And the Password is . . . Unacceptable

If you are of a certain age, for all but the last ten years there has been only one correct answer to the question:  What’s the password?  

“Swordfish.”  

The hilarious scene in the 1932 film Horse Feathers, where Groucho Marx tries to gain entry to a speakeasy guarded by Chico, ranks with “Who’s on First?” as one of the classic twisted comedy skits of the 20^th Century.  Groucho ignores several attempts to provide him with the password, and finally wakes up when he is told “You can’t come in here unless you say Swordfish.”  Clearly a fail-safe security system if ever there was one!  Even more hilarious is when Harpo, who does not speak, reaches into his trench coat and produces a sword and a fish—and gains entry.   

The electronic age has caused us to invest more and more of our mental bandwidth on passwords.   The first passwords I can remember were provided to me—meaningless random key codes that I had to memorize for access to the university computers.   Eventually, when systems moved from line mode to graphic user interfaces, the software became friendlier, prompting me to choose a password that was meaningful to me, and hence easy to remember.

Today, access to everything is password protected:  banks, credit cards, our children’s academic records, our phones—even my own home.  Like many people, I have used variations on a common theme for my own passwords, making it easy for me to find my way to my own information without needing a personal Rosetta stone.  I maintained 4-digit, 6-digit, and 8-digit versions of the same expression, deluding myself that I had achieved security in exchange for expending relatively little in mental capital.  I did not have to remember specific passwords by site; I could simply try each variation until one worked.   It is the electronic version of fumbling with a rattling ring of unmarked keys, trying each one in the lock until the tumblers turn.

Unfortunately, the world is not a friendly place.  Hackers have wreaked havoc with my vendors and creditors.  Every few months I receive another letter or email from some company informing me, apologetically of course, that they have been breached.     With each infraction, security—in its true human sense—becomes more and more elusive.   But the rational response is frightening me as well.  The rules for managing online passwords are tightening up, requiring more and more digits, letters as well as numbers, and yes—even capital letters.

Just the other day, I was resetting my Apple ID for the third time in 3 months.  Apple’s online password-monitoring beast slapped down my newest password choice—containing a healthy mixture of 12 letters and numbers—as not being safe enough.   A 12-digit pattern of letters and numbers has a lot of permutations; 4.7383 x 10¹⁸, to be exact.   Nonetheless, the rules were rigid.  “You must use a capital letter,” it demanded.  I don’t mind capital letters; in fact, some of my favorite letters are capitals. But capitals are a pain in the neck when they occur in a password.  A password needs to be something that you can type in so fast that even an eavesdropper cannot discern the pattern.  Capitals slow me down.  They are the speed bump of the electronic keyboard.  

Apple’s security program was unrelenting.  I tried longer and longer password choices, testing the limits of their program.   I was curious whether the faceless twenty-something engineer at 1 Infinite Loop had allowed for such extreme possibilities that capitals were no longer statistically necessary.  No such luck.   Broken, I conceded, giving it the capital it needed.   It forced me to do what I had been trying to avoid for years.  I created a password that now has no meaningful resemblance to my other defaults.  It is a mutant in my extended password family.

Apple is not alone in its cyber-dictatorial belligerence.  More and more, applications are placing demands that push my passwords upward and outward.  This is not a problem for things I use daily.  But many of my passwords are attached to services which I use only sporadically.  I kid myself that I will remember it when I create it, but then I forget that I am at an age where I forget a lot of things.  When prompted for a password, I typically start by trying my simpler, habitual key phrases and then migrate upward.  After three unsuccessful tries, I become locked out.  Fortunately, you can usually request that your password be sent to you—an act that forces you to reset the password.  No problem.  I just reset to one of my favorite phrases.

Just when I think I have outsmarted “the system,” it proves to me that it still has the upper hand.  Recently, after requesting a forgotten password, I received the expected form email with a “temporary password”—a collection of letters that looks as if a chimpanzee pounded its fist on the keyboard.   It looked like this:  9mgt87pWYiomkj65e.   I followed instructions, attempting to restore my password back to something familiar.  Although this had worked reliably in the past, this time I was slapped with another mocking edict:  “You have already used that password.  Try another.”

When I watch the news, the stories of abuse and fraud and identity theft seem incompatible with the experience I have just trying to be me.  It seems we simplify our lives by making everything more complicated.  I long for the days when it was okay that everyone knew to say “Swordfish.”  Maybe it’s time to cry “Uncle.”