12:00 AM
Connect Directly

I Hate You, Passwords

Do I really have to memorize T7%rr$4mq@z9Jpp# so I can follow password best practices?

Passwords are a pain. We have too many to keep track of for work and for play, yet best practices demand that we never use the same password for multiple sites, never write them down, and compose them with a byzantine combination of letters, numbers, symbols and capitalization to reduce the chance of compromise.

Is it just me, or does it seem logically impossible to follow all three of these practices? They feel like they were designed by some Kafka-esque bureaucrat who demands compliance and will hear no appeal to reason or sanity.

We users are constantly scolded by security experts about passwords, especially when there’s a news story about hackers breaking into a popular Web site. (Thanks, Yahoo.)

I’m guessing that I’m not alone in saying that I violate these practices all the time. I admit it--I write down my passwords. Why? Because I have at least a dozen user name/password combinations just for work, and my memory is not that good.

Of course, I don’t pin up my password list. That would be stupid. I keep mine in a drawer.

For applications I use every day I don’t need to resort to pen and paper. But some of these applications I only use once every month, or once every quarter, and there’s no way I’m going to remember T7%rr$4mq@z9Jpp# on my own.

I also can’t stand it when I sign up for a service and choose a password, and the site spits a message back at me saying it needs to be stronger. That’s fine, but maybe you could put a little note next to the password box that explains your requirements before I iterate through a half-dozen attempts?

I know there are password managers that will lock up all my passwords, but I still need a password for the password manager. This isn’t a solution—it just takes a bad system and raises the stakes.

We need a better way, and I’d love to get your suggestions. If you’d like to leave a comment, you’ll have to sign in and create a user name and password. Just remember T7%rr$4mq@z9Jpp# is not available.

Drew is formerly editor of Network Computing and currently director of content and community for Interop. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
1/31/2014 | 7:26:37 PM
Re: Passwords
This post really made chuckle, Drew. Totally agree @l_bartlett - biggest pet peeve!
User Rank: Apprentice
1/31/2014 | 6:59:53 PM
Great topic for conversation Drew, managing passwords is definitely a pet peve of mine. I bet that a few of our Interop sponsors like Ping Identity and Authen2cate might have some ideas for us. 
Register for InformationWeek Newsletters
White Papers
Current Issue
Increasing IT Agility and Speed To Drive Business Growth
Learn about the steps you'll need to take to transform your IT operation and culture into an agile organization that supports business-driving initiatives.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.