Think I’m channeling Andy Rooney today, but I have to say passwords are driving me CRAZY! I mean, everywhere I go I must have a new login, a password, and a user identification. What, no secret handshake? Like I don’t know who I am? Like I’m some sort of spy for the Society of Pet Owners Everywhere who wants to hack into how many snacks you’re giving your furry friends? Like by having a password my personal information is somehow safe? Can you say, “wire tap?”
This is all very confusing. Yesterday, I heard of a writer from Rocky Mountain Fiction Writers who is very sick. This woman has a large following, and we all appreciated hearing from her family. Of course everyone wishes her well for a speedy recovery. But in order to hear news from her family, I had to sign up for a website called CarePages. It’s like having to have a login and password to read a local newspaper. Am I going to search a website about sick people in order to what–steal bed pans or something? Maybe I could write an episode of General Hospital after changing a couple of names. The registration onto this website was no big deal–give your name, age, blood type. Whatever.
Dutifully, I signed up for the sight and made another entry into my secret code book (an old address book where I keep passwords for the kazillion sites that require passwords). I’m running out of space for the C-D section.
I hear there are software devices that will store all of your passwords for you. Then you only have to remember the one “master password,” and a magic gate opens letting you visit that florist shop on-line you last purchased from in 2000. I think the information is stored in this reliable source called “the cloud.” I don’t know about you, but clouds or any other form of weather have never been too reliable before, so now I’m supposed to trust this huge server in the sky that has everybody’s information in it to somehow be secure, safe, and private?
A couple of weeks ago, I went to purchase something from the Apple App store. Dutifully, the screen popped up to ask my name and login. I click-clacked away on the keyboard, only to find my password was rejected. Hmm. I typed it in again. Nope. I checked my address book. There I was, and there was the password I thought I had. I typed in my information over again. Rejected. After a couple of hours, a support call or two and my good guy intervening with the computer gods on my behalf, I finally got in…forgot what I was going to the site for in the first place.
Lately, this has been happening more and more. I suspect there is an expiration date on passwords, only in order to know this, you must have a password to the security section of the internet.
And speaking of, just want to share with you some of the “privacy” policy of Yahoo.com:
“Yahoo may combine information about you that we have with information we obtain from business partners or other companies.
“When you register we ask for information such as your name, email address, birth date, gender, ZIP code, occupation, industry, and personal interests. For some financial products and services we might also ask for your address, Social Security number, and information about your assets.
“Yahoo automatically receives and records information from your computer and browser, including your IP address, Yahoo cookie information, software and hardware attributes, and the page you request.
“Yahoo uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.”
Okay, so where’s the privacy in all of this? Yahoo now has my name, birthdate, social security number, gender, where I live, what I look at on the internet–and they share it “internally and externally.” What about all of this is private? If this is secure, why am I feeling so naked?
And please don’t get me started on creating a password. Now I have some anonymous password teacher in the cloud judging whether my new passwords are “weak,” “mild,” or “strong.” And chances are, if they’re strong, no one in his or her right mind will remember them–ever. Back to the cloud to register the doggone thing.
I think I’m going to give up and go back to the wink-wink-nudge-nudge form of security we used to have for our secret kid clubs back in the day. Sheesh.
Liesa – I LOVE this! Right on! This needs to be picked up and go viral.
Thanks, Linda. You’re the best! Let’s catch a cold together. Oh, the other viral. I will keep my fingers crossed. Love you.
And the passwords are all supposed to be different. How is this possible? I can’t even remember some of my user names.
Well, Luanne, At least we can try to remember our regular names and, in my case, if I forget I know it’s recorded somewhere . . . in a cloud. Thanks for your comment my friend. Have a great day.
Great post!. Speaking as the guy who has to enforce the password policy at work, some tips I use – which combine the good ideas of two experts – combine two innocuous words together, example: grass + stapler = grassstapler (based on a quick right turn of my head across my desk and out the window). Replace a couple of the relatively easy letters for the “strong” password requirement of numbers and symbols, let’s use @ for A and 3 for E = gr@ssstapl3r. Last, capitalize the second word = gr@ssStapl3r. The two words are easier to remember than random letters, and are (honestly) at least as secure. Also, it let’s you leave more clear hints for yourself without incurring the wrath of your IT department. A post-it that reads, “1. Cut the grass. 2. Get a new stapler.” won’t usually shout “password hints!” to a would-be hacker; especially if, like me, one needs to change their password fairly often, and a new post-it goes up.
Ok, now you say, “how am I going to remember what my two words are for sites I don’t visit often?!?” That’s more difficult. It depends on the individual user – some people I recommend keeping “themes”, for example alliterations using colors, r3dR!vets, or@ang3Oval, y3llowY!ngyang, gr3enGr@vel, blu3Bo!ler, ind1goIsl@nd, vi0letV!ctory. Then it’s playing the odds. Randomly spraying out 7 passwords to various sites lowers the overall risk for any one site. Use your own list like this for any non-critical sites (places you don’t use SS#, credit card info, things that identity thieves thrive on). For sites where you do use critical info, well, each one ought to have its own password, and if it’s one you don’t visit often, those cloud services really are your best bet.
A note on the cloud, in particular password storage sites – all the information is scrambled on your computer before uploading, and the unscramble information is two parts. What that means is that a hacker would need to have hacked both your personal computer AND the password site AND know your master password to get access. Impossible? No, but if it’s really important enough to make it worthwhile for a hacker to go through that level of effort, you will have already put on more security than that anyhow.
Thanks always for the good blog!
Oh my gosh, Craig! Who knew all this great password stuff? I’m impressed. Plus last night on NCIS, Tony DiNozzo was going to Europe supposedly to do a seminar on computer security. I didn’t think that seminar would have been worth while. Now I’ll have to rethink that, and while I’m at it, I think you have Tony’s cover beat, big time. Hugs to you and everyone in Michigan.
Funny post, Liesa. And yet so true! There are few things as frustrating as the forgotten password. Craig’s tips are great.
Hi Catherine, Thanks for your thoughts. I agree, Craig is a wonderfully helpful expert in the software field. Wishing you well, and hope to see you soon.
Actually, sites like Google and Yahoo are also collecting our info, so that they can personalise their ads. They claim that this is to provide you better ads that you are more likely to be interested, but they are charging advertisers more because of this service (so I think they are selling our info to earn more money). The way to avoid this is never visit any website when you are logged in your account. Always make sure that all your Internet records, cookies are cleared before you log in and after you log out, so that they cannot collect your info by tracking the sites that you used.
I means “always” collecting
Hi Ray,
Thanks for your thoughts. While personal privacy is a serious business, I was poking a little fun at the whole process. Sometimes I think the only one passwords keep out of places are the owners of the passwords. We forget them, record them wrong, lose them, and otherwise are frustrated by them. “Big Brother” seems to have come home to roost, but we users are responsible too. Wishing you a great day.
This is so funny, Liesa! You’re so right, all these passwords are driving us mad. My work email requires us to change our password periodically and it always seems to happen JUST when I have finally memorized my new password. Typical, right?
Ha! Ha! Ha! You are so right, Letizia! And with middle age “forgetfulness” upon me, you can understand I’m lucky to remember the person’s name who’s looking at me in the mirror, much less the password using a capital, a number and a special character just to visit my facebook page. Have a wonderful week.
You completed a number of nice points there. I did a search on the issue and found
nearly all people will have the same opinion with your blog.
Hi Photography Art, Thanks for your comment. One day maybe we’ll all just share everything we have and privacy won’t be even a thought. But then, I kind of like knowing I’m the only one listening when I sing in the shower . . . Have a great day.