Evanston RoundTable, April 2, 2024
For a long time, like many people, I had but one password. It was easy to remember and served me just fine. I figured the odds of someone hacking my accounts were pretty slim. And why would they want to: I live a boring life.
Then one day I got an email from “Othello” with my password in the subject line. That was concerning. Worse was the grammatically challenged message, which made some nasty insinuations about my viewing habits. “I require your total attention for the coming 24 hours, or I may make sure you that you live out of shame for the rest of your lifetime. You do not know me personally. Yet I know all the things regarding you. Your personal facebook contact list, mobile phone contacts plus all the online activity in your computer from previous 149 days.”
The sender went on to demand “USD 2000 in bitcoin,” and added, “If you do not know how, google how to purchase bitcoin. Do not waste my important time.”
I would’ve thought this last sentence hilarious, if I wasn’t so crazed. Some bad dude (probably in Moscow) was blackmailing me over access to all my accounts?
The email continued, “If you send this ‘donation’ immediately after that, I will disappear for good. And never get in touch with you again. I will get rid of everything I have got about you. You may very well carry on living your current regular day-to-day lifestyle with zero concerns. You have 24 hours to do so. Your time starts as soon as you read this email. I have an unique program code that will tell me once you go through this email so don’t attempt to act smart.”
Smart? At that moment I was feeling very stupid for thinking a single password was a good idea.
Thankfully, before forking over “USD 2000 in bitcoin,” I had the presence of mind to search online, where I found the exact same language used in any number of hacking and phishing expeditions. Obviously, I wasn’t being singled out.
New strategy
But my relief was short-lived: the threatening email meant I had to ditch my one-size-fits-all password and start making up new ones for every site I use. Of course any one of these could still be hacked, but that would put only one site at risk – not all of them.
Thus began my Dante-like journey through password purgatory.
It seems every retailer, private firm and civic outfit requires people, even if they only want to buy, say, colorful socks or a KN-95 mask or sign up for a recital, to devise and sign in with a password.
Currently I have somewhere in the neighborhood of 200 – and the number goes up just about every week. I keep track in a decidedly low-tech way, laboriously writing each one out on lined paper (now running to nine pages) and securing the expanding list to a clipboard. This means when trying to access a site I have to scan page after page until I find the right password.
On a trip to London with my son several years ago, I was briefly panic-stricken when I realized I didn’t have the Airbnb password we needed to find our apartment. Since then I’ve taken to copying and taking the list with me when I travel.
(And let’s not even start on the hassle of keeping multiple usernames and logins straight!)
I know there are workarounds. Password manager programs promise to vastly simplify the process. I tried one, but found it so confusing, and the help line so unhelpful, that I bagged it.
And my phone will prompt me to record passwords. But what if someone hacks my phone?
So maybe I’ll go back to a single password. I think I know what it will be: “U_R_a_Blockhead!”
Postscript: Blockhead or not, I know a few techies. When I mentioned this topic to one of them, he had this to say: “It’s absolutely essential to have unique, complex passwords for all the sites and apps you access. These password manager programs aren’t that tough to master. And Safari has a built-in manager called Keychain that can be turned on. It’s pretty easy to use and works across all your Apple devices (computer, phone, iPad).” (The Chrome and Firefox browsers have similar password managers too.)
He went on to recommend two-factor authentication as well. “That’s the option of receiving a code via text message before you can log on, or even better, using an app like Google Authenticator for sites that make this option available. You turn it on and the app tosses off the codes you need.”
He concluded with a slightly scolding, “Is all this a bit of a hassle? Yes, but it’s essential and important for online safety.”
Duly noted.
+ There are no comments
Add yours