Everything requires a password. That’s not a bad thing – but what doesn’t help is the lack of consistency between specifications. Some require more than 10 letters, others won’t accept punctuation or repetition of numbers/letters. This complex mix of capitals, numbers and punctuation leads only to one thing – confusion. I have tried as far as reasonably possibly to standardise my passwords. I have one overarching super strong one for my email account, a simplified version for everything else, and a basic one for the annoying sites with extreme limitations on permitted characters.
This works perfectly most of the time. But then you come across certain sites that force you to change you password every 6 months and won’t let you use the same one twice. One particular site was my old University online learning account. For years I had to try and come up with increasingly obscure passwords to fulfil their requirements. To further complicate the matter, each time I would try to logon, I would forget what random assortment of numbers and letters I had been forced to choose the previous time and would be made to reset it with another unique never before used password. Why? Who on earth wants to access my online learning portal and see which book a tutor has advised we review? What possible damage could somebody do that would require such levels of encryption? Especially in consideration of the ease at which one can gain access (Call up IT help desk and say you have forgotten your password – provide them with your student number and they will change it over the phone…)
Today I tried to log on to my online banking back in the UK. I can’t help but feel they should offer varying levels of security depending on the users wishes. Not long ago, I would enter my ID number and password, and wham I have access to my accounts. Now, however, I put in my ID, and username, followed by a password – then rummage around through stacks of old bills to find the pocket calculator sized device which I then put my bank card into, mash a few buttons and enter a pin number, then transfer the overly long number from it onto the computer, at which point I can finally logon. What does one do if they need to gain access when away from their plethora of devices? I have bank accounts with 6 different banks (in various countries) each with their own annoying combinations of user names, card readers/pin sentries password combo things. It gets terribly confusing. In this particular instance, I was requested to call the bank in the UK on their premium rate number and proceed through their slowly spoken menu lists. Eventually I got through to a human who insisted on going through ‘security’ with me. I failed at the first hurdle. No, I do not remember the random sequence of numbers you issued me 13 years ago, nor do I recall the memorable place I told you, after over a decade I have accrued many memorable locations that spring to mind – I have no idea which one I told you. And so, I am informed I can proceed no further and a reminder of my information will be sent to me in the post. That’s great, I will be back in the UK in 18 months time to collect that piece of paper and we can continue this conversation.
Why can’t we offer some sort of standardisation? If I want to set my Password to Password123 for all my accounts, then let me accept the risk of someone ‘hacking’ my bank account and pilfering the measly $20 you are trying so hard to protect. In fact, I think I would pay $20 just to be able to maintain some sort of simplified consistency in all of the account information I have. It would definitely save me a lot of time! It’s either that or I write them all down on a piece of paper and carry them around with me.