The secret life of passwords

“With so little privacy, passwords may soon be tomorrow’s eight-track player, quaintly described to our grandchildren,” Ian Urbina writes for The New York Times.

“In recent years, there has been a push for machines to identify us not by passwords but by things we possess, like tokens and key cards, or by scanning our eyes, voices or fingerprints,” Urbina writes. “iPhones have come equipped with fingerprint scanners for more than a year now. And yet passwords continue to proliferate, to metastasize. Every day more objects — thermostats, car consoles, home alarm systems — are designed to be wired into the Internet and thus password protected. Because big data is big money, even free websites now make you register to view virtually anything of importance so that companies can track potential customers. Five years ago, people averaged about 21 passwords. Now that number is 81, according to LastPass, a company that makes password-storage software.”

Urbina writes, “There is scarcely a more modern sense of anomie than that of being caught in the purgatory where, having forgotten a password, we’re asked personal trivia questions about ourselves that we can’t seem to answer correctly.”

Tons more in the full article – recommended – here.

[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]


  1. somebody ought to create a list of sites with no personal information (that require login so they can track you, but still advertise to you) combined with a password so we can all look up things like seeking alpha articles using the same password

    That’l teach ’em

    1. You setup your own URL and set up disposable email address/identities, with your URL you buy and own.

      You can eliminate any email address anytime you want. You can only do certain online transactions from a single email address.

      Your bank may be the only use for one of your emails for instance.

      1. I use this arrangement too. But I notice occasional spam arriving to these unique addresses. At first I accused the party I had created it for of leaking it. However, this is happening to several and I think there must be some other explanation.
        (1) My SMTP connection is unencrypted – might someone be harvesting it – I think unlikely
        (2) My domain is public knowledge (Web site searchable). Is someone just trying every possible combination in front of the ‘@”? and sometimes get lucky when it doesn’t bounce?
        I think this the most likely.

    1. I used to have the same password, then Apple made me add a capital letter and a number.

      I changed it to Iluvobama2014. It’s still the year 2014, but Apple made me change it 3 times since January. Now it’s Iluvobama2017 (I think). Apple won’t let me change it back to Iluvobama2014 for another year or so. By the time 2015 hits it will probably be Iluvobama 2021.

      I think Apple is trying to protect me from hacking my own accounts, because even if I try to make it something simple enough to remember, I need to change it so many times, that I can’t remember it.

      1. When I was a systems admin I had about 40 passwords for workstations, remote servers, and applications that expired every 90 days with the following minimums required:

        8-15 Characters
        1 Upper case
        1 lower case
        1 numeral
        1 special character
        No more than 3 of the same character
        None of the 30 previously used passwords
        No english words
        A unique password for each account

        Additionally, logging into my workstation or any general server account required a fob-generated security code.

        So we all wrote them down on paper. 🙂

        1. We used post-it notes and stuck them on the side of the monitor.

          Making people change passwords every 90 days has got to be the most insecure policy I have ever seen.

          Nowadays I just use: p@ssword1, p@ssword2, etc. can’t remember anything else. Or I just store them unencrypted in Notes.

  2. Apple’s iWatch will convey one’s identity conveniently and securely, largely eliminating the need to retrieve passwords. That’s one reason the device will be in such high demand.

  3. I was once told by a security expert that passwords alone are insufficient for high security locations. He said that you need three things…
    • Something you know (password)
    • Something you have (key fob, RFID card, iPhone, etc)
    • Something you are (biometric… retina scan, fingerprint, etc)

    It appears to me that Apple now possesses all the hardware to enable ultra high security. For instance, when you put on your Watch each day you would ‘register’ it with your iphone by using the fingerprint scanner AND a password. If you took your watch off during the day, you would have to re-register it again when you put it back on. This would provide all three of the components of a high security access (something you know, something you have and something you are) and would prevent anyone else from using your Watch and iPhone (in case of theft).

    I believe that Apple has envisioned a future with even higher security than we currently use. And in typical Apple fashion, they will make security even easier to use and more convenient.

  4. “people averaged about 21 passwords. Now that number is 81, according . . . , a company that makes password-storage software.”

    That’s like asking virus software makers if security threats are on the rise.

  5. 1Password is an excellent app to generate and store all passwords– is synced with all computers and iDevices. Also cool that I can share an encrypted password with other people with the program. It will also do a password audit and tell you how many are duplicates, old, etc. Its not cheap but well supported and worth the money…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.