The Myth of Internet Security
The vast majority of the time, I get along quite well in my life as a Cybernaut. I don’t know that we are really called Cybernauts–we people who live the vast majority of our lives through an Internet connection–but it is a word I like to use to describe myself. I sometimes feel like I exist more as a virtual creation than as a physical being.
Plus, Cybernaut brings back memories of my pre-Internet existence. When I was a toddler in the mid-seventies, pre-Star Wars, there was a line of toys called Micronauts that I enjoyed playing with. But since I don’t want to think of anything about myself as “micro,” I think Cybernaut works just as well while suggesting the same thing: a person who is part machine, part human flesh, who explores a largely electronic world (the Microverse in the language of the Micronaut comic books).
As I say, these explorations are usually quite pleasurable and unstressful, until I hit a road block, such as I did today: the forgotten password.
How many email accounts do you have? How many usernames and passwords for various websites? How many usernames and passwords for web apps that use? How many usernames and passwords for the multiple computers in your life? PIN numbers for credit cards and debit cards and for paying bills by phone?
All these usernames and passwords are created for our security, specifically to make us feel more secure, and yet the sheer plethora of these words and combinations of words, numbers, and special characters, probably do more to undermine our security in the Cyberverse, rather than enhance it.
Take these examples from my own life. I work for the federal government, supposedly the most technologically secure institution in the United States. I have a username and password to log into my computer; the password must be a series of random letters, numbers, and special character totaling eight characters in length. Then once I log on, in order to log into my work email application, I have the same username, but a different password made up of a different string of random numbers, letters, and special characters.
Then, usually, the next thing I am prompted to enter is the username and password for my gmail account; I use Gmail Notifier which stays active in my Windows system tray throughout the day.
To do my work, I also have different usernames and passwords for two web-based apps that I use. And I have a different username and password (not created by me) for the database we use to manage our online content. To upload files to our servers, there is yet another username and password I have to remember (again, not created by me).
When I telework, things get more complicated. I have to use a VPN (Virtual Private Network) account in order to access my agency’s servers and data. Again, for this I require yet another username and randomly generated password (not created by me).
How do I remember these strings of random characters? I write them down.
The one no-no of Internet security, and yet I can see no way around it. I write them on a slip of paper that I carry in my wallet, and since I have to change these passwords every three months (or in some cases the passwords are changed for me), I write them in pencil so I can erase them and write in the new password when the time comes.
For those passwords that I create, I tend to use the same password over and over by simply modifying one of the special characters. Again, this is a no-no, but the system recognizes it as a “new” password simply because I made one change, and it’s easier on my memory.
Now, there I have laid out only those usernames and passwords required to do my work. In the normal course of a day off work, I might check my bank account, check my personal email (all three accounts), pay a bill, log in to my blog and delete some spam, log into some of the World of Warcraft sites and read forum messages, leave messages at other people’s blogs, which often requires a log in, buy a book from Amazon, upload images to Flickr or comment on an image at Flickr, read the news at the Washington Post…
You get the picture. There are literally dozens of websites we visit every day, and most of the time these sites require a login. Yes, even to read the Washington Post or New York Times requires that you register a username and password with them.
Heck, every friggin’ small town newspaper in the United States requires that you register, just so you can read the friggin’ obituaries.
When one thinks about how many times one registers with a website, using one’s name, address, phone number, date of birth, it must simply send the mind into a kernel panic. And then considering how much of ourseleves we put “out there,” to think that we still have some expectation of privacy, let alone security of our information!
How do we remember our usernames and passwords for all these websites? Why, we tell Firefox (or worse, Internet Explorer) to remember them for us.
Ah, but for Firefox to remember these multitudinous usernames and passwords, we must set a “Master Password.” Yet one more layer of “security.”
And God forbid you forget your Master Password, or forget to write it down, as I did . I thought I knew it by heart. I have typed it in multiple times a day for months, maybe even years. And then today I went to the Comcast website to remind myself whether or not I paid the bill last week, and Firefox prompted me for my Master Password, and I went to my mental vault…and it was not there.
It was not there. I don’t know where it went to. As I said, I type it in literally a dozen times a day. But today, for some reason, I found that the mental file in which the password is stored had been overwritten.
I tried typing in from memory my Comcast username and password (the username is my email address, but I don’t use the account so I can’t remember it), but Firefox prompted me for the Master Password every time I tried to type in the Comcast username manually.
So I decided to try waiting awhile and see if the password magically came back to me. i tried clearing my mind and typing the password automatically, as I do every time I enter it–not really remembering it, but finding it just “there,” like my wife’s birthday.
Didn’t work. That password is completely, utterly gone, after all these years.
I didn’t know what to do. Every site I browsed to prompted me for the Master Password for the “Security Device” (which apparently defines security as keeping me out).
Finally, I went to the Firefox website to see if I could change the Master Password. Of course I can…but I have to know the Master Password to change it. Duh.
The only solution open to me was to create a completely new Firefox profile, minus all my bookmarks, usernames and passwords, and form autofill data. Although it gave me a chance to clean out my bookmarks and manually import only those I actively use, it was still a painful procedure.
And I still can’t access my Comcast account, or my Verizon wireless account, because I don’t know the username and passwords. In the case of Comcast, I could have a reminder mailed to me, except that it would go to my Comcast email account…which I can’t access. In the case of Verizon, the arcane rules established by Verizon for creating a password are so ridiculous, I have to change my password every time I visit the site because I can’t remember what I changed it to last time I visited.
Lynn has suggested that we need to adopt a very low tech way of remembering all these usernames and passwords: a pencil and a small notebook that we could keep in a lockbox. It might not help us if we are at work and we forget how to log in to Verizon, but it might provide some measure of relief from the constant forgetting.
Or it might not, depending on how reliable we are in updating it with new usernames and passwords. And of course it defeats the whole idea of “security.”
Yet the human mind was not built for these kind of feats of memory, security be damned.
2 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Ugh. I hate the forgotten password. I was trying to remember a password the other day from a fantasy football league. The last time I’d had a team in this particular league was 2004.
Yeah. Another layer of fun added when I realized I’d purposefully not used a password I normally didn’t use because I was sharing this account with someone else.
Not nearly as serious as redoing your browser profile, but I feel your pain.
The little-used bank account. The profile set up in haste years ago that you forget until you try to pay a bill online. I sometimes wonder if I’ll just leak letters and numbers out of my eye when I die.
Comment by Heather — Wednesday, 5 September 2007 @ 1:35 pm
The worst part for me is remembering when I’ve changed a password, so that I remember to go and change it all all of my other places. I don’t use that master thing with Firefox, though I thought about it. That’s a case of letting the computer have a little too much control over whatever I do. And thus someone else having control over me too.
I’m most annoyed by having to change my password every 90 days at work, and it can’t be the same password within the last 6 passwords. Except I’ve tried to go back to an old password past that, and it doesn’t work.
To make things even more fun, I have three different things I log into at work, but the other two don’t require password changes. So every time my password is forced to change, I end up changing the others just so I don’t have to remember different things.
I also like how some sites insist, for your security, on some random login or in one case, adding a numeric to a user name. A user name! It wasn’t like it was my password.
I don’t write my passwords down. Except I had to write down a common password for my wireless router. Ugh. And then I still couldn’t get the elaborate security system for it to work.
Passwords… what a pain.
Comment by Mel B — Sunday, 9 September 2007 @ 9:40 pm