Jenna Kelly was full of imagination as a child. Growing up in Winchester, Mass., she and her two best friends forever — who, luckily, lived right next door— followed in the footsteps of generations of children before them and had a secret club. To protect the sacredness and importance of the secrets of 6-year-olds, they had a secret password (duh).
Their password was “Misty Daisy” — the winning combination of the groups’ two pet rabbits. Being the sophisticated children that they were, the girls even had a back up “security question,” which was the whistle that their parents used to get them to come in from outside.
“As any person conscious of password security knows, you need to vary your password often,” Kelly said. Other passwords included the names of the trees in their backyards.
As painfully unimportant as their secrets at the time were, the password and the whistle were part of the fun for Kelly and her friends. Decades and a computer age later, passwords are painfully necessary in daily life not only for little secrets but, also, basically for access to your life.
Billions of times a day, websites prompt us to create or recall user names and passwords for even the most seemingly unimportant tasks. Looking for a new apartment? Create a user name and password to view listings! Commenting on a news article? Create a user name and password to join the conversation! Buying? Banking? Friending? Password, password, password!
What started in childhood as silly fun is now essential, but the absurdity of the constraints brings it full circle — to something ridiculous.
In addition to the simply overwhelming number of passwords needed on a daily basis, another problem arises when every new password stipulating specific requirements (8-10 characters, punctuation marks, no punctuation marks, capitalization, fake words, no names, no sense!). It can no longer just be “Misty Daisy”: It has to be a fake word that involves numbers and capitals, so maybe M!5tyDa!5y.
Most people just give up and stick with one or two really genius passwords that they create and can handle memorizing. Even Kelly, who works at Google in San Francisco, has fewer than 10 passwords and admits that they are all dangerously similar to one another. A 2010 Consumer Reports study said that over two-thirds of respondents use either the same password or a variation of the same password for all of their accounts.
In the tech world, this represents a cardinal sin.
One way that people try to help themselves when they try to remember what password they used for what account is by sticking to certain categories when dealing with certain accounts. When Laura Palmer, a Manhattan-based consultant, has to come up with a new password for a work account, she sticks to her tried and true pattern: Combine a pet name with the street address of a previous home. Having grown up on a farm and moved around a lot in college, Palmer has plenty of options.
Another interviewee (who, like others, demanded privacy to protect his passwords) always bases his passwords around weather patterns, using combinations that include numbers with words like “sleet,” “hurricane ”or “tsunami,” in hopes that he would be able to come up with the root word eventually.
Lately, corporations have even begun to demand that employees’ passwords automatically expire every three months, so they are forced to create passwords, remember them briefly, and then forget them soon after.
Then the vicious cycle begins again.
Morgan Breck, a 23-year-old investment banker at Deutsche Bank in New York, where such a system is in place, said that at this point she just surrenders to the process.
“I think it’s a huge pain but I always just use the ‘Forgot Password’ option and have the program email me a new password,” Breck said.
When looking to link a password with a personal memory that will be remembered forever, many are tempted to use names or dates related to former flings; the next obvious thought is the inevitability of an awkward conversation later on.
One married man had a private password that included the initials and birthdate of a former girlfriend; when a situation came where he had to share his password with his wife, the jig was up and an undeniably awkward conversation ensued. Two other interviewees used dates of the anniversaries of previous relationships for their bank PIN numbers, but luckily their current “other halves” were more understanding.
Crazy mnemonic devices and random passwords are really the only an attempt by people are trying to cope with an deliberately maddening system. One apt comparison would be to the long line at airport security: Everyone (in their right mind) agrees that you’ve got to be strict on security, and is willing to do what’s necessary, but who truly wants to take off a belt, shoes and watch every time through? No one. You do it anyway. The same is true with passwords: Try as you might to cheat the system by coming up with one that’s easy to remember or simply by reusing the same one over and over, in the end, you’re going to be the only loser.