Josh Freed: Does anyone remember the colour of my first car?

The computer password game is one we’re destined to lose.

Article content

Are passwords passé?

We may be losing one of the 21st century’s great hallmarks and hassles, as the personal “password” finally gets replaced.

Article content

Passwords have been giving us both cyber-security and cyber-anxiety for decades.

Now experts say they might soon be phased out. Already we’re being asked to use biological identifiers like face ID, voice ID, iris scans and soon perhaps car seat bum prints, as science seeks ways to bypass the password.

Advertisement 2

Article content

What’s the trouble with passwords anyway?

On one hand, computer hackers find them so easy to crack we users must perpetually keep changing them.

On the other hand, we users are always forgetting them and having to reset our passwords everywhere from Fido and Facebook to Faoud’s Falafel.

Just this week the SAQ texted me at 11:46 p.m. to warn my liquor board password had just been breached and should “be replaced immediately” on their official website.

So I did, before someone bought six six-packs of vodka coolers on me.

However the more often we reset our many passwords the more different they all become and the easier to forget.

They’re simpler for hackers to crack too, because many users just give up and change to easier-to-remember ones.

in 2024 the five most popular passwords included “12345”, “123456” and “password”.

HA! Crack that, hackers.

For better security we’re constantly pressured to create ever-longer passwords, or even complex phrases we can easily remember like “ICan’tRecallMyPassword.”

Then we have to add those “special characters” like ?, or ~ or *!.

Advertisement 3

Article content

But three weeks later we get a message saying our password has been breached again and we must change it to something stronger.

So we switch to “I-Can’t-Recall-My-Password2?$!, until eventually we’ve changed it so often it’s become: “ICan’tRecallMyPassword 37$%3!!$$399”.

Worse, when changing passwords you often must first pass security tests to prove you’re not a robot, by answering questions like: “What was the name of your second mailman’s first wife’s dog?”

Recently I flunked a bank security test after guessing the wrong password three times. So a security robot wanted to ensure I was me.

First it asked for my family name and postal code, which was absurdly easy to answer. That is, until the machine said (verbatim):

“Sorry, that’s not the answer we were expecting.”

I tried and failed twice more, then barked aloud at the machine: “That’s my name and that’s where my mail goes, you STUPID ROBOT.”

“Tough luck”, said the machine. (OK, actually it just beeped). Then it froze my account and sent me to security jail, to pass tougher security tests.

These were older questions I’d probably agreed to 40 years ago, because several answers had vanished in my memory’s mists, like: “What was the colour of your first car?”

Advertisement 4

Article content

God knows. Back in my first driving years I had so many battered beaters I could have opened a scrapyard.

I tried white for the Volkswagen van that died in weeks. Wrong answer. Then red for the Mazda that rusted out the first winter. Wrong! Then yellow for the Civic that just stopped dead. Wrong again!

So I re-flunked security and spent 30 minutes waiting for a live agent who eventually conceded I was me.

Eventually, we updated my security questions to ones I should recall, like my favourite colour (none of your business).

I’ll remember that, but I’m worried the computer won’t and will insist my favourite colour is “not the answer we were expecting.”

All to say I won’t miss passwords when they’re eventually gone, but what will replace them? Lately I’m using face recognition on more sites, which is simpler, as I only have one face.

But I’m worried some hacker will steal my face and I’ll have to find a new one. As a Wall Street Journal technology columnist warned just last week:

“No one can issue me new fingerprints. No one can issue me a new face. … If that information is hacked, that’s the whole game.”

Advertisement 5

Article content

Also growingly common is “two-factor authentication,” where they text a security code to your phone to make sure you’re you. But I share several services and media sites under my wife’s phone number.

So when she’s away and I forget a password, only she gets texted the security code. Then I have to message her saying: “I’ve forgotten my password, so when you get a password security reset, say yes.”

But she doesn’t see my message, only the reset request, so she thinks a hacker is trying to crack her password and says no.

Next thing I know I’m back in security question jail being told my name, postal code and favourite colour are all wrong.

Lately they’re urging us to replace passwords with a “password manager”: an all-powerful master password that stores and unlocks all our other 121 passwords.

But what happens if you lose the master password? If there’s a way for things to go wrong I’ll find it and never get into my phone or computer again.

All to say that much as I hate passwords, I’m still reluctantly hanging onto my own new password.

Oops — I just gave it away.

[email protected]

Advertisement 6

Article content

Article content