Here's what happens in my case:
- I use several variations on a theme to keep things relatively easy to remember. I can get this right 90% of the time within 3-5 tries. In some cases, I don't get it in the first three, so I am forced to set a new password.
- The system doesn't allow me to use a password that I've used before. So I come up with a new one.
- Because I was forced to use a completely new password or capitalize one of the letters -- and I'm never going to remember which -- I end up resetting the password all over again.
Sure, I could write the password down, and I have done this in a couple cases, but in doing so, am I not defeating the purpose? The first place a thief is going to look - if he's in my house - is on the notepad next to my machine. Or, better yet, Mr. Thief will be looking for an email in my inbox from myself titled "bank password."
In short, by thinking they're helping us, the good people coming up with password security measures are not only making thinking achingly tough for us, they're also creating new security issues because we're writing the things down. I appreciate the efforts, but this really has to change. There has to be a better way to force consumers to protect themselves.
Is capitalizing one letter and causing me to remember that one idiosyncrasy really going to save my tail down the road? Is the up-front pain every time I use a product good for our long-term relationship, Mr. Security?
Sure, there are clever programs that keep passwords in one file, but they too are protected by yet another password. And, to be frank, I don't want to keep all of my passwords in one place: I'd much rather a thief find access to just one account instead of them all.
So let's try this: Let me choose whatever password I want. Then, let me sign an waiver of liability. It's not your problem if all my passwords are "1234." It's mine. I'm fine with that. Really.
By the way, my password is not "1234" and nor should yours be. I am sure people will blast me for simply not being able to remember my passwords, but when every single device and account has different requirements, what's a fool to do?
It's amazing, really, despite all the other advances we've made in user interfaces, that digital security still comes down to the streets we grew up on and our first pets' names. What happened to thumb-print readers? I had a laptop a few years ago that used one and it was pretty bulletproof. What about retina scanners? There's gotta be a better way.
Joshua Fruhlinger is the former Editorial Director for Engadget and current contributor to both Engadget and the Wall Street Journal. You can find him on Twitter at @fruhlinger.