Password misery
December 2010
Ali Baba overheard just one password (Open Sesame) and was able to find all the treasure laid up by the Forty Thieves. He even managed to hang on to it all; his brother Cassim forced Ali Baba to reveal the password, but then became so excited when he too gained access that he forgot the password and could not escape, and in due course was killed by the thieves. The thieves themselves were victims of password theft and lost everything.
Thus, we see that the whole business of passwords, and the trouble they can cause, is nothing new. In fact, the problems are increasing.
When passwords were limited to the Famous Five, secret agents and military manoeuvres, who amongst us would have predicted that we would soon have to be remembering reams of furtive codes to allow us access to all manner of websites?
None of us, that’s who. But it has happened, we are stuck with it, and we need to cope, somehow.
It’s not easy; I probably use more websites that most, and my rough guess is that I have, in my time, established several hundred online login details. (When, by the way, did “log in” become one word? The OED still thinks it’s two, but most websites disagree. The Oxford University Press website, to its credit, still asks one to “sign in”.)
Logins and usernames (another conflation we weren’t expecting) are, I suppose, a necessary evil, for the moment. They serve two good purposes: first, to prevent others easily looking at what is none of their business, and second, to allow a website to present relevant stuff to you. Fair enough; I’m not sure that I can fault the principle.
But we all know how irritating it is if you cannot remember the magic words you gave when you originally signed up. As for the “security questions” that are supposed to help, it’s no good asking me what “significant date” I suggested. I have never coexisted happily with calendars and whilst I can recall a few critical dates, goodness knows what I actually put on that particular site, probably years ago.
The problem is not that we object to the security that these secret handshakes give us; it is that we are dreadful at dealing with large numbers of them. A key to the house and car, yes; a key to the safe in the study, and one to the garage, if well labelled, maybe; but who can ever find the keys to the padlocks that you bought for your suitcases? Or the key to your desk drawers? Or to that cabinet in the attic that might have something interesting in it? So it is with online keys.
What we really need, of course, is central locking. It works in cars, it could work in cyberspace. We need a trusted central gatekeeper website; if we log in to that, it will then log us in to the other ones we want to see, remembering the complex passwords for us.
It’s a nice idea, and it has been attempted a few times. Microsoft tried to create a Universal Login through their email service, and there is an independent one at www.openid.net which looks promising. The trouble is that they require the owner of every website in the world to join the club before it becomes universal, and that’s never going to happen.
As ever, the answer is to take matters into your own hands. Simply writing down all the passwords somewhere takes a lot of beating, provided that you keep the list secure. Alternatively, there are some computer programmes that can help; the best known is www.roboform.com, which costs £20. Once you get the hang of it (not too easy) you only need to remember one password, and it remembers all the rest for you.
If you trust them, it also allows you to store the passwords online, so that you can recall them from any other computer.
It’s not perfect, but it’s the best I’ve found so far. However, many Oldie readers may still prefer to rely on pen and paper, and who can blame them. Please, however, do keep such important details as safe as your do the family tiara. Remember what happened to the Forty Thieves.
