I have password fatigue. I’m not alone.
I’m tired of creating passwords, then having to go through mental gymnastics to remember what password I created 6 months ago when I signed up for a new photo-sharing site I haven’t used since.
Writing them down doesn’t make sense. In fact, keeping them anywhere but in my head seems like a pretty bonehead move. I’ve yet to find a foolproof system. If you have one, lunch is on me.
New technologies, new ideas
New technologies and ideas have surfaced to help alleviate the password control problem. Facebook and Twitter have certainly made it easier for people to sign into multiple sites using their social credentials, albeit not without some risk. Microsoft Live, LastPass, 1Password, Open ID and others have all tried to deal with the passwords issue, with varying degrees of success.
Computer scientists in Brooklyn are training iPads to recognize owners by the touch of their fingers, and banks are using software that recognizes your voice, according to this New York Times story. The man leading the iPad project, Nasir Memon, a computer science professor at the Polytechnic Institute of New York University in Brooklyn, says passwords are indeed a digital scourge. “If you ask me what is the biggest nuisance today, I would say it’s the 40 different passwords I have to create and change.”
The government’s plan
The password security and privacy challenge has prompted the U.S. government to get in the mix. They’ve introduced a plan, the National Strategy on Trusted Identities in Cyberspace, that calls for a private sector-led Internet national ID of sorts that would get the National Institute of Standards and Technology’s seal of approval. No telling how much support this will get, but pilot programs are planned for 2012.
I appreciate the efforts at standardizing and simplifying credentials, but short of having a unique username/password combination I can use until the end of time — kind of a digital version of a social security number — I don’t really see the problem getting better until we turn to biometric measures like eye scanners, fingerprint/handprint readers or multi-level methods of access, which seem to be gaining favor. Count me in.
Strategies and pain points
I asked people at work about their password strategies and pain points. Their thoughts:
• I make unique passwords for every site using a formula based loosely on the purpose of the site.
• I use the same username/password with subtle variations and it drives me crazy because I can never remember them and can’t find where I wrote them down so I constantly have to reset them.
• If I forget a password, I simply use the “Forgot password?” link and set up a new one.
• I use made up words and pass phrases in my combinations. I also never write down my passwords digitally.
• I use the same root combo of letters and numbers over time, but sometimes switch the letters and numbers around across different accounts.
• Been using the same username/password since middle school. Not really worried about security. If someone wants it, karma will take care of them.
• I use the same root for all passwords and change up the last character. That way I can always figure out my password within 3–4 attempts.
• Sites that I only use once or twice a year that require me to create an account become more trouble than they’re worth. I wind up just creating a new account every time I go back.
• I don’t like sites and apps that ask me to sign up before I get a chance to interact with their platform. It’s a big deal to give someone my e-mail address. That’s why I have one designated for promotional material.
• I often will back out of registering for a site if it won’t let me use the username/password combination I want to use, like if it won’t allow a special character.
• I use a password collection app to store username/password combinations in case I forget them.
Why it matters
Why is the password issue important to marketers? Because forgotten passwords mean abandoned accounts and unrealized customers. Because lax login approaches can lead to security issues and fraud. Because consumers often avoid the commitment of a login/password relationship with your brand. Because the more digital we become in everything we do, the more privacy matters.