A Truly Secure Password Should Be as Long as This Post

Darrell, Staff Writer

In my previous post, I ranted at length about the inconvenience of passwords. While researching for these posts, I encountered a number of articles about password security. The articles gave tips like “don’t write your password down” and “make it as long and random as possible”. Sounds reasonable, but some take it further. I read posts from many who bother to use a random-character generator to make passwords upwards of twenty characters -- punctuation included -- that are different for every single site they visit. Some consider this excellent security. I consider it clinically insane.

As it is for most, password security isn’t my biggest concern. If someone wants to hack into my Twitter and post racist bile, I guess I’ll contact Twitter, clean up the mess, and change my password. If someone gets my financial info, I’ll report it to the bank and get my money back. We have plenty of ways to react to nefarious activity when it arises, yet we’re so frightened of its prospect that we’re willing to do anything to prevent it.

Previous complaints notwithstanding, I see the need for passwords and the need to have different ones. There are frauds and thieves in the world, and we shouldn’t make it easier for them to lie and steal. However, the proliferation of passwords is another incarnation of humanity’s excessive fear of everything.

A few years ago, huge fences were built around every high school in my home state due to fears that some maniac might infiltrate the campus during school hours. Never mind that a fence never stopped a maniac, or that such a maniac might be a student at the school (and is therefore inside the fence already), or that fencing-in students might be dangerous if, say, there were a fire. Nope. Our tax dollars went to erecting superfluous fencing simply because of a misplaced fear.

That’s kind of how I feel about the fellow who makes twenty-character passwords complete with $s, ^s, and }s. Why are you spending all this time and effort to protect yourself against something that A) is unlikely to happen and B) can be dealt with if it does? One of my credos is that you never get time back. You can always make more money, but once time is gone, it’s gone. Why spend even an extra second generating a random password every time you log into some site you probably didn’t need to visit in the first place? Stop fearing the unlikely and start appreciating that your time here is limited.


blog comments powered by Disqus