Dear Economist,
I use the same password for all my e-mail and internet-portal accounts (online shopping, etc). Now I am worried about losing it to an identity thief. What should I do?
Confused Kid
Dear Confused Kid,
Rick Smith, information security expert at the University of St Thomas, summarises the conundrum: “The password must be impossible to remember and never written down.” The typical password is a jumble of characters that must be changed frequently. When you type it in, the computer obscures what you are typing, giving your visual memory no chance. Congratulations if you can cope with all this, let alone duplicate the feat 20 times.
There are some tricks you can rely on – for instance, your passwords could be obscure acronyms inspired by song lyrics. Yet the dilemma remains: either use the same password for each account, or write them down and put them under your mouse mat.
Impossible password guidelines have been developed by security professionals wishing to cover their backsides. Fine. Now you must cover yours. First, consider who picks up the pieces if things go wrong.
Your current approach is discouraged, rather than forbidden, by banks. But if you wrote down your password, security breaches would become your problem.
Second, do not be depressed. Many accounts have obvious passwords: the user’s name, their partner’s or simply “password”. And up to one-third of users are thought to write them down. Fraudsters like easy targets, so remember: you may not need to be smarter than them, merely smarter than the guy whose password is “password”.
First published at ft.com.