Please Protect Me From My Password

We live in a world that is surrounded by fear, by a bit of paranoia and maybe rightfully so. We have groups lopping people's heads off and posting the videos online. There is the fear of your not so friendly neighbor invading your territory under the pretext of protection and the outbreak of new types of diseases and viruses that we didn't know existed. Maybe a bit of paranoia (and caution) is not such a bad thing but sometimes we do take it to an extreme.

In today's day and age, with technology at our fingertips (quite literally) there has been a bit of an invasion of our personal space and our privacy. Some of it is by our choosing, some of it not so much. In either case, we have had to become a little more cautious about the kind of information we share. You wonder how safe and secure our information really is, even with the biggest and in the 'safest' of places (read Edward Snowden and the NSA leak). It is not uncommon to hear of credit card data being stolen (Home Depot recently reported its information being hacked and such data being stolen). Banks, retailers and corporates all have have all been guilty of that -- or have they just been victims of circumstances?

My credit card and bank details could be lost even if they are kept 'securely' with a bank or a large corporate that spends billions of dollars on corporate security (or at least I hope they do spend some decent amount of money on it). But aren't they the ones that have zillions of passwords and keys that are needed to login to access these details? Then, how is it, I wonder that a hacker is easily able to penetrate this level of detail.

This security and password protection has achieved another level of sophistication [and possibly silliness] at some institutions. For instance, at my current employer, I have to log in to my computer at my desk using a password that is comprised of eight characters, and it must also include letters, numbers, special characters and at least one upper case letter.

Complex enough? Well, for me it is. I have a hard time keeping track of all the passwords and find it counter intuitive to put them in a single app that might be susceptible to the same kind of digital theft that any other data out there is. So what do I do instead?

Without revealing too many secrets, I keep it simple. I use the easiest and most intuitive key strokes to develop my latest password. But, I guess it isn't enough. I have to do this every quarter and reinvent a new set of strokes that no one else in their right mind may be able to figure out.

I've been at my current role for a year, or four quarters, and I've had to do this four times already! Each time I do it, I think "Ah, easy enough; I can reinvent a password or maybe even use an old one and it should all be fine." But no, the password gods at my firm will not have that.

Not only does the password have to be a new combination of letters, numbers, special characters, and one upper case letter, but it also has to be distinct -- so distinct that it shouldn't have been repeated for the last 24 times! Yes, you read correct... 24!!! Not 2, not 4, but 24 times!

I am busy enough that there are days when I can barely remember what I ate for lunch; how am I expected to remember or not remember my last 24 passwords? Surely if I last in this role for more than a couple of years, I'm going to have to start getting more creative. Do you think I am some creative wizard or some genius that can invent new keystrokes and passwords that no one else can decipher. Every three months, never to have been repeated for the last 24 times or eight quarters in this case?

Surely I want my data to be safe and secure. And yes, I am willing to take the necessary steps to ensure that it is. But somehow, going through this level of absurdity and to these extremes just doesn't give me the level of confidence that it will indeed be.

If anything it makes me worried that I may forget my own password and not be able to login anymore! But then again, we live in a world filled with hyperbole and paranoia, so why not extend that to our data protection too? If nothing else, it at least keeps our memory sharp.