Mind melt: Passwords grow ever more complicated
Cultural Studies: As our dependency on the Internet has grown, so has the complexity of its restrictions. The end result: a mind-boggling array of personal codes.
The New York Times
With numbers. Without. One capital letter. None. More than eight characters. Fewer than 16.
"It's a nightmare," the comedian Tracey Ullman said. "These passwords just keep getting longer and longer. I try to think of a startling emotional thing that jogs my memory or something that's frightening, or my grandmother's name with 666 at the end. But I really don't know what to do."
Neither, it would seem, does the actress Parker Posey, who said she writes them down "on tiny pieces of paper, like little secrets, because yes, someone could find them." But then, Posey added, she forgets which websites the codes are for.
The writer Paul Rudnick finds himself equally bewildered. Simply tracking down the password for his Time Warner Cable modem was like "a 'Bourne Identity' moment," Rudnick recalled.
Just a decade ago, an Internet user rarely had to do more than enter a simple, easy-to-remember email password, recycling it for every online account. But as our dependency on the Internet has grown, so has the complexity of its restrictions.
The end result: a mind-boggling array of personal codes squirreled away in computer files, scribbled on Post-it notes or simply lost in the ether. Virtually any online user without a computer science degree now seems to be one failed login attempt away from a nervous breakdown.
Worse, are the dreaded security questions, which began simply enough ("In what city were you born?") but have increasingly "moved from the purely factual to things that would require you to have a judgment," lamented Jeffrey Leeds, the president of Leeds Equity and a fixture on the New York social scene.
"It'd be fine if it was my mother's maiden name," Leeds said. "That is different from 'What is the name of your first girlfriend?' You think: 'Well, what do you mean by girlfriend? Is that the first woman I ever slept with, or someone I liked who never particularly liked me back?' It's a march through your entire personal history just to get on some damn website which will deliver your groceries."
Wireless providers have concocted a particularly dizzying array of hurdles to get on their websites. At Verizon, choices include "What is the title of your favorite book?" and "What is your favorite food?" both of which Olivia Kraus, a lawyer in New York, dismisses as silly questions to ask anyone over age 7. "The whole favorite thing is so juvenile," she said.
Rudnick also finds the questions misguided. "They should go negative," he suggested. "What's your least favorite color, who's your least favorite relative and who's the last person on earth you would date? People would remember those questions, and they'd enjoy answering them far more."
At AT&T, customers can pick among quasi-existential queries like "What is your dream job?" or brainteasers like "What is the last name of the most famous person you've ever met?"
That last one confounded Kevin Hertzog, a set designer in New York and recent AT&T Wireless defector.
"What constitutes meeting?" Hertzog said. "Barbra Streisand asked me if we had a set of 12 plates in stock when I worked at Bergdorf Goodman, but I've had breakfast with Calvin Klein, so which person have I really met? Does it count if you shout out someone's name on the red carpet on the Academy Awards as they walk by? If you go to the Christy Turlington event at Neiman Marcus in Beverly Hills and buy a yoga pant from her?"
Further, Hertzog said he could never bring himself to make that his security question anyway: "I'd be too embarrassed even if no one else knew about it."
Mickey Boardman, the editorial director of Paper Magazine, said he was often stumped from the get-go. "One password check asked my first phone number," he said in an email, "and I can barely remember my current number."
"They'll ask you something like, 'Who was your first teacher?' and I can never remember if that means my first-grade teacher or kindergarten, because kindergarten isn't really school," Boardman continued. "And my first-grade teacher, Miss Thies, got married halfway through the year and became Mrs. Newell. So it's mayhem."
That online accounts are unsecure does not seem to be a matter of much debate. Over the last several months, Facebook has been subjected to numerous security breaches, as anyone who has unwittingly posted pictures of Nike sneakers or Christian Louboutin heels can tell you.
On June 6, the social networking site LinkedIn confirmed that it was the victim of a security attack, and more than 6 million people had their passwords stolen. That week, Mitt Romney's Hotmail account was hacked, echoing a similar episode in 2008 involving Sarah Palin's Yahoo email account.
But it is less clear to cybersecurity experts that having a password with extra numbers or special characters actually makes customers safer.
"People's choice of passwords is not the real problem today," said Dr. Joseph Bonneau, a University of Cambridge researcher who studies cyber security. "The real problem is typing in passwords to the wrong website, which is stealing them."
So why are websites suddenly requiring users to add special characters or numbers? "It's security theater," Bonneau said. "So people feel safe. It makes the websites seem like they're taking things more seriously, when in fact most of them have no control if you have malware. In absence of a way to tackle bigger problems, it's easy to add restrictions. They don't want to seem less secure than competitors."
Larry Kramer, the playwright and AIDS activist, is outraged.
"I don't think any of the proprietors of these sites have spoken about this in any kind of intelligent way," Kramer said. "And there's no standard code, there's no 'Can we all work on this together?' Or anything like that. It's a mess. You'd think AOL and Gmail would talk to each other and find a way to sort this out."
Most technology companies do not want to talk about their systems. AT&T and Time Warner Cable declined interview requests. Verizon did put someone on the phone, but not from the department in charge of its sometimes frustrating website.
As it turned out, Tracy Hulver, Verizon's chief identity strategist, was having his own trouble keeping his online accounts straight. "I remember my passwords at this point, but I have trouble matching those passwords with the appropriate user ID," Hulver said. "So I may have a user account THulver on one account, and on another account it's Thulver01, because on that I had to put an alphanumeric. And matching those passwords to those user IDs winds up being the thing that frustrates me the most."
The MSNBC host Al Sharpton echoed this frustration. On any given day, he might use five passwords, Sharpton said. "You walk around all day trying to remember them so that you don't look like you're senile when you can't turn on your computer in front of your staff," he said. "Every one of them is younger than me."
So what's a hopeless technophobe to do?
Courtney Love recommends using mnemonics, saying it was something even a simpleton like herself could use. "You use the lyrics to a song," she said, for example, "'Lucy in the Sky With Diamonds' — litswd-1 — and that way you can't forget it."
Still, she ran into trouble when she started using "Hey Jude." "I kept forgetting if it was 'Hey Jude, don't make it bad' or 'Hey Jude, don't make it sad,' " she said. "So I gave up on that."
And the comedian Sandra Bernhard noted that a trick like this would not work for her Time Warner Cable wireless router, which comes with a preselected unchangeable password that ranges from 13 to 28 characters. "We have that one written down somewhere, but where it is I'd be hard pressed to tell you," she said, adding that her relationship with the cable provider is "an S&M experience without the pleasure."
Ullman recently consolidated her most important passwords on a Post-it note beside her computer. The inherent security risk of this was less troublesome to her than her sense of ironic defeat. "I thought the whole point of computers was, you were never going to have to write again," she said.
And don't get her started on those newly trendy captcha phrases, the squiggly lines of random text that are designed to block spammers but drive real, live customers batty.
"Don't you hate those?" Ullman said. "I always get those wrong because it looks like they were written by someone on LSD. It's awful."