I can’t remember the names of friends I drink with every day. How am I supposed to cope with computer passwords?
DID you throw a party yesterday to mark World Password Day? No, nor did I. If truth be told, I don’t think I would have asked the neighbours round for a knees-up, even if I had been aware before it was too late that this great annual festival had come round again.
In fact, the first I heard of it was when I opened my morning paper and learned that the Registrar of National Day Calendar, whoever he or she may be, had set aside the first Thursday of May each year for a global celebration to ‘promote better password habits’.
The idea of the occasion is that we should all spend the day cooking up ever more fiendishly complicated passwords and adding an extra layer of protection through Multi-Factor Authentication, whatever that may be.
It seems that yesterday was the fourth such event, though I fear that the first three also passed me by.
Now, I have no wish to dampen anyone else’s fun, but I find it hard to think of anything less worthy of celebration than the wretched computer password, which for people of my age is surely among the most miserable torments of modern life.
Indeed, if I were to throw a party to mark World Password Day, I can imagine sitting with my fellow sixtysomethings, tearing out clumps of grey hair as we stare forlornly at our computers, trying desperately to remember which combination of pets’ names, birthdays or car registration numbers will give us access to our emails or online shopping accounts.
OH,FOR a return to the good old days when we could get through life without having to remember a single password or PIN — except, perhaps, the numbers to open a combination padlock on a bicycle or the garden shed.
Today, we can’t go 20 minutes without having to rack our memories for another set of letters or figures.
Speaking for myself, I have separate passwords and codes to turn off the burglar alarm, get money from the cashpoint, log on to the computer at work, switch on my smartphone and iPad, give visitors access to my home wi-fi, buy stuff from Amazon, update Apple apps, verify my credit card number with the bank when I’m shopping online … And so the list goes on.
Hardly a day goes by when I don’t have to click on the words ‘ forgotten password?’ — only to find, as often as not, that I’ve entered the wrong username, too.
I’ve mentioned before, as my memory grows ever less reliable, passwords would be my first candidates for dumping in Room 101, that repository of our most dreaded pet hates — if it weren’t for the fact that the great Gyles Brandreth consigned them there when he appeared on the BBC show back in 2014. Worst of all is that grim day — twice a year at my office — when a message drops into my inbox from the IT department, telling me the time has come round to change my password yet again, when I’ve hardly begun to master the old one.
And it’s not just any old password the techies want. Every 180 days, I have to think of a new one, at least 12 characters long, using a combination of numerals and upper and lower case letters — with almost anything that might be remotely memorable banned.
There must be no references to days of the week or months of the year, no mention of any part of our office address — ‘London’, ‘Kensington’, ‘derrystreet’ and ‘dailymail’ are all verboten.
Furthermore, we must use no consecutive numbers or letters such as ‘456’ and ‘abc’, no ‘qwerty’ and definitely no ‘password’ (which is said to be the most commonly used access code of the lot, followed by ‘123456’ and then, in third place, ‘12345678’).
Also banned, for reasons best known to the IT department, are the phrases ‘ letmein’ and ‘ longpassphrases arehardertocrack’.
Have they no mercy for poor old codgers like me, who find it increasingly hard to remember our own children’s ages and birthdays or the names of colleagues we drink with every day?
You can imagine how thrilled I was, therefore, to read yesterday that it may be completely unnecessary — and even dangerous — to keep changing our computer passwords.
The remarkable advice comes from no less an authority than Paul Edmonds, head of technology at the National Cyber Crime Unit, who claims it is a ‘fallacy’ spread by the security industry — one of his ‘big bugbears’, as he describes it — that regular password changes keep our accounts safer.
On the contrary, he insists, those who pick new passwords every month tend to choose weaker ones every time, changing them in predictable ways that hackers can easily guess.
‘PayPal for years has never asked you to change your password,’ Mr Edmonds told a conference on counter-terrorism and security. ‘If changing your password was so critical to cyber security, PayPal would have lost a lot of money and asked you to do it. People have been successfully using non- changing secure passwords for years.’
Well, he should know, I suppose. And I must say that he does seem to have logic on his side. After all, if we hit on a hard-tocrack password with, say, a one-in-100,000 chance that someone will hack it, how would our safety increase if we changed it to another of similar strength?
You may argue that, these days, computers can be programmed to try out trillions of combinations of figures, symbols and letters, and that with the most sophisticated equipment available, and sufficient determination, it will be only a matter of time before a hacker manages to break into any account.
BUThow many would think it worth their while, after weeks of failure, to keep plugging away at the same target — unless that target happened to be someone like Bill Gates? If a password stays safe for a month, in short, isn’t it likely that it will remain so for years?
All I will say is that it would transform my life if I never had to change a password again. Most of all, I wish I could feel safe to use the same one for everything — online banking, shopping, newspaper websites etc — so that I needed to remember only one.
But call me a wimp, I live in constant fear of fraudsters sucking my identity out of cyberspace. If I used just the one password, wouldn’t this mean a hacker would have to strike lucky only once to gain access to my entire online life — emails, browsing history, aborted novels, life savings — the lot?
Alas, I fear, I’m doomed forever to go on clicking on the words ‘ forgotten password?’
But let me end with a heartfelt plea to the IT department at the Mail. After 11 years at this newspaper, constantly changing my password as instructed, I’ve used up all my siblings’ addresses, the registration numbers of every car I’ve possessed, French words, Latin words, telephone numbers and the dates of a battle or two, with random capital letters thrown in. I’ve simply run out of ideas.
So could I beg for a special present to mark yesterday’s World Password Day? Bearing in mind the advice Mr Edmonds gave to the security conference, would you please let me stick with the one I’ve got?