We have a lot of passwords to keep track of and if you're using a computer you probably already knew that. Between multiple email accounts, computer and network passwords at work and at home, online banking, forums, blogs, social networks, video and photo sites we end up with a lot of accounts. I recently went through the tedious process of changing my passwords for everything that's important to me. I did not change my password for every account because there are some that aren't that important. One example is my Hotmail account with which I converse with my soon-to-be Russian wife once I help pay her way here. For the unimportant accounts like that I use the same, easy-to-remember medium-strength password because I don't care if they get compromised.
If you're on a computer at your work you probably have security policies in effect that force you to change your password(s) on a regular basis. But do you do that for your personal accounts? Most people don't. Here's an interesting exercise. Make a list of every account you have that requires a password. I ended up with thirty-seven on my list and I'm sure I'm missing a couple of infrequently used sites. That's a lot of passwords to remember. When we have such a large number to keep track of it's easy to understand why we usually switch between a small number of passwords. Throwing a wrench into the works is the odd site that forces you to use a strong password of a minimum length that contains upper and lowercase letters, numbers, and special characters. It's usually the one where you end up clicking the "I forgot my password" link. Oh, crap! Now I have to remember how I answered the security question!
So where was I going with this? Oh yeah. I recently went through the process of changing my passwords for all the important stuff. It was funny how just doing things I was very comfortable with would trigger my mind to change to another password that I hadn't thought about. Being a creature of habit it would take me a moment to realize that I had just typed in a login and password. "Oh, I need to change that one, too." After changing many passwords I reached the point where I was going to change my Lotus Notes password at work. As with many applications, to change the password in Notes you have to enter your current password. Notes was open. I selected the required menu items and I was prompted for my current password. I entered it and clicked OK. It was wrong. Huh? I tried again. It was still wrong. I tried again and this time slowly typed each character to make sure the lowercase letters were lowercase, the uppercase letters were uppercase, and each number and special character was correct. It was still wrong. What the heck? I know I haven't changed it yet, but to make sure I exhaust all possibilities I tried my new password.
It worked. Apparently I had already changed it and yet I have no memory of doing so.
It looks like remembering my passwords is the least of my problems.
3 hours ago