Suffering from password overload

The email read, “We’ve had a security breach. We need you to change your password immediately.”

The message looked and acted official. It was from a company email address. It appealed to my friend’s authority in his organization. It piqued his sense of responsibility. And it presented a contemporary corporate catch-22:

Click the link and risk being labeled by IT as prone to “phishing.” Don’t click the link and be labeled as unconcerned about data security.

After quickly weighing pros and cons, my buddy clicked the link.

“GOTCHA!” the technology department wrote back in more diplomatic language but with no less twisted pleasure. He had indeed fallen prey to a manufactured phishing attempt, the nerds alerted, and they had just the online training he needed.

Of course, the online training required a password – which he didn’t know!

Anyone else suffering from data security confusion? How ‘bout password overload? My password list no longer fits on the Post-It note stuck to my monitor!

While I should have known shopping at Target could one day empty my bank account, who knew fifteen years ago I would one day need a password for Domino’s?

Password complexity is part of the problem. Upper case, lower case. Letters, numbers, symbols. 8 characters, 16 characters, 246 characters.

Some passwords can’t include your name or initials. Others can’t include any word in the English language! Just when I was getting good with pass “phrases:”

OopsIdiditagain. Myfavoritecolorisgreen. Cloudywithachanceofrain.

To survive in this technology age, we basically need a graduate degree in cryptology.

“Do not eat convenience store sushi.” becomes “Dn3C$S.” This abbreviation is “strong”, unless a password requires a minimum of 10 characters.

And then, there’s the dreaded password change requirement. The nerds seem to be in a race to see who can require a shorter cycle. Beware; the following message is coming:

“Six minutes have passed since you last logged in. It is now time to change your password. Your new password cannot include any digit in your account number. It cannot include any character on the QWERTY keyboard. We will be sending you a special wingding keyboard with 176 characters and emoticons to choose from. Please allow 7-10 business days for delivery.”

So much for technology’s promise of increased efficiency.

And how about this conundrum?

You want to log in to your online account. You need your account number to do so. Your account number is listed on your statement. Since you signed up for e-statements, your statement is securely locked down inside the online account you cannot access.

But just think how many trees you saved! Go sit under one to defuse.

And, finally, the equally dreaded security questions:

My favorite teacher? My best childhood friend? My first pet? If only life were so clean-cut and I could remember if I capitalized their names.

Part of the problem is that since each nerd is consumed by his particular system, he thinks we are, too. He can’t fathom the possibility that anyone would forget a password or security question answer to his masterpiece.

That’s okay. This password / security question era will pass soon. Fingerprint readers, retina scanners, breathalyzers, blood samplers. Something will save us from the ever-growing list of passwords and their ever-changing requirements.

Until then, h@n9in+her3.

Kevin Thompson writes a weekly column for The Boerne Star in the Texas hill country. Follow him at: http://www.KWT.info