It occurred to me a few years ago that if I’d known, as a little boy, that in the future I’d use so many passwords every day, I would have imagined a much cooler life.
I’d be Steve McQueen or Sean Connery, wandering through my luxury apartment high above Central Park, planning my next caper. I’d practice dodging laser beams and hanging from the ceiling by a thin wire.
I could make a mean martini. I’d spend my spare time practicing cryptography and cracking passwords.
So let me tell you a story.
I worked in a hospital once, a graveyard shift that began around 10 p.m. I sat at a workstation occupied by someone else during the day, and occasionally I had to move around, meaning I had to log on to the network from a different computer.
This wasn’t a problem, because in most cases the day person had written down a log-in password and conveniently taped it to the desk.
Some of you are smiling and nodding. We’ve all done questionable things for convenience. It might occur to you, though, that this person really didn’t grasp the concept of a password.
I want to tell you two things. The first is that this story about the hospital took place in 1978.
The second is that we should stop smiling and nodding.
There are dozens of ordinary things I know nothing about. Several of them involve plumbing, and almost all have something to do with tools.
But I’ve been working with computers and on networks for over 40 years, and I’ve learned things. I’m not a software engineer or a security expert. I’m just a power user, a guy whose income has relied on staring at screens and finding out information.
I can do a lot of things with these machines. I haven’t mastered everything. I’ve just been doing it for a long time, and I worry.
So do you, by the way. A recent Gallup poll showed that Americans are more afraid of computer crime than violent crime, including terrorism and sexual assault. We’ve all heard about identity theft and worse.
A few years ago, I was horrified by the story of Mat Honan, a technology journalist who knew of what he wrote. Honan got hacked by social engineering, which is a fancy way of saying someone impersonated him and fooled somebody at a help desk somewhere into handing over information.
Honan made one big mistake, which I’ll mention in a bit, but the aftermath was scary. It was a cascade of personal horror, as email and social media accounts were picked off one by one, and just for good measure Honan’s laptop was remotely erased, including photos he was never able to recover.
We’ve all heard the stories. Many of us take preventive measures and practice safe surfing, but many more never think about it. We rely on those passwords to protect us. They’re a pain but we can always tape them to the desk.
So let me mention one statistic: In January 2019 alone, nearly 2 billion user records were leaked online, with names and associated passwords. That’s in a single month. These came from a variety of breaches, the kind that are in the news almost every day. There are going to be more.
It’s enough to persuade a person to turn off the computer and slowly back away. What’s an ordinary person to do?
This is why I brought up those 40 years of computing. I want you to trust me, at least a little. I think I can help.
Mat Honan’s big mistake was not activating a system of dual authentication, which means that if someone attempts to access one of your accounts – your email, for example – from a computer that’s not yours or in your usual location, the site sends your phone a text message or uses some other way to verify that it’s you.
This isn’t perfect but it works pretty well for most people, and a lot of you are used to it by now.
That’s a good first move. I encourage it, whenever it’s available.
But the scariest part is a statistic I just learned. Of all the people in the world who are online, only 1% use a password manager.
That is, most people who use computers to access websites, many of which require passwords, memorize those passwords and often use the same one.
So when one of those massive data breaches occurs, and your user name and password end up in a database online, hackers can plug that information into a variety of sites to see if they find a match. It might be Facebook. It might be your bank.
This is my PSA, then, which I seem to do once a year. A password manager generates complex, multidigit passwords, different ones for each site. There are many to choose from, some free and some for a small subscription (I use one of the top-rated ones, and it costs me $12 a year; it also works on my phone).
Passwords feel archaic to me, and I suspect they are. I imagine we’ll be using more robust methods soon, probably biometrics (fingerprints, retina scans). Nothing is foolproof, but please, do this.
I know it’s convenient to use your kid’s name and birth date as your password. You know who else knows that?
Yeah. Get a password manager. Stay safe out there.