Writers are incredibly paranoid, but that doesn’t mean intellectual property thieves won’t hijack my Google Docs account to make a fortune off my screenplay about a sitar-playing monkey trying to save a bankrupt Tupelo, Mississippi by winning a television talent contest. … Well, they might not be after that particular idea, but my point still stands.
Fortunately, my inherent distrust of others gives me a leg up on the subject of passwords — those digital gatekeepers that lock suspicious girlfriends out of your secret Tumblr account and prevent prying eyes from spying your bank balance. I’m ready to dispense password advice like a piñata spills hard candy after a proper pummeling.
Cough up your deets
The problem is this: whether you’re browsing for Blickensderfer typewriters or need an exotic animal illegally delivered to your door, every website out there tries to strong-arm you into creating an account and protecting it with a unique, impossible-to-hack string of characters. Pretty soon you’re the frustrated owner of myriad passwords, with no clue how most even got there. You’ll be haunted by questions like:
- Is “foreverclogging” my password for an Appalachian dance or amateur plumbing website?
- If someone hacks my online store, can he sell my entire taffy inventory to himself for just a dollar?
- Why did my significant other just change my relationship status on Facebook to “It’s Complicated”?
You need a password strategy like, yesterday.
Approach No. 1: Password skeleton key
Some of you are minimalists. You live in tiny houses and grow your own kale. You might also think if you simply string together the world’s most random series of numbers, letters, and special characters, you’ll have a single password that can be used everywhere online and for the rest of your days.
Sheer folly! Hackers lick their chops at the prospect of people doing this. See, once digital ne’er-do-wells successfully snag your password from one site (and that tattoo forum you frequent ain’t exactly immune to a little social engineering), they immediately try to plug it in to every other conceivable account you might have, from Twitter to Tinder.
No, the potential negative ramifications of a single-password solution are too staggering to contemplate. Let’s forget this possibility even exists.
Approach No. 2: Substitute, substitute, substitute
Ever notice the “at” symbol (@) looks like the letter “a” with a tail? Or that the number 3 masquerades as a curvier, flipped version of capital “E”? If you don’t spot the resemblance shared by O and 0, I can’t help you.
Now, instead of using your first pet’s name for a password, MrHiggenBottom magically morphs into the harder to hack (and much cooler) MrH1gg3nB0++0m.
Thing is, you’ll need to switch up your root word for each site, lest you fall victim to the folly that is approach No. 1 above. But sites have their own password requirements. One might banish the use of all special characters except for the little tent guy (^). Another will insist you use no little tent guy but require a minimum of three non-consecutive numbers, blah, blah, blah.
Tracking the idiosyncrasies of each site’s requirements so you know what can be substituted and what’s off limits is an invitation to madness. Let’s press on.
Approach No. 3: Remember your nursery rhymes
We all know that “every good boy does fine” and can recall the time “my very educated mother just served us nine pizzas.” Now you can use a variation of this classic mnemonic device with a password creation technique I call “strip and concatenate.” (I just made that up.)
It’s easy. Take a memorable phrase, keep the first letter of each word, and discard the rest like it’s forever dead to you. What remains is your new password. Thus:
- “When, in the course of human events…” –> “witcohe”
- “Alas, poor Yorick! I knew him well…” –> “apyikhw”
- “You may say I’m a dreamer, but I’m not the only one…” –> “ymsiadbintoo”
These are as far removed from vanilla passwords as you can get, plus they’re fun to pronounce. That’s good. They’re also just plain-text passwords that could eventually be guessed using a random-character generator or William S. Burroughs’ cut-up technique. That’s most likely bad. Buyer beware.
Approach No. 4: Send me the email
This disposable password approach is one I’d used purely by accident before finding out it was a real thing. Evidently, some people purposely create one-use passwords, fully intending to make use of that “forgot password?” link the next time they find themselves at their favorite offshore gambling website. When the reset password email hits their inbox, they create a new password, forget it immediately, and then put down five large on the Cardinals to cover.
If you fall into one of the above camps, great. But what if you forget your email account password? Or the email gets thrown into your spam folder? Or you never tidy up your inbox and all these damn password reset emails clog the thing like a portable toilet at the county fair?
There’s got to be a better way.
Final words on the matter
I was wrong; there is no better way. This is the end, and we have nothing to show for our journey. Worse, I’ve exceeded my assigned word count and now owe the editor lunch.
In truth, I’m no password guru. I have passwords saved in a text file on my work computer’s desktop, for goodness’ sake. My work computer!
That does it. I’m going to eschew technology altogether and live off the grid. From this point forward, the laptop gets retired. I’ll write my novels on tree-free paper with organic ink and a quill pen fashioned from a feather shed by a migrating goose.
Goodbye, cruel online world! Hello, soy candles and rainwater harvesting. I feel more secure already.