Friday, June 09, 2023 | Dhu al-Qaadah 19, 1444 H
scattered clouds
33°C / 33°C

Usernames and passwords, the unwinnable game

Why does my password need to have between 8 and 15 characters, and why must one of them be ‘UPPER CASE,’ and why must one be ‘$peci@l,’ and why does it need to be ‘new?

As if having to have a username and password wasn’t bad enough, now we have mobile phone verifications, one-time-passwords, and we must change our passwords at regular intervals, it’s all becoming a bit of a pain, isn’t it?

I logged onto my banking website the other day, as millions of us do daily, to be ‘advised’ that I must change my password. Now, I don’t know if I’m the only one, but I like to keep all of my passwords dissimilar, but with a common theme, and nothing that I have ever written down, with no birth dates, no place of birth, no pet names, thoroughly unique, and that only I would know. I’m not paranoid or anything, but I reckon I’ve got this sorted you see...

So, I change my password, or so I think, because up pop the dreaded words... advising me that my new password is ‘not accepted,’ or ‘not acceptable,’ I can’t recall which... because I can’t use a password which I have previously used with this bank. “Why not?” I ask myself... and feeling ever so slightly ‘miffed,’ I think, “Okay, no problem, I still have another ‘up my sleeve,’ and enter that one, which is just as quickly rejected for the same reason.

I hesitate again, “Oh my God,” and two things happen... first, I am inconvenienced, because now I must think of a fourth option, and this is not to be taken lightly, and at the same time I am offended, “Why must I change, my rules, my way of doing things simply because my bank says so?” Okay, I lean back in my chair and ask myself, because I can’t ask them, “Why does my password need to have between 8 and 15 characters, and why must one of them be ‘UPPER CASE,’ and why must one be ‘$peci@l,’ and why does it need to be ‘new?’

I do also realise however, that such considerations are meaningless. Nobody is listening, and probably somewhere in the myriad of documentation I signed in opening the account (you know, the bits that none of us read), that I agreed to protect my account using passwords and pin numbers according to the bank’s requirements. So, I reach for my pad and paper, and work out a fourth password that is safer than the ‘Da Vinci Code!’

I enter it, and it is accepted, and all is well with the world except now I have a fourth password in my ‘personal security system,’ that must be committed to memory, while I’m, slightly paranoid I know, shredding the notepaper I composed the fourth password on, through my office shredder. “There are no flies on me,” I mutter to myself with the smug complacency of an increasingly mature, clearly intelligent, clearly articulate, journalist and academic. All is good with the world; the earth’s axis has not tipped past 23.4 degrees, and the Sun will rise tomorrow.

A few days later I went to login again, on the same site, and confidently tapped in my ‘new’ password, only to be advised that the username or password was incorrect. “Oh, I must have pressed a wrong key,” I muttered quietly... and tried again, but only with the same result. Now I could have gone down the road of clicking on ‘Forgotten your password,” but no, in addition mature, intelligent, and articulate, I am also stubborn, obdurate, intransigent, obdurate, and all their synonyms, so I tried a third time... well you know the result already...

Am I alone in this? Am I alone in feeling an unwilling rider on the passwords merry-go-round, by two factor verifications, by one-time-pin numbers (OTP’s), by banks especially telling us we need these measures to protect our money, and then when someone hacks our cards through their system, it’s not their fault?

Ah well, such is life, and to finish on a lighter note... Why can’t you have ‘Lamb Stew’ as a password? It’s not ‘Stroganoff!’

arrow up
home icon