Written by: Tom York
Lately, I’ve been receiving notifications on my iPhone 8 that my password might have been compromised. This message is becoming so commonplace, that I wonder what the value is the password is in the first place.
Just yesterday I did an inventory of passwords for my online engagement. My iPhone has 92 different passwords stored. My computer has 73. 12 years ago, my daughter gave me a password notebook – an old school paper notebook that I write passwords in. It now has 58 entries – different companies/sites that needed passwords that I felt were important enough to write down.
What needs to be protected? Do I really need a password on MapMyRun? To access weather reports at specific mountains? For my purchase history at Tractor Supply Company? To see my past golf scores? To see whether I booked a double bed or a king bed during my last hotel stay?
I do find it funny that I have at least 25 distinctly different passwords – as no one site likes the same format. Some have capital letters, some have numbers, some require a symbol. But only certain kinds of symbols – %#&!@ are ok, but *()^ are not (my apologies for swearing).
Some passwords have to be 8 characters long. Some no more than 12 characters long. One recently insisted my password be 16 characters long (and this was to keep my social profile private)! Some don’t allow 3 characters in progressive fashion like ‘ABC’. Some also like to know the name of my third-grade teacher or my favorite subject in middle school, in case I forget the password they were so worried about me creating.
I always get a laugh at how my iPhone suggests a ‘strong’ password, and creates a string of gibberish to be sure I never remember it, only my iPhone will know my password. What would happen if I abandon Apple for Android (or Apple abandons me)? I shudder at the thought.
It is now at the point that I no longer join or register for a site if the password process is too complicated. If a website thinks my basic password, with a capital letter, number and a symbol, is ‘too weak’, I now just skip the website altogether and find something easier to use.
All this password headache begs the question for me – what is the point of the password? I like PayPal because they’re only company that has NEVER asked me to change my password in the 10-years I have used their product. They let me keep my same ‘weak’ password I created in 2011. One would think a company handling my credit and bank accounts would insist on a stronger password than the app I can track my running on. Why is it so much easier to deal with passwords for this payment company?
Because passwords just don’t matter anymore.
PayPal knows the device you access your account from is far more important than the password that is entered. Phones require a code to be started, or a thumb print, or a facial scan. They record history and patterns of use. If it is the same smartphone being used (which now encompasses 80% of all online engagements) or the same browser on the same computer – then there is an extremely low chance that someone else is ‘stealing’ the account.
Only when a new device is being used, do additional actions trigger. This is why 6-digit codes sent to phone numbers for additional verification of the device are so important now. Passwords created by the user just don’t matter.
Here I Am adopts this principle fully. Passwords just make life complicated. The device used is much more important, and provides a much higher level of security than a password ever could. For simple things in life, keep it simple and keep the passwords out of the mix.