Passwords - the unlockers of worlds
Passwords - the unlockers of worlds
Forgetting a magic key reminds you of other important things
I drove to work in the dark with an empty drivethru breakfast bag by my side, sausage, cheddar cheese and English muffin consumed and a plastic cup filled with sugary citrus drink drained during the trip with hope of getting an early start to a day of meetings, emails and a few breaks squeezed in between events, as one does.
The first thing I did, unfortunately, was to try and fail to log on to my work computer because I could only remember the first 8 digits of my network account password: the final five digits eluded me like Cylon skin-jobs embedded in a Colonial fleet1, buried amongst things and people. I had kept a written copy of the password on a piece of scrap paper and had never bothered committing the characters to memory. And, of course, I forgot that piece of paper at home. Fifteen minutes later, my friendly neighbourhood IT support desk had reset my password and I was back in to my virtual world, ready to push bits and use bytes like the best of them. But I cursed the friction.
So many fantasy stories have been written about doors that can only be opened by spells, the flick of a magic wand or keys that are unique to a specific lock. These enchantments and enchanted objects are replaced today by much more mundane keys of metal and plastic, occasionally beefed up by bolt cutters and sledgehammers for those times when you just don’t have the magic touch and need to get into some place in a hurry.
In the digital age the password and the encryption key are probably the closest things to that kind of magic that we have in our mundane world. Indeed, passwords can unlock strange digital worlds and encryption provides a magic shield that wards away all but the wiliest of sorcerous rogues who would steal the riches of your data.
There was a time when I took a much more naive and simplistic approach to cybersecurity and used passwords as simple as itsmark or hithere2 over and over again for multiple social media sites. It was like having one single key to open a dozen magic doors, or a good wand with a Knock spell with unlimited charges3.
This was, of course, a stupid thing to do and never got into major trouble while doing this. These days, not only do I create longer and more complicated passwords but with few exceptions I maintain unique passwords for each application or website. My virtual key ring is large and varied, indeed.
Yesterday was the first time in a long time that I forgot my network password, which is the key to unlock a bunch of other keys. By contrast, if I forget my Substack password, I can easily request a reset on their website and this request casts a magic spell which lets me reopen the door into the Substack world. But, of course, this means that I need to be signed in to my email and, even worse, I need to be able to access the device which is probably password protected. So on most websites, the going rate for one password is at least two passwords. Such a deal! In a different era you might have to slaughter two lambs for a password reset.
But it’s kind of a problem, right? In a digital age the number of passwords you need to remember resembles that gigantic keychain that a building superintendent lugs around, grumbling when you forget your key and taking 20 minutes to fish through them and make many failed attempts before finally finding the right one.
Utilities like SSO (single sign on) help make life easier by hiding the fact that you needed to provide six different passwords during the first six minutes of your work day, just to get to a starting point.
But you really can’t talk about passwords without considering the limits of memory. Our short term memory is continually diced and butchered into thin slivers of attention and memory while we wield one of the many knives. Apparently when telephones became widely available in North America those in charge of the nascent telecommunications system decreed that ten digits was the maximum number of digits that the human mind could reliably remember. Hell, I grew up in an age where you only had to remember seven digits for most of your telephone needs and in some towns and villages you only needed to remember the last four digits. Those of you outside of North America are probably snickering as you have to remember 17 or 19 digit numbers: then again, maybe this is why mobile phones and digital phonebooks took off so quickly in the rest of the world.
And that was when you only needed to remember numbers. Or you could use their letter equivalents on the phone keypad if that made it easier to remember.4
Unfortunately you can’t function in the digital world without keeping an ever-growing secret list of characters (jumbled together in a way that’s intuitive to only one person) so that no one - or no computer - can guess them in less than 26,295 years.5
I have to admit, I felt pretty dumb when I needed that morning password reset. But then I had to factor in the reality that every hour, if not every minute, we take in more information that we can possibly remember without making enormous effort to commit key pieces of information to long term memory.
Yes, I know there are options out there to manage your passwords and even generate VERY STRONG passwords automatically to increase your cybersecurity strength. I’ve never used them: I worry that a) I’ll forget the master password to unlock the password app and b) I’d need to forfeit a pound of flesh to barter my way back into this password management system and while I’ve technically got a bit to spare I would never want to suffer through that.
Stupidly enough, the best solution I’ve ever found to survive in this security-sensitive world is to maintain a notebook6 filled with passwords that I can refer to when needed and I just make it as anonymous and inobtrusive as I can. I could maintain them in a digital file, of course, but if I get pummeled by the side of a truck or struck with a lead pipe I don’t want to be stuck during the ensuing memory lapse.
But here’s the real gotcha: the user agreements for some websites and apps dictate that you cannot maintain a paper copy of your passwords near your computer, tablet or phone without violating this user agreement. Banks seem to like using this restriction. And if you forget your bank account password it’s like you’ve lost the key to the Garden of Eden: the snake won’t let you back in, even if you slip pass the angel with the flaming sword, unless you’re prepared to pay penance and maybe eat a poisoned apple or two.
Some days I wish I literally did have a separate physical key for every website and application that I needed to use. If they were clearly marked that would be great.
So as I continue on this memorable (hah!) journey on the physical ageing train I’ll become increasingly obsessed with and annoyed by the need for passwords in order to survive the 21st century. Intellectually I understand the need for strong passwords and hey, if I’m willing to compromise a lot, I could reduce the number of passwords that I need to retain by reducing the number of websites and apps that I use.
On the other hand, if we could reduce the amount of flesh required to access a site down to a gram… well, I’d be willing to have that discussion. But for now, you’ll have to pry my trusty notebook out of my hands with one heck of a crowbar.
Now if I could only remember where I left the notebook.
I just finished a rewatch of the Battlestar Galactica remake so it’s a fresh source of metaphors.
Just messing with you, I’ve never used those phrases as passwords.
You do know where the Knock spell came from, right?
For years one of my key passwords was the name of an eccentric two-headed science fiction character, using letters instead of the numbers on a numeric keypad. Stand down, though: I don’t use that one any more. But it once led to a confusing conversation when I had to try to provide that password to my father once when I was sick many years ago. Bright man, though, he figured it out.
There are times when I’ve needed to stop using certain websites or applications because I was wasting a long time on them. In the old days if I couldn’t delete the account I could change my password to something completely random that I’d never possibly remember to break the cycle. Can’t do that anymore.
Everything I write about ultimately comes back to notebooks: it’s a feature, not a bug.
As I said over on Bluesky, I’m in password hell. This morning, I sat at my new work computer and started to punch in my old hospital password without thinking. It is not my new password. I also have new user names to learn IDs and my poor brain is suffering! We are not made for this mess!
Whew. Too much truth here! The darned password instructions read like parody: 8 digits, 12, 16. Make sure you don't use: Anything personally associated with your life, family, home, last year's taxable income, or shoe size; anything with whole numbers or the Roman alphabet; anything you have used elsewhere or yesterday or ever before. And above all else, do NOT write today's precious 57-bit trilingual strong password in a godforsaken paper notebook! That would be .... human. Sigh.