P4ssW()rd f0LL1es

You know what would make a good password? “Security breach.” Because that way if you get hacked, you would at least have that delightful irony to cheer you up in your time of panic.

And yet we have no problem giving our credit card info over the phone to this guy... photo http://www.quickboise.com/blog

And yet we have no problem giving our credit card info over the phone to this guy…
photo http://www.quickboise.com/blog

I’m all about best practices when it comes to my own password: at least seven characters including a capital letter and a numeral. The fact that I use this same password virtually every time for every new account I create is about as bad a practice as can be, almost as bad as the fact that I list this and my handful of other passwords in a single Word document called “Web Passwords.” So if you know which of my dead pets I’ve based this password on, you can essentially access my life. The fact that I have many, many dead pets is too bad for you, not to mention for my highly traumatized children.

This is a lazy, lazy practice but I suspect I’m not alone. Who can possibly remember a separate password for all those accounts: laptop, phone, email, social media, banking, Netflix, government, Cheese-of-the-Month Club, international drug cartel, the list goes on and on.

And yet, even in the wake of the recent Heartbleed scare, I’m not especially worried. Why? Because there are billions of Internet users with dozens of accounts each, so the chances of getting breached are about the same as owning a cat named PHluffy9378, and I may have just said too much.

Plus, Heartbleed has shown us two things: One, that the names of bugs, viruses and Trojans could easily serve as the names of death metal bands: Heartbleed! Doomjuice! Creeper! I suspect as much thought goes into naming these bugs as the programming itself. For future consideration, might I suggest something really terrifying like Puppy Mill Fan Club! or Rob Ford Country Album! “VapoRub” has a nice cyber-ring to it.

The second thing that Heartbleed has shown is that, no matter what security precautions you take, the hackers will find a way. These latest attacks resulted in major security breaches, for instance, at email providers like Yahoo mail and Gmail. Incidentally, AOL was not affected, so all six of you can breathe easy.

But dozens of other companies from Amazon to Dropbox were also affected. And the recommendation after all of this? You should change your password. This is like discovering your umbrella has holes in it and then being told you should replace it with another umbrella with different holes in it.

They say we’re fast approaching the day when accounts will be accessed by retinal scans, but I think we’ve all seen enough James Bond movies to know that this is just one forcefully extracted eyeball away from disaster.

Internet insecurity is the modern-day boogeyman, and every time there’s a security breach like Heartbleed, we freak out that our private information is suddenly vulnerable and exposed. One of the companies affected last week was OK Cupid, the online dating site. So, the vulnerable information would be… that you like taking long walks on the beach and that sideburns make you feel “oogy”?

We fret about having our privacy taken away from us but we do a pretty good job of giving it away voluntarily. Imagine a program that exposes all your personal information, everything you do or have done for the past five years, all your secret-most thoughts and opinions, your photos, your address and phone number. Oh wait: it’s called Facebook.

So that’s why I’m not too worried about my lame password. There’s not really much left to hide. So, hackers, have fun looking at my topless vacation photos (me topless). And if you do access my credit card info, enjoy that single tank of gas, because that’s about all it can handle before it bursts into flames.

*

A version of this post originally appeared on CBC Radio’s “Breakaway.”

Advertisements

About rossmurray1

I'm Canadian so I pronounce it "Aboot." No, I don't! I don't know any Canadian who says "aboot." Damnable lies! But I do know this Canadian is all about humour (with a U) and satire. Come by. I don't bite, or as we Canadians say, "beet."
Aside | This entry was posted in It Really Did Happen!, Turn that radio on! and tagged , , , , , , , , . Bookmark the permalink.

36 Responses to P4ssW()rd f0LL1es

  1. markbialczak says:

    What did you say your mother’s maiden name was, Ross?

  2. Ah yes, I’ve been breached many times in many ways, so I’ve kind of given up worrying about it!

  3. Ned's Blog says:

    My password for everything is RossMurrayDeadPets45. Maybe I should change it to 46.

  4. Paul says:

    Hahaha! I agree Ross (or, as Rutabaga says – Rosemary – Ha, love that!) I often think that passwords just keep the honest people honest. I am job searching and have spread my name, address, phone number, etc, all over the internet and do you think I can get even one person to e-mail me back? Noooo. The more personal info I put out there the less people are interested. Using that logic, if I put every piece of ID I have on the internet, I should be left completely alone – friendless, e-mail-less, bereft of any contact whatsoever on an internet shared with 100’s of millions of not billions – you could hear a bit drop. Or maybe its just my deodorant?

    On the same topic and moving to corporate security – it seems that when you factor in human nature, the more complex you make passwords, the less secure they are.,I worked in one office for a medium sized business (about 300 employees) who took their computer security very seriously. They had off-site backups (in case the servers exploded and burnt), they had special password programs that would not allow passwords of less than a certain complexity and that forced everyone to change ther passwords regularly. Yessir, their security protocols were the best of the best and were admired by all as being unbreakable. They were anal about security. Now when you construct your password as the experts insist you should- mixing caps, lower case, numbers, symbols with no less than 10 characters , all with no meaning at all – then it is not possible to rememeber them, so they have to be witten down. Our operation was 24/7 and the IT dept was not large enough to have weekend coverage. And as servers are wont to do, they would occassionally choke and die (comms failure, power outage, custom programming bugs, etc.)and would have to be rebooted. After numerous calls to the big bosses on weekends, where many swear words and such were exchanged, the operators eventually gave up and wrote the administrator password on a sticky note and taped it securely to the keyboard slideout of the main server. It was religiously updated so that no one ever had to call the boss and get sworn at on weekends or middle of the night. So from that day forward, to access the most secure computer in the industry, one just had to walk up to the server, slide out the keyboard and copy the password taped there.

    • rossmurray1 says:

      Yup. Used to keep my passwords written down under my keyboard as well. Genius!
      I like the UK series “Sherlock” but one episode was entirely ruined for me when Holmes hacked into a military computer with the name of some general’s mentor. “As if,” I thought. But then, maybe so.

  5. These hackers are becoming more and more sophisticated and a problem for us old folks, that’s for sure. But they eventually have to come in from recess so the amount of damage they can do is somewhat limited.

  6. ksbeth says:

    hey, i can’t even remember my own phone number, how would i possibly remember 532 variations on a password theme?

    i so agree with your lazy approach to this and if any hacker cracks my kindergarten level code, they can go wild enjoying my $5 savings and having a happy sales clerk say, upon presentation of my credit card, ‘oh good, we’ve been looking for this one, i’ll have to hang on to this and cut it up.’ enjoy!

  7. Trent Lewin says:

    Ross, you are one heckuva funny man and a talented writer. James Bond and eyeball impersonation… check. I may have just said too much… as Darth Vader once said, I have you now. But please, really. Rob Ford references? That is so January/February. I need no further reminders of snow, please. I hope your credit card really does burst into flames (after I take the obligatory tank of gas, though).

  8. franhunne4u says:

    Password is P@s2WORD, isn’t it? 😉

  9. When I was leaving my previous job in systems (at a university library), we had a myriad of passwords that all changed every 90 days (that was major suckage). By the end of my time at this job, I was pretty disgruntled and my passwords reflected this as they were things like: F*uCkU2, bITeMe8x etc… My boss requested a list of all my current passwords, looked at them and said: “Hmmm…I guess you were pretty miserable.” Luckily he smiled b/c I actually liked HIM. Hee hee…

  10. Nic says:

    LOL at all of this. It’s also funny because when Heartbleed happened, the first thing I started telling people was, “Oh, who cares… our online identities are just an illusion anyway,” which, I think is kind of exactly what you said here except your version is about 10x funnier and less new age-y.

  11. This is the EXACT SAME rational I employ! It’s the same reason I don’t stress about being audited by the IRS. What are the odds!? I thought I was all alone.

    Do you know I initially misread your blog title as “Drinking Tips for ‘Tweens? “

  12. haha I have a file that I emailed to myself, subject line” passwords.” SMART. i wanted to try to hide it so I re-forwarded it to myself with the subject “cats.” So now whenever I need to remember a password, i have to go find my cats email. Good luck with that mess hackers. You can have it!

  13. Healing Slowly says:

    I’ve used the same three passwords (that way when I inevitably enter two incorrect passwords, I can safely use the third one, knowing my account won’t be locked out) for the last 7 years. I’ve never had an account compromised. Strangely enough, each one of my passwords is a specific phrase where certain letters are simply replaced with a number or symbol. The one thing I did have compromised, was my debit card number. Apparently, the secret service had run across a debit card scam in some foreign country, and my debit card was one of the numbers that had been purchased. What this scam did, is take existing credit/debit card numbers, and assign them to new people in their country, on fake credit cards that they sold to these schmucks to be able to use. They hadn’t actually used my debit card number, but the secret service put a block on it just the same. So I had nine days of wondering if my utilities would be turned off, because I couldn’t make a payment. But I digress, I’m lazy about my passwords, and I don’t care who knows it.

    • rossmurray1 says:

      It’s true when I think of it: the only time I’ve had trouble with cards is when the company THOUGHT I had been stolen. Don’t buy gas two times in a short period or make long distance phone calls with your card. Apparently, those are the most populare post-theft activities.
      Thanks for the comment.

  14. benzeknees says:

    Like you, I use a very similar password on most of my accounts but it is completely random, long & includes a lot of unusual characters. (foil those hackers) Now I have this one memorized I wouldn’t be able to have different ones for different things. But, like you, if they get hold of my credit card I hope they enjoy the candy bar it will buy them because I can’t afford one!

  15. Pingback: Acting. My age. | Drinking Tips for Teens

Go ahead, don't be shy.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s