Either I’m getting old, or the number of logins and passwords I need to remember are simply too high.
Like most people (I assume), I have a set of legacy passwords driven by a combination of assigned passwords and sentimental words that date back to undergrad days. However, over the past 10 years, these passwords have evolved. Different password format demands drives one form of password evolution (sites that demanded “must be at least 8 characters long and include at least one letter, one number and one special character” have been fine up to now – what broke me was
a request for “must be at least 8 characters long and include at least one lower case letter, one upper case letter, one number and one special character”.) Some systems also demand that I change passwords regularly (another form of forced variation), so I now find I have a whole menagerie of passwords with no efficient way of figuring out which cages to put them back in. Besides having a memory transplant, I suppose.
Having accepted that I am past the point of no return, memory-wise, I was faced with two choices – change all my passwords to one super password, or get a password keeper. In the end I decided that changing every password to the same one would be more dangerous than keeping a record of them all, so I decided to put all these passwords in one place. I invested in 1Password for IPad and began to create a kind of taxonomy of my password ecosystem.
At first I felt distinctly nervous about typing all my passwords into a plain text field on an internet-connected device – seeing all these passwords written out felt almost blasphemous. But I soon got into the groove of purging my mind of random strings of characters, revelling in the knowledge that the next time I tried to add credit to my Swisscom account, I wouldn’t have to spend 8 guesses and one password reset to access the internet. Gradually easing my way from guilty trangressor to proud password heretic, I was so elated at this sense of freedom that I added the contents of my wallet to the program, figuring that it wasn’t a bad thing to have a few credit cards and health insurance numbers stored somewhere “just in case”.
Of course, as part of this process I had to create a new, super-secure password to lock up all my other passwords. Otherwise it wasn’t really secure. And it had to be a certain length etc etc. So I added a new animal to my password kingdom, a really big one. One I wouldn’t write down or tell anyone about. The shift from polytheism to monotheism was complete, and no-one would ever utter in plain text the name of the One True Password.
You can guess what happened next. Stupid brain.
So while I desperately try to remember the master password, what I’d like you to do is this: invent a special password language that consists entirely of an infinite number of possible characters that are also remarkably easy to remember in long strings. That would be super cool and very useful, as passwords could be both incredibly complicated and made out of a unique set of characters, with no existing dictionaries or other references to search for common strings, yet also able to be recalled with ease. Then we could all use this language for online logins and just be like “furry blue cat, margaret thatcher, bag of red lentils in lukewarm water, etc” to access our internet banking. Perhaps you could use theories around how people memorize things well to help make the language suitable – see this NYTimes article for example.
Of course there are a few technical issues to work out – I don’t know how the input would work (how would a user build the pictograms or other images to convey your password) or how would you avoid common strings being used by multiple people (there’d have to be real richness built into the password generation process), but I’m sure you can get around that. Let me know when I can be a beta tester!
Update: I finally remembered the One True Password. Unfortunately, recovering the memory was a painful and collaborative process involving two other people. Who now know it. What to do? Create a new G-$D? Argh.