Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Forgot your password?

Henry Cooke | July 16, 2013
Passwords are all powerful in the digital age - but how do you remember them all?

Passwords: How many do you have?
Passwords: How many do you have?Photo: Henry Cooke

"Passwords mean nothing to the machine. The machine lets you in to do what you need to do. It doesn't judge. It doesn't care." - Ed Park: Slide to Unlock.

I'm on my 25th work password.

We have to change them all the time. They need to have numbers or punctuation as well as letters, and can't repeat any of your old passwords, which is pretty standard. I've moved past the regular three words and various number combinations I usually use into full sentences that feature a number. Book or song titles work well: "number9dream" or "anthemsfora17yearoldgirl".

How many passwords do you regularly use?

Sometimes I'm unsure how I remember all of mine. If you asked me to recite my Facebook password I would be at a loss, but if you set me down in front of a keyboard I could type it in seconds - muscle memory appears to be the most powerful tool my brain has.

I've always been interested in other people's passwords. You can learn a lot about a person from their password. Often it's something sentimental: the birthday of someone important to them, a pet's name, a particular song lyric. Often it's some easy to remember phrase that's stuck itself in their brain, that their fingers can type out without thinking. Usually these passwords are accompanied by "123". My "main password" for a long time was one of these, an arcane joke from age eight that survived in the tendons of my fingers until I was 17.

As our lives become more and more digital, passwords become more and more powerful. With my iTunes password you could pinpoint my exact location with Find My iPhone. With my bank password you could steal my money. With my Gmail password you could pretty much ruin my life.

Passwords feel kind of hacky - a first draft we've never quite rewrote. They've existed for millennia, but that doesn't make them perfect. If passwords were perfect, we wouldn't need to remember what film was our favourite two years ago or which email address we registered a certain account to. If passwords were perfect, my mother wouldn't have her laptop password written on a Post-it note attached to her laptop.

As Randall Munroe points out in one of my favourite xkcd strips, "we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess". "sFxfF3*$d" will get rated as a "strong password" because it has numbers and punctuation and different cases. But it's impossibly hard to remember, leading to the worst possible security threat: writing it down. Furthermore, a computer "brute forcing" it - trying every possible combination out from, say, "aaaaaaaaa" onwards - won't have any more trouble than if the password was "987654321". Whereas a password such as "thissentenceismypassword" is much harder for computers to brute-force, given their length, but is super easy to remember. The problem with these is how much easier it is for a co-worker to see what you're typing, of course.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.