The other day Apple iTunes, after years of meekly opening when clicked upon, inexplicably balked, demanding that I put in my password and username before it would let me give it 99 cents to hear Petula Clark singing “Downtown.”
Aaargh. Am I the only fool alive who can hardly ever come up with the right combination of those two maddening computer evils?
Like most people who spend hours e-mailing, online shopping, Facebooking, word-game playing, and other time-wasting, I have too many online accounts. I use the same two passwords for most of them (more on that in a moment), but the usernames are mostly different. Which one went with which of the passwords to get me to 1964 swinging England?
Apple gave me just three chances to sign on, and I struck out. It then consigned me to a special hell for people it thinks are identity thieves, where you must first click on the day and year you were born and then, if you get that right, answer a bunch of “security” questions. (“Who was your best childhood friend?” “What was your first job?”) I never even got that far, because a red exclamation point popped up telling me I wasn’t born when I thought I was.
Tried again, wrong again. Not wanting to spend half an hour on hold to argue with a stranger about my birthday, I gave them my e-mail address instead and they sent a link that would let me choose a new password.
Now I would no longer have one of the good old passwords that I know by heart. Instead I was directed to create a typographical Frankenstein with “minimum eight characters, must include at least one number and one capital letter, cannot have three of the same letters in a row, no asterisks or other marks like %#&~#, nothing you’ve used in the last 12 months.” Congratulations to me, I’ve created an alphanumeric monster that will be impossible to recall 30 seconds from now.
Yes, I do know why they ask us to contrive these convoluted strings of symbols. It’s so hackers will give up after a while and try an easier mark. I know — but I don’t bother, and I’ll bet you don’t either, unless maybe you’re over 55. Older people, Cambridge University scientists recently discovered, pick passwords that are at least twice as secure as those chosen by under-25s.
But like me, most people want something they can remember easily — their first name, or their dog’s, or 123456 — not something they have to look up every time. The most popular password in the world, and this has held true year after year and in every language since passwords were invented, is — ta-da! — “password.” When I first read that someplace I thought to myself that I should change the password on my cellphone account, which is “wireless,” but I never did.
Even systems administrators who are supposed to keep the rest of us safe from the bad guys mess up sometimes. Like millions of others, I had to get a new credit card two years ago because someone, probably a Russian teenager, stole T.J. Maxx’s passwords and broke into its database.
The other rule about passwords is to have different ones for different Web sites, because if you use “qwerty” (another hot one) for Optimum and eBay and Yahoo and YouTube, you’re probably using it for online banking too, and if you’re attacked by a password-sniffing worm, there goes the 401K.
Nobody observes this rule much either. But it’s the usernames that really throw you. When I first ventured onto the Web I used my first name spelled backward; then I started adding whatever year it was (“eneri96”), then I’d pick usernames I thought related to the site (“shinesforall” for The New York Times, “buyer” for eBay, only hundreds of others thought of that one first and I wound up with something like “buyer557,” since changed.)
The dilemma will not go away. But who can remember all these words, much less which two must walk down the aisle together? Offices are full of despairing computer jockeys who’ve jotted their passwords down on sticky notes and stuck them on their monitors.
I’ve begun keeping a printed list, four pages long now, hidden in a desk drawer where only a thief would think to look. The people at GeekHampton in Sag Harbor say it should be “encrypted.” Oh Lord.
Irene Silverman is an editor at The Star.