I'm not concerned with concocting something that would stump the NSA's supercomputers. I input the password and hit enter.

"Please respond to the security question." Sigh. It's not enough that I have to produce a password, now I have to identify my favorite high school teacher, or my first pet's name, or the city in which I first ate a taco.

I don't like where this is heading. My self-esteem took a hit from the corporate literary critic; these questions trigger my latent life-experience anxiety. Do I lack some crucial social development? I'm not sure I had a favorite teacher and my first taco experience is lost in the mists of time and intestinal trauma.

This is no idle concern. Years ago I answered the "Best Friend" security question for my bank's website. Months later, the bank demanded proof I still knew the name. I confidently entered it.

"Answer incorrect" came the response. Wait a minute, I'm sure that was the right name. What does the bank know that I don't? Is he really not my best friend? Why am I always the last to know?

Okay, I give the tee-shirt vendor a teacher's name. With the finish line in sight I click on "submit order."

"Please read and accept the End User License Agreement." The scroll bar reveals 40 pages of legal dry heaves that would make Alan Dershowitz drop his practice for a barista gig.

I log off. You know, shopping locally sounds much more relaxing. Some fresh air will do me good.
- What is the sum of 8 + 8?
This is a required value
to protect against spam
community events