A funny commentary from snarky Tweeter @JamieDMJ summed up the pw-recovery blues in this acute observation, shared almost 4,000 times:
— Paul Blanchard (@paulwrblanchard) November 8, 2014
Security questions should have trigger warnings, come to think of it. Being reminded of Sr. Eustace beating us with a stick isn’t optimal for productivity or even a serene life, as my friend and mindful-computing expert Alex Soojung-Kim Pang intones in his book, The Distraction Addiction. (Then again, you could approach this dictum with a positive attitude, like this author who used his password as a mantra and self-fulfilling prophecy.)
Slate had a different take (naturally) on password construction and recovery. Writer Doug Harris suggested either always planning on using a site’s email reset or simply using the same lie, repeatedly, for every security question:
“My trick? Lie and keep telling the same lie.
- What’s your favorite ice cream flavor? Louis Armstrong.
- What was the name of your high school? Louis Armstrong.
- In what city did you have your first job? Louis Armstrong.
Don’t give correct answers. Use the same stupid answer for all of your security questions. (If you’re worried you’ll forget the stupid answer, store it in a password manager.)”
- Quis custodiet ipsos custodes? i.e., who remembers the password for the password manager software? This advice is already logically unsound.
- Monthly? Screw that. There’s very little evidence that says this method makes life more secure for users, especially since most data breaches are conducted at a systemic level via retail databases, not individual machines.
- It’s totally OK to keep a post-it with your passwords in your wallet, just guard that little slip of paper like you do your credit cards. Change the password ASAP if that paper is lost.
- Single-use passwords for sites are great. Utilize the password recovery process next time you need to log in. This is effective for stores and other retailers which you use infrequently. No retailers are so important in my life that I give them the honor of remembering my login. Please! I have better things to do with my mental bandwidth. If some store’s email recovery process takes too long, I’ll shop elsewhere.
The main point: don’t stress about passwords. Do your best bet is to remember 1 or 2 main passwords, like the key to your password manager or locked machine, and the password to your main recovery email. If you can manage it, make the passwords more than 12 characters each, and if you write them down, keep that paper on your person or hidden well.
Flickr keys pic by Urs Steiner. Click on the pic for the link.