Tchotchkes of our inner lives
November 21, 2014 7:20 AM   Subscribe

There is more to passwords than their annoyance. In our authorship of them, in the fact that we construct them so that we (and only we) will remember them, they take on secret lives. Many of our passwords are suffused with pathos, mischief, sometimes even poetry. Often they have rich back stories. A motivational mantra, a swipe at the boss, a hidden shrine to a lost love, an inside joke with ourselves, a defining emotional scar — these keepsake passwords, as I came to call them, are like tchotchkes of our inner lives. Ian Urbina looks at The Secret Lives of Passwords for the NYT Magazine. (Possible trigger warning - opens with Cantor Fitzgerald looking for passwords the day after 9/11.)

Related: A username and password combination has long been the standard security mechanism for online accounts. But that method just isn’t cutting it anymore. Augmenting Your Password-Protected World. (Goes without saying, but: please refrain from posting your passwords in plain text, even if you're a "digital nudist".)
posted by RedOrGreen (30 comments total) 25 users marked this as a favorite
I used to work at a call centre. Let's call the company CallCentre.

The following is based on true events:

Ring ring

"Welcome to CallCentre, my name is St.Peeps, how can I help?"

"Yeah my account isn't working, I can't access my files."

"No problem. What's your login?"


"And what's your password?"



(I pause to let the shame sink in)

"Is that upper or lowercase?"
posted by St. Peepsburg at 7:28 AM on November 21, 2014 [21 favorites]

all my important passwords are random alphanumeric+symbols strings. I'm lucky in that I have a good brain for remembering random shit like that. I can't remember a face and name for the life of me but god dammit I can remember a big pile of random characters for lots of places.
posted by Ferreous at 7:29 AM on November 21, 2014 [2 favorites]

Decided to set minimal pswd standards for myself: 2 sets of 4 characters each (following standards of the website or whatever entity): e4a7 0b59 . In other words, hexadecimal.
posted by StephenDouglasKan at 7:37 AM on November 21, 2014

Pray tell, what secret meaning have I imbued "jMCUpiqvAQKU9JF;]TK6" with?
posted by entropicamericana at 7:40 AM on November 21, 2014

Wolverine/Sabertooth Erotic fanfiction, don't ask how I know.
posted by Ferreous at 7:41 AM on November 21, 2014 [3 favorites]

posted by entropicamericana at 7:46 AM on November 21, 2014 [9 favorites]

Whenever I have to make up a new password, it ends up losing its strength over the next few years as I reuse it on other things, until gradually I replace it on more important sites, and it drops out of use.

Because of this, I try to choose passwords that capture something of the zeitgeist, at least for me, at the time they're made. This means that as the importance I attribute to the concept fades, so does my usage of the password, which I find satisfying. It also makes it really easy to remember passwords to old websites, because I can think 'Oh, I must have made my account back in 09, I was really into X band or I overused Y catchphrase or whatever back then'
posted by Ned G at 7:51 AM on November 21, 2014 [4 favorites]

Remember back when Microsoft set up this digital ID thing that went with the first release of .NET, called Passport I think? We all lost our minds. But I am just about ready to submit to using One Account, owned by whatever satanic billionaire wins the game. Because I am tired of having So. Many. Accounts. And. Passwords.
posted by thelonius at 8:01 AM on November 21, 2014 [3 favorites]

(re: the related article) Every month or so a newspaper publishes an article that begins with "Passwords are a real pain aren't they?" and then continues to wonder if biometrics will soon make everything better. Each article seems to coincide with another biometrics company looking for publicity.

Biometrics usually make awful passwords. Biometrics are passwords you can't change, constantly share with strangers, are fuzzy and usually change over time all on their own. They can usually be copied quite easily.

In the USA you have constitutional protection against being forced to share passwords. You have no protection against your biometrics being used against your will.
posted by BinaryApe at 8:03 AM on November 21, 2014 [5 favorites]

Despite the random bullshit added, this rings true for myself. Most have words taken out of context. Secrets.
posted by Mblue at 8:06 AM on November 21, 2014

I did like main the article, though - I work with authentication tech and have always found the anthropology of how people handle passwords and online identity to be fascinating - thanks RedOrGreen
posted by BinaryApe at 8:11 AM on November 21, 2014

Biometrics usually make awful passwords. Biometrics are passwords you can't change

Yeah, I was taught: "Something you are, something you have, and something you know" - you need all three components for real security.

So a fingerprint (biometric) on your iPhone (something you have) along with a password (something you know) would be solid. Or replying to a challenge question on your own phone with your own voice might check all three boxes. Two (or worse, just one) of the three is not really secure.
posted by RedOrGreen at 8:12 AM on November 21, 2014 [8 favorites]

Why do we even need passwords? Do we have something to hide?!
posted by chavenet at 8:28 AM on November 21, 2014 [2 favorites]

My first password was a 4 letter common noun assigned back in the early 80's. Since then, I've scrambled the letters to make it non-dictionary, repeated it to meet length requirements, changed the first letter to meet changed pwd uniqueness requirements, and appended numerals and special chars. To me, it's still basically the same pwd.
posted by klarck at 8:28 AM on November 21, 2014

There are a few passwords you probably need to or want to keep in your own memory, like the password to your computer, your main email account, some frequently used sites and services. For these, use a six-word diceware password. For everything else, use a password manager.
posted by rustcrumb at 8:41 AM on November 21, 2014 [3 favorites]

There is something mildly destructive about collecting people’s keepsakes. Observers disturb the things we measure. But with passwords, or other secrets, we ruin them in their very discussion. Virtually all the people who revealed their passwords to me said they planned to stop using them. And yet they divulged them all the same.

Reading the article was a fun prompt to remember all the history behind my various passwords, and at the same time it made me want to create some new passwords based on what's happening in my life right now. Maybe people were willing to share and retire their current passwords because they felt inspired to make new keepsakes.
posted by vytae at 9:14 AM on November 21, 2014

I've never understood how anyone can type a six plus word pass phrase into a password dialogue box without making a single typo every time. My passwords are 10+ character randomish strings like Anxqigg!8.
posted by monotreme at 9:24 AM on November 21, 2014

My passwords always include 9622. I can't help it.
posted by Curious Artificer at 9:35 AM on November 21, 2014 [2 favorites]

I tend to create passwords (now that we are going this wonderful different-PW-for-each-site) with one in a series of themed nouns, then a series of "random" numbers afterwords. But recently I realized that I almost always choose 3 numbers, and the numbers are always a number, followed by a lower number, followed by a number that is higher than the first two.

I don't know why and honestly it's a little eerie. My brain is a black box.
posted by selfnoise at 10:11 AM on November 21, 2014

One fun part of doing tech support was asking people for their favorite poet, sports team, place, etc., and assigning new passwords. !c999abernet!, fusc9999<>hia, ch33s3st3ak%%. If someone told me their password was "CallCentrecanlickmyballs", their new password would be along the lines of 1f0nly1h@d@ny, but thankfully we almost never needed to ask the end user for their pw. My very favorite, years ago, was a distinguished physician whose pw was tuschie. He was embarrassed to share it. sweet.
posted by theora55 at 10:45 AM on November 21, 2014

Pray tell, what secret meaning have I imbued "jMCUpiqvAQKU9JF;]TK6" with?

This is a clear expression of your desire to kill your father and marry your mother.
posted by indubitable at 10:58 AM on November 21, 2014 [2 favorites]

Wow, that was really a lovely article. I actually think I teared up once or twice while reading it.

My passwords aren't quite so sentimental. I usually pick a theme, and create l33t-style passwords around theme – maybe things like muscle cars (F!r3b!rd) or beer brands (P@bstBlu3R!bb0n) – then change them once a year or so.

One technique I've heard of but never tried, is to pick a combination of letters from the security question. So if the question is "What was the name of your high school in 10th grade?" you could use the first letter of each word (or some variant thereof), so in this case you'd have "Wwtnoyhsi1g".
posted by slogger at 11:10 AM on November 21, 2014 [1 favorite]

I got used to using one password for everything, back when that was assumed to be "safe" - or safe enough, at least. It was a password that was, while originally not particularly imbued with inner meaning (beyond referring obliquely to my company's name), one that I had learned well and had become very familiar and cozy.

Although logically I know better, I have resisted mightily in coming to grips with the idea that I needed to start using different and more-complex passwords for everything. When I did eventually convince myself that I had to let my old companion go, I did so; but the fingers never forget. I still type it sometimes before my brain starts paying attention. It's worse than remembering to use the new year's number while writing checks in January.
posted by Greg_Ace at 11:14 AM on November 21, 2014 [1 favorite]

I'm in support. I can't believe the people in this thread who are talking about asking users for their passwords. No no no no no! That is bad support and it teaches the users bad habits.

If the help desk needs to log in as you, the correct thing for them to do is to reset your password to a known value, and tell you "I had to reset your password, it is now _______. Please change it."
posted by elizilla at 11:21 AM on November 21, 2014 [4 favorites]

"I had to reset your password, it is now FrustratedUsercanlickmyballs"
posted by iotic at 12:14 PM on November 21, 2014 [2 favorites]

I have a standard password format I use for everything. The middle is the same, and has a special character and digit, and the first and last characters correspond to the website's first and last character. So my library account password is L[pas5w@rd]Y. I change the inside every so often. My ex-husband taught me that trick. It's especially nice for things I don't use very often because it's easy for me to guess, but the inside word is meaningless to anyone else.
posted by apricot at 4:30 PM on November 21, 2014 [2 favorites]

I have an algorithm in my head that lets me create a unique alphanumeric password for every website or app that needs one. I am reasonably confident that if someone saw one of my passwords they would not be able to reverse-engineer it, but I'm not sure how it would hold up if someone had three or more of them.
posted by Hogshead at 5:08 PM on November 21, 2014

One technique I've heard of but never tried, is to pick a combination of letters from the security question

Actually, now that I think about it, that was what you could use as the answer to the security question, not the password itself.
posted by slogger at 7:09 PM on November 21, 2014

I used to, uhm, "sneak" into strangers' accounts as a hobby. Security questions are often related to passwords, probably because most people create them at the same time. So when people taunt, "My password is related to my favorite soap opera character", it's often the case that their security question is, "Who's my favorite soap opera character?", which, since it's their favorite, that person has probably spoken about pretty extensively in various internet fora. (And the second question is "favorite movie" and you're female in the late 90s, so I'm going to go ahead and say, yep, Titanic.)

Even though I don't do it anymore, reading that article and this thread have been torture for the reptilian part of my brain. It's amazing what people give away when they think they're being coy. It's harder than it used to be with new security measures like two factor authentication, but it's not impossible. I find Facebook's "identify your friends" nonsense hilarious, because it often trips up real users, but between Instagram, flickr, and the myriad ways people post photos of themselves, their relatives, and their stuff, it would be laughably simple for a third party to reverse engineer.
posted by lesli212 at 11:16 AM on November 23, 2014

« Older How to Endear Yourself to an Asian Woman Writer   |   They still do not sell t-shirts. Newer »

This thread has been archived and is closed to new comments