Password recall: an impossible mission

Overload: Security experts say using several codes is a good idea, but some people find it hard to keep track.

January 10, 2000|By Julie Hinds | Julie Hinds,KNIGHT RIDDER/TRIBUNE

In the old days, the only people who had to worry about passwords were movie spies and contestants on Allen Ludden's game show.

Not anymore. There are now so many passwords in daily life, a person can be forgiven for feeling confused, frustrated and slightly overwhelmed by them.

You have to remember a password to get money from an ATM. Ditto for checking your phone messages through voice mail. If your home is protected by a security system, you might have to punch in a password for that, too.

And computers? Don't even try to count the number of passwords related to the Web. You need them to sign on, open e-mail, shop online, track your mutual funds or make an investment.

With so many log-in IDs, access codes and personal identification numbers to keep straight, it's no wonder people are feeling the pangs of password overload.

Melanie Brown experienced it recently. The 26-year-old project manager for a Bloomfield Hills, Mich., technology company was looking online for cheap fares to Sweden and decided to join three frequent flier plans.

To sign up, she was asked to create three passwords. No problem. Not, that is, until the next time she visited the sites.

"I remembered the passwords, but I didn't remember which one was which," says Brown. "I just said forget it and decided to wait for the information in the mail."

Ed Coury is familiar with password overload, too. He estimates he has 25 passwords at work alone. Throw in the ones he has used once or twice to navigate the Web at home, and his password total is more like 100.

"It can be a mess," says Coury, 38, a computer buff who's the Web master for WWJ-AM radio in Detroit and Midwest bureau chief for the Wall Street Journal radio network.

Recently, Coury tried to log on to a site offering discounts at Radio Shack. "I tried a favorite password. It didn't work. I tried another. It didn't work. I tried to sign on again and get a new password, and it said, `Sorry, Ed Coury, you're already signed on.'"

Finally, Coury asked the site to e-mail him his password. "All this work, just to get a coupon," he says with chagrin.

So much for simpler times, when all you had to memorize were your Social Security number, a few phone numbers and, if you were young enough, the combination to your locker.

In today's world, passwords are proliferating, especially on the Web, and more are on their way. The more e-commerce grows, the more passwords you'll need to get in on shopping opportunities.

Of course, passwords do more than boggle the mind. They protect privacy, restrict access and preserve the confidentiality of all kinds of online transactions, from e-mail messages to bill payments. That all sounds good for consumers, in theory. But in practice, it's tough on human memory.

Humans rely on context to remember, says Colleen Seifert, a psychology professor at the University of Michigan and a specialist in cognitive science.

"If you remember where someone lives, you can drive there pretty easily, but it's harder to remember the specific street address," she says. "It's easier to remember something that has meaning. It's harder to remember something that's random."

That's why our natural instinct is to choose passwords that are personal, such as names or birthdays. We're also tempted to use the same password for everything.

Security experts warn against both those strategies. Personal passwords are easier for pranksters and scam artists to crack. And having only one password is like getting a master key and leaving it under your front porch mat.

But such warnings haven't made that much difference, says Joe Ahmed, a network computer security manager for Ameritech and founder of his own information technology-security consulting firm, Corbant, in Ann Arbor.

In a recent study for a client, Ahmed found that the majority of Internet users rely on one password. Although he doesn't recommend that strategy, he understands why it's popular.

"People are just swamped," he says. "They have so many log-in IDs and passwords to remember, they do a cost-benefit analysis of trying to remember them all and decide it costs too much in brainpower."

Complicating matters are Web sites that dictate what kind of password you can employ.

"A lot of them push you not to have just letters, because they want you to put in symbols, to make it harder to crack," says Gene Graber, president of the Ann Arbor Software Council, a nonprofit group that promotes the software industry in that area. "Or they have a policy that they want you to change your password every six months."

Most sites are prepared for forgotten passwords. They'll send you an e-mail reminder or allow you to reregister under a new password.

Some software programs also are trying to help with password overload. They offer systems that will encrypt and store multiple passwords.

Graber prefers a low-tech filing method. He makes a printout of new passwords the first time he enters a site, then stores the printouts in a folder.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.