Persistent Problems with Proliferating Passwords
Several months ago, Lance Koonce commented on the security problem caused by modern technology forcing us to remember too many passwords, which leads to many of us to collect all the passwords and post them in an accessible location, thus defeating the security requirements.
Some of these passwords (for credit card and bank accounts) are very important; others (such as those gaining access to a listserv or reading the online New York Times) much less so. And yet they all accumulate, with nobody providing advice on prioritizing the password mess.
And, the problem apparently persists.
An article recently published by Baltimore Sun reporter Mike Horowitz noted the same problem and the same problematic solution.
Horowitz says: "I have too many passwords. In fact, when I counted mine this week, I came up with 42 logins for Web sites, data services, voice mail and e-mail systems." He "can do this easily because, like most folks who have to juggle lots of passwords, I do exactly the wrong thing. I write them down — in a safe place, of course."
The problem afflicts almost all of us. Horowitz lists the depressing data: "In 2005, RSA Security surveyed 1,700 business computer users. It found that almost 60 percent had to manage at least six passwords, while 28 percent had to manage more than 13."
Horowitz adds:
This uncoordinated but ubiquitous demand for passwords is counterproductive. It leads to behavior that actually makes it easier for thieves and spies to do their work. It encourages people to use the same password for all their systems — or as close to it as they can get.
It encourages simple passwords that are easy to remember, and just as easy for hackers to guess (birthdays and kids' names are favorites).
The only recourse for most of us is writing our passwords down — somewhere that's easy to remember and probably easy for an intruder to find.
So, what is today's solution? Horowitz suggests a "password cache or password safe — a term for software that stores all your passwords in an encrypted file — locked with a single password of your choice. When you sign on to a Web site or system, the program retrieves the password you need." To protect your security, however, he says that you will need a "really good" master password, which should be "something long, and with a couple of numeric characters and punctuation marks thrown in."
Then, using software such as Roboform or Password Safe, you will simplify your life by depending thereafter on one—very complex and baffling to remember, but hopefully secure—password.
How to come up with such a Master Password? Readers responded with many suggestions including software that generates random passwords or the use of so-called "Leet" passwords. Another solution, favored by a reporter at the Vancouver Columbian, is hints. As Horowitz comments, the Columbian reporter "uses an unencrypted Word file to record his passwords. But instead of writing the exact password down, he uses written hints to remind him without leaving a trail for snoops."
Horowitz's approach to the security risks caused by the proliferation of electronic passwords recalls one of the noteworthy sayings of Mark Twain's Puddin' Head Wilson: "Put all your eggs in one basket and -- WATCH THAT BASKET."