The Password Crisis
The Husband and I are facing a serious password crisis. Every time he logs in to his bank account for net banking he looks at me questioningly, “Do you remember the password?” And each time, I glare at him, as I have been insisting him to at least note down the passwords in our Little Book Of Passwords. I rack my brains trying to figure out the combination, yet again. Alphabets, numbers, symbols, upper case, lower case, names…as usual, it is an utterly confusing and nerve-wracking exercise.
I check my phone contacts and scroll to that particular bank’s name to check the number stored. “Sorry, I just have the debit card PIN,” I mutter in exasperation. Soon begins yet again saga of forgotten passwords, trying different permutations and combinations and giving up in sheer frustration. The process of requesting a new password starts again with the system urging us for a stronger password yet again. But we are too exhausted to care and are unable to venture beyond the usual password patterns. It’s easier plucking the low-hanging fruits.
We have two bank accounts each between me and my husband, which means six sets of passwords each (credit card, debit card and net banking). And every time we visit an ATM or operate our net banking accounts, especially after a gap of a few weeks, we are at a loss, racking our brains for the correct passwords or PINs. There are passwords for other financial transactions, payment gateways and UPI platforms as well – Google pay, PhonePe, Paytm, BHIM…So much so that it’s not uncommon for us to get locked in from our accounts for a certain time for repeated failed login attempts.
The challenge and fatigue don’t end here. The password blank also occurs while accessing digital entertainment platforms, social media and other transactions, especially after a change in the device or when a device reboots. And we just can’t seem to recollect the original passwords. Thankfully, when it comes to entertainment and the family Wi-Fi, our children are the saviours. They are the keepers of all common household passwords – Wi-Fi, OTT and streaming platforms. Thank God for small mercies!
The experience is not just limited to computer networks alone, there are passwords and combinations for other functions and areas as well, like undoing a phone, bicycle lock and a variety of apps on which we have begun to completely depend upon.
With the extensive growth of online services across our professional and personal lives, we all are at the mercy of passwords now. At times, I feel the password burden across financial, email, social media and other accounts too hard to bear. Like many others, I often experience password fatigue having to remember an excessive number of passwords as part of my day-to-day functioning. The easiest way, of course, is to choose a common password or a combination of it even knowing that it can be incredibly risky due to the chances of account compromise. Even when Google keeps prompting and warning that you have used the password too many times, you just give in and do not bother to make it stronger.
There’s no respite at the professional front either. In spite of the layers of security walls built for network security, privacy and all sorts of encryption, there is the need to change laptop passwords every few weeks besides remembering the host of other identification screenings. Likewise, there are those professional networks that you are a member of, courses that you attend, where again you need to remember passwords to gain entry.
The easiest way to tide over the crisis is to press the ‘forgot password’ key so that one is able to either get a temporary password or an opportunity to reset a new password. In fact, there are so many passwords and so many versions of each password strewn across my diaries, notebooks and sticky note pads that I am no longer able to recognise which ones are still valid.
Moreover, when you use multiple devices to access your online accounts like a personal laptop, office computer, smartphone or tablet, it’s extra painful to remember the passwords and IDs. With each of our online profiles requiring separate passwords, people now need up to 100 passwords. No wonder, it’s a difficult terrain to navigate.
To protect our passwords we are often advised to change passwords frequently, not to save passwords to our browsers, set up two-factor authentication, avoid using names, birthdays, and personal numbers, use a mix of numbers, letters, and special characters and sprinkle special characters throughout etc. Besides, for passwords to be effective, they need to be an uncommon words, constitute at least eight letters and not used anywhere else. And what’s more, to minimise the risks further, it needs to be changed every 60 days and has to be unique used for a particular profile, website or app.
But how many of us really get down to do this? Despite warnings, continuous advice and education, we still prefer convenience over security. The worst passwords – 123456, password, 12345678, qwerty, 111111 etc. – still continue to be used.
The other most recommended solution experts say is a keychain. If all our passwords are ‘keys,’ then what we need is a sort of keychain which keeps it all together. In other words, what we need is a Password Manager which helps us to record all usernames and password combinations in a central location for easy access and recollection. Of course, you have to remember one more password to access your Password Manager and there are also associated risks of storing all our credentials in one place.
Password Managers also apparently help you to securely generate very difficult passwords to autofill into the online services’ login pages. Maybe something like a complex string of characters ‘58!P7b%CXM%klMqNqtuA.’ But mind you, you need to fortify the security further by adding another new security layer: Multi-Factor Authentication which means when logging into your Password Manager you’ll receive a notification on your phone which asks if you’re trying to sign in.
Many companies and banks use security questions to confirm identities. These questions are usually personal in nature, asking about the person’s background, interests and family. However, since the questions are easily researchable, cyber security experts say that one should not give correct answers or related answers to these questions. So if the security question is about your favourite song, you mention your favourite dish in response. But then don’t forget to remember the lies!
Passwords have emerged as the first port of call for our online/digital identities, particularly post-Covid pandemic, compelling us to sign up for new online services every day. However, despite the imminent threat of poor password habits and their corresponding consequences, we still see people (including many of us!) continue to use weak and the most common ones.
Passwords have become a ubiquitous part of the digital age and are the pathways to unlocking our online profiles hosted across a gamut of apps and websites. So, in today’s world of online work, financial transactions, shopping, healthcare, education, and almost everything else, keeping our accounts secure is more important than ever. But no matter how much caution one exercises, the responsibility is always on the end-user. Also, any password can be stolen no matter how strong they are with hackers getting smarter day by day. Passwords are the most common entry points for attackers. According to Microsoft, there are 921 password attacks every second – nearly doubling in frequency over the last year. And that’s certainly not a reassuring trend.
Why, we even have a ‘World Password Day’ created by cyber security professionals since 2013 to promote good password habits that help keep our online lives secure. Since its inception, the day (the first Thursday every May) is designated to raise awareness, foster and reinforce better password habits among users.
Nevertheless, many of us choose to simply reuse a common password or write down the passwords in our Little Black Books, word documents or spreadsheets. Why? Because it is easy to do so and we are tired.
Meanwhile, our password crisis continues and I see no sign of its abatement. I shudder to think of the days to come. My husband says we should enhance our memory power just to keep track of the passwords which in the days to come are only going to multiply. The digital world and online services were supposed to make our life easier, stress-free and convenient. But far from it. I miss the good ol’ days without the digital encumbrances. Password fatigue is a problem that’s certainly not going away. And I don’t know how to live with it.