Recalling many codes is driving us nuts



Password fatigue — or forgetting codes for all the sites we visit — is a hazard of the digital lifestyle.


“I think the ability for people to memorize multiple passwords for multiple sites is severely limited.”


Ask Kim Brunhuber to come up with another password and he’ll throw his arms up in disgust. “I literally reached the point of not being able to remember one more number,” says the Toronto writer, whose password combinations are mostly made up of basketball players’ numbers. “One more password and I’m out!”

Brunhuber, 33, has lost e-mail, magazine subscriptions and computer service-provider accounts because of password problems.

Just last week he tried to get into his home voicemail from work. With upwards of 20 passwords jostling for space in his brain, he couldn’t remember the three-digit code. “I’ve tried every single combination,” he said.

Brunhuber is hardly alone when it comes to password fatigue, what with all the codes needed for bank machines, online sites, home alarm systems, entry to offices — the list goes on and on.

Rick Broadhead, author of numerous books on the Internet and e-commerce, liken online password requirements to a toll booth. “We’re going to give you the content for free but in exchange we need information from you,” he says.

Still, most people can’t be bothered to come up with a new password everytime they register on a site. “I think the ability for people to memorize multiple passwords for multiple sites is severely limited. I don’t know many people who can do it,” says law professor Michael Geist of the University of Ottawa.

The problem with generic passwords, he notes, is that they can compromise user security. For a safe password, Brent MacLean of JBMacLean Consulting Inc. suggests starting with the initials of a phrase.

For example, MHALL stands for “Mary had a little lamb.” You can then replace letters with symbols. In this case, you can replace “A” with the “at” symbol, and then add a few numbers at the end, or more symbols. Use a mix of uppercase and lowercase when allowed, thus creating a hard-to-crack code: “mH@LL8926!”

MacLean, whose company is hired by businesses to assess the security of their sites, also favours combining words from different languages, noting that he uses a password that combines French and Italian.

As for keeping track of multiple codes, Worden is a strong advocate of password-remembering software. He uses a program that keeps track of dozens of passwords.

Brunhuber prefers a low-tech solution. He pulls out his daily planner where he points to a list of websites, usernames and passwords.

“The irony is you’re working in a high-tech paperless world and the only way to function is to go back to paper and pencil,” he said.