My son just created his new college account, which of course, requires a password. He said he used the same one he always does. I know this is not a good idea but I completely understand the impulse.
Two fraudulent emails to users were recently sent out. “We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords,” the LinkedIn release states. “We have no indication that this is as a result of a new security breach.” Reset your password? Nah. I got that fraudulent email but didn’t click on it because I can’t remember my LinkedIn password. Haven’t gone on the site for years because of it and can’t be bothered to create a new profile and a new password.
I hate passwords. I use the same ones for everything in different forms (a weird character here and there, a number inserted, random capitals), and have a yellow piece of paper in my desk with all of them written down. When I run out of room on the paper I erase something from a site I never use and write in the new one. It may not be the most advanced system, but it works- when I’m home.
God forbid I’m out. Then come the dreaded QUESTIONS OF PERSONAL INFORMATION to make sure you are really you. But did I type in my childhood home street as Williams Street? Or williams st? Or a combination of both? And I only have a few tries before I’m told I’m a robot and go away. My poor mother has shaky hands and often types things in wrong. She is so often locked out of accounts that think she was hacked by someone not-quite getting her passwords correct.
If you pick simple words you can remember, you are getting increasingly out of luck. I hate sites that FORBID you from having a short word; you have to include weird stuff. Now Microsoft has banned common passwords altogether.
Jerks. If I want my password to be Dragon (it’s not) then I’m the one taking that risk. You can read more about that here.
Of course, you can always use cool software to help. Here at GeekDad/GeekMom we highlighted an app that lets you use a single password to log into sites across multiple platforms. Password Boss sounds like a good tool.
Or use your fingerprint as a password like on iPhones. But that comes with some legal fuzzyground as seen in a recent case where the FBI was trying to unlock an iPhone. “In his ruling about the iPhone search, Virginia Circuit Court Judge Steven Frucci made a novel distinction. The judge said it’s okay for police to force suspects to use physical characteristics, like a fingerprint, to unlock a phone. But they can’t force someone to ‘disclose the contents of his own mind,’ like a password.” You can read the full article about that distinction and decide for yourself if that’s fair.
Right now, an iPhone goes back to requiring a regular passcode if the phone hasn’t been used in 48 hours. Also, all the phone’s data will be erased if the wrong passcode is punched in multiple times.
The most intriguing news on passwords is Google’s plan to get rid of them entirely. Project Abacus aims to study how you use your phone (voice, swiping, location, frequent apps) and creates a “profile” of you.
This means that if someone else starts using your phone, they would have to mimic exactly how you use it- impossible? And then what? If the imposter tries to access stuff on your phone does it shut off? Or does it ask for a passcode to verify? More news on that to come.
In the meanwhile, I will encourage my son to insert a number into his favorite password. And write it down somewhere, and not a document called “Passwords.”