Last Tuesday, I whipped up the most secure password imaginable. It had everything a hacker would be scared of: special characters, numbers, upper case, lower case, and no links to my identity or any information I had chose or provided. Oh how lovely it was.
There was no way it could be hacked. Digital Fort Knox. Seventeen seconds after creating it, I forgot it.
The saying, “third times the charm” does not apply here. I have been battling password amnesia for as long as I was *required* to come up with secure passwords. A solid score of twenty years of crafting complex passwords, only to click save and have it disappear into the void of my brain.
During my time working for [REDACTED TECH GIANT], I was on the security team tasked with creating the ever so loved password regulations (that annoyed users everywhere). “Your password needs to have at least one upper case, one lower case, one number, one special character, and a hieroglyphic symbol, alongside a unicorn’s tear collected under a full moon.” Perhaps there shouldn’t have been two symbols added in, but we are headed in that direction. I distinctly remember sitting in a conference room with glass walls, having foolish debates about how to force users into making better passwords, completely unaware of the torments we were creating.
Last month, I found myself unable to access my own bank account at 2 AM. Remembering all the security measures associated with my account made me chuckle. I started asking myself questions such as ‘What was the name of your first pet?’ and ‘What street did you live in during grade three?’ As if anyone would recall what they had for breakfast the day before.
It is kind of bold to assume you can remember even that. My wife finds this to be amusing beyond the limit. Watching my head slowly fade into the screen of the laptop while I waited for an email and a temporary passcode, she would say “You helped create those systems.
Why do you need to resort to this kind of nonsense?” My wife keeps count of how many times I have been locked out of my accounts for one reason or another, and trust me, the number is scary. The record punch for now is our streaming service with seventeen lockouts in the last year. My daughter was bold enough to claim that “Dad’s catchphrase’ should go to “Forgot my password.” And fair enough.
I’ve genuinely tried it all. Password managers? They are helpful until you forget the master password.
Writing them down? I have sticky notes that would annoy an IT professional—if only I could discover them in the black abyss of my desk drawer. Memorized patterns?
They are either too simple to be secure or far too complex. All these methods have their flaws. The little security systems should not hold four symbols, but they do, making life even more horrible.
The simplest change can make the system even more challenging. Old passwords are also automatically remembered. “Your new password cannot be the same as the 17 different passwords you previously used,” The only thing that comes to mind is “NotMyActualPassword123,” “NotMyActualPassword1230849”, and “NotMyActualPassword123!, All I’ve been doing is putting an exclamation mark every time I reset the password.
It does, and that’s probably how my bank password stands at “NotMyActualPassword123, waiting for a change to password. Even when they make life simpler, it_s tough. Additionally, all work accounts are the one secret that no one dares speak of.
There came a time where I had to call our IT department three times a week. I had locked myself out my account and when called the IT manager I would hear “heard you’re back again.” Yes Ryan, now that we are cordial, I_ thinking of sending him presents. The absurdity overwhelms when I want to log into accounts that were created for my digital wellness – apps that are designed to help me reduce the time I spend on my phone.
Remembering the password for an app that was created to help you spend less time using apps is incredibly soul crushing. It’s like a rehabilitation clinic but the patient is locked out. Not so long ago, I was at my daughter’s school where I found myself in some deeply embarrassing scenarios.
I had to log into the parent portal to update her emergency contact details. Easy enough, right? After what felt like an eternity of attempting to log in and failing, I was told I could only contact the school secretary.
Mrs. Patterson, a long time acquaintance who I believe does all the work and the principal takes all the glory, was the one who needed to change my password. “Mr Thornfield, this isn’t your first time this semester,” she said as her eyes rolled into the back of her head.
We all know the answer I gave about examining schedules and advanced security challenges was simply a cover up for the real answer. I am an amnesiac suffering in silence in a world where people expect everything to be remembered. It’s easy to see the contradictions in my scenario, yet it eludes me.
I designed systems for years that were impenetrable but unusable, and now I am helplessly trapped in them. It’s similar shuddering to a head chef who ends up developing a severe allergic reaction to their signature dish. The strain caused by nearly always forgetting a password is unquestionable.
There is a certain kind of humiliation that emerges when you do not succeed at the simplest of chores. Every “shift” I press in life makes me lose another fragment of my online dignity. The system could not be less helpful than to put up a “click here if you wish to showcase your ineptitude” button instead.
What infuriates me the most is that I know the security logic behind everything as disturbing as it may be. I understand the necessity of multifaceted passwords. I have witnessed the destruction that accounts being compromised can bring.
I have been in those meetings where there was a review of cyber-attacks and attempts to devise subversive strategies. Sure, I do. But for some reason my mind won’t comply with the security my brain worked so hard to create.
Something about that process of resetting the password feels humiliating, particularly, the security questions where you are forced to assume and lso question your memory and identity. “What was the name of your first manager?” For example, I have had about 7 jobs and 20 managers. Was it Steve?
Or Scott? Or perhaps Satan? (They were most definitely at least one of them)
And those captchas?
Forget about them. “Select all images with traffic lights.” Is that a traffic light in the far distance? Or am I just imagining things after staring at these blurry images for far too long?
Sometimes, I think the Captchas are just psychology experiments made to test how long does a person squint at an image, and when do they reach the breaking point of throwing a device out of the furthest window possible. The scariest bit is how peculiar my memory is. I distinctly remember my ICQ number from ’98, but I don’t remember the password I set this morning.
I remember the cheat codes of the video games I played in middle school, but not the passphrase to the Wi-Fi connection I created last month. These are very questionable decisions made by my brain. I’ve learned to cope, of course.
I have literally started scheduling time for password resets like other people schedule their haircuts. It is a routine that I know I have to put some time aside for. I have learned to accept that for a reformat and a login, I am almost always required to complete a number of resets for the reformat and login process and it is likely a lifelong commitment.
My amnesiac problem passwords have granted me rather powerful empathy towards the users I once designed for. Those of which I so easily dismissed in the past support tickets make so much more sense now that I think about it. A user claiming password restrictions are too elaborate was right, and I owe them an apology.
A memory disorder has a silver lining in the form of helping to being less of a person with an inflated ego. Perpetually having to talk to customer service about how you “tried the obvious solutions, and yes, you do not know if the special character was an at symbol or an exclamation point” is an inner way of saying “It’s hard to have too much self-importance about your technological skills.”
As a working digital security professional, I should be able to securely access my digital life, yet here I am. There’s a lesson here about how the systems we establish ultimately dominate us, but I will need to think about that more after I change the password for this blog’s publishing platform.
Again. So, to any of my bank’s security team that may find my blog, it wasn’t me attempting to brute force log in 17 times at 3am. It was a hacker!
A pajama wearing, persistent hacker that knows my security questions and was so dead set on gaining access. Totally.
