Today T-Mobile sent me a leaflet with my bill giving generic advice on how to protect my oh-so-important T-Mobile passwords (passwords plural?). You’ve probably received advice like this before; it usually goes something like this:
The security of your account is important to us; follow these tips to ensure that your password is safe and secure:
- Create a separate password for each different account;
- Use a mixture of upper and lowercase letters and numbers, and use passwords that are at least 8 characters long;
- Avoid common passwords such as a spouse’s or pet’s name;
- Memorize your password; never write it down;
- Change your password regularly;
- Never tell anyone your password;
Of course these guidelines are completely and utterly impractical. No normal person could possibly manage this astounding feat of memory for even a small number of accounts.
Many of us, however, now have literally dozens of user ID’s, logins, PINs and passwords for banks, credit cards, healthcare providers, utility companies, pension plans, e-mail accounts, instant messenger clients, etc. etc. ad infinitum. It’s completely asinine to expect people to be able to follow these password rules, an exercise in group consensual denial. They are almost as moronically pointless as the button labelled “Yes, I’ve read and understood the terms and conditions” on yet another click-through EULA, or End-User License Agreement, that you haven’t even skimmed (but that’s another rant altogether).
So, like most people I imagine I have about 3 or 4 usernames and passwords that I recycle for pretty much everything, and I can usually (I’d estimate about 70% of the time) gain access to the services I need within about three attempts. And so far, no-one has stolen my identity.