We’re creating a new generation that is going to be a lot more savvy about passwords than most of us are today. They’ll have to be, because our identities have a larger and larger digital component. Moreover, wholesale password theft, as happened recently when Time Warner Cable had to tell 320,000 customers that they needed to change their passwords, forces the issue. If you make a new password, what should it be, and is there anyone who can’t get at it?
We can’t do much about large companies blowing security issues, but we can do a lot to firm up things at the individual PC user end. I’m reminded of that by the annual release of SplashData’s list of the worst passwords of the year. It would be entertaining if it wasn’t so dismaying. The fact that ‘Password’ and ‘123456’ top the list means that a lot of us just aren’t trying.
And even some of those who think they are trying aren’t making anything harder for potential hackers. This year we get among the worst passwords the seemingly complicated ‘1qaz2wsx’ and ‘qwertyuiop,’ which look fine until you realize they’re just sets of adjacent keys on a standard keyboard. ‘abc123’ also shows up, as does, wait for it, ‘111111.’ Given giveaway passwords like that, I almost like ‘letmein,’ which at least offers a veneer of humor.
But passwords aren’t funny when they’re compromised. And for the legions of people who grew up before the advent of always-on Internet, they can be more than frustrating when they get too complicated to remember. A woman named Peggy Bush went through bureaucratic torments trying to get her late husband’s Apple ID password from Apple Computer. All she wanted to do was play card games on his iPad, but after providing all the paperwork regarding her husband’s death along with his iPad serial number, Apple advised her to get a court order.
The company has since relented, but this is what I mean about generational change. The need for better password management is a marker for the fact that our digital identities are growing more and more complex, as becomes obvious when people die and executors don’t have access to needed accounts. How to tell where assets may be squirreled away?
Facebook is picking up on the problem by offering what it calls a ‘legacy contact’ option. This means that while you are still alive and alert, you can designate a particular person to manage your account. If I dropped dead tomorrow, the person I choose could post details of my memorial service, update my profile picture, and retitle my profile page with the word ‘Remembering’ above my name. Also available would be an archive of my posts and photos, the latter being the digital property most families would like to save.
Google also offers an Inactive Password Account Manager for cases like this. The generational aspect here is that many older people think of their Internet activities as being frivolous, whereas millennials have grown up with the idea that everything from bills to memorabilia and account statements now flows readily through the Net. Digital assets can include Internet domain names worth serious money, not to mention digital currencies. An estate’s executor could spend a lot of time tracking such things down, if indeed he or she knew about them in the first place.
It’s not a bad idea, then, to grant your executor access to your digital accounts in your will. My view is that my family should have my passwords in the event they want to pull something out of anything from social media or elsewhere. And that demands saving a list of unique passwords for my various accounts, to be stored in a safe deposit box along with my other valuables.
Needless to say, a complete digital inventory should accompany the list. Our password-laden lives are telling us that it’s all too easy to lose concrete assets in the digital maze.
Paul A. Gilster is the author of several books on technology. Reach him at firstname.lastname@example.org.