This NYT Magazine article on passwords broke my heart a little bit this morning.
Professional phisher Journalist Ian Urbina got a bunch of friends, strangers and even security experts to divulge their passwords, and the rationale behind choosing them. They're shockingly meaningful, condensed snippets of memoir, used for the most mundane purposes: to gain entry to our pinterest boards and groupon accounts.
There was the former prisoner whose password includes what used to be his inmate identification number ("a reminder not to go back"); the fallen-away Catholic whose passwords incorporate the Virgin Mary ("it's secretly calming"); the childless 45-year-old whose password is the name of the baby boy she lost in utero ("my way of trying to keep him alive, I guess").
And of course, they are that much less secure. My password is the name of a favorite pet—and the family rabbit had the least original name, literally as generic as it gets, although I can blame my second grade teacher for that. My mother's work logon is "the money" in an obscure language, to remind her why she goes into the office every morning.
My security questions are just as bad. I am apparently unable to remember the details of my own life outside of my elementary school, the make of my first car, and my relatives' names. (Even with my relatives' names, I'm never sure if I've entered full legal names or nicknames. I am terrible at being me.)
While I was trying to change my privacy settings the other day, I discovered that my Facebook profile has more intense security measures than my online banking account (I'm looking at you, Bank of America. Nobody understands your Site Key bullshit). One of Facebook's possible identity-proof options was to provide a photo of my driver's license. Another was to correctly ID my friends in a series of pictures. I didn't consider the first option, and am supremely confident that I would fail the second, given that A) I don't recognize half the people on my newsfeed anymore, B) many of my closest friends have garbled their Facebook usernames to hide from their employers, and C) the machines will always win. I got so angry during this process that I changed my Facebook password to "facebook1" and for some reason that felt like a major victory over Mark Zuckerberg. I'm sure he lost some sleep over that one.
According to Urbina, the average person has 81 passwords, which is totally unreasonable. I don't even know all of mine: 4 email accounts, Facebook, 2 online banking accounts, a desktop password and a laptop password, my phone lock key, a cable account, 2 online accounts for my apartment building, our internet password, 3 frequent flyer accounts, youtube, Skype, twitter, amazon.com (I admit to routinely hacking my mother's account for her amazon prime video), my TurboTax login, a boatload of work-specific accounts, groupon/living social/daily candy, (I have to check my search history now), health insurance, github, a laundry list of user/pass combos for every application I've ever filled out, 2 pandora accounts (both necessary, don't judge), my iCloud info, paypal, eBay, etsy, Netflix, hulu, yelp, kinja, good lord...