By Alexandra Petri
The Washington Post
— The perfectly secure, perfectly memorable password is absolutely pure and rarer than the unicorn. It is like the Holy Grail, the Fountain of Youth, the philosopher's stone, or a model that will get users on the Internet to pay for curated content. That is to say, no one has ever found it, and some doubt whether it exists at all.
This week Linkedin.com announced that something like 6.5 million passwords had been hacked. If you have a Linkedin account, you had better act quickly and come up with something secure before your identity gets stolen! Or you could just quit Linkedin. That might be easier. Coming up with a secure password is harder than it sounds. And it sounds hard!
Tips abound, but they are even worse than the problem.
The usual rules for picking a password go something like this: Combine a whole bunch of letters and numbers in the precise order you are least likely to remember. This forces you to write them down on a sticky note somewhere visible in your office, defeating the point entirely. (On the bright side, this makes it easier for the investigators to find out about your extramarital affair if you are ever murdered.)
This situation is absurd, but luckily the Internet is filled with tips for secure passwords — and what to do about them.
1. Use a combination of alphanumeric characters and symbols that does not depend on actual words.
A Web site billing itself as "Perfect Passwords" suggested this one: BD052EA0256430 96595A217658B10374242DC59D B397D9088C24DAEAF9059.
2. Use the first letters of the lyrics of a song that you like. For instance, "Billie Jean is not my lover" becomes "bjinml."
This assumes a great deal — for instance, that you remember the lyrics of the songs you like. I love "Smells Like Teen Spirit," but for years I thought the lyrics were "Awastuuuka, keratin augh, amakneeler, zindahealer! YAEERGH." And I am still not convinced that they aren't.
3. Use phrases that speak to you but no one else, like "My '94 Hyundai Excel Is Blue."
Look, if you are still driving a '94 Hyundai Excel, I doubt anyone wants to steal your identity.
4. Mix two memorable words together. They suggest dcoagt (a mix of "dog" and "cat.")
I tried this and got whorewantstoseeyou, combining the two familiar words "woe" and "hr wants to see you," and now HR wants to see me.
5. Don't use a phrase that is popular or common.
So a good, secure password might be, "That Michael Buble is so edgy" or "I have few qualms about the quality of Fox reporting."
6. Use your anniversary as a password. "That way, you'll never forget either!" the people who write this sort of advice say, a little too optimistically, I think.
Who are these people, anyway? You have the sense, reading their advice, that they have beautiful, organized homes and children whose names are good, sturdy, alphanumeric blends, and they seal all their leftovers in carefully labeled plastic containers. We are not like them.
For most real people, using your anniversary as a password guarantees that you will forget both. "Honey," you will be forced to say, "I can't seem to get into our bank accounts."
"What's the password?"
"So what's the problem?"
"Well," you say. "I think perhaps a malicious time traveler changed the date in my timeline, and I was wondering if you would tell me if it is the same day that I remember?"
This will be the best you can do under pressure, and it is not be enough. You'll wind up on the street without access to funds as someone cries and flings Tupperware containers of leftovers at your head.
7. Use something memorable, like a historical date.
This would be good advice if I had not been in conversations where people asked, with no irony whatsoever, "When was the Compromise of 1850?"
The memorable things are never the things you actually remember. Your anniversary? Your child's birthday? Of course not. You are too busy remembering all the lyrics to a song about recycling that you were forced to memorize as a small child or anything negative anyone has ever said about you.
If there is one thing I have learned in all this research, it is that there are memorable passwords and secure passwords, and never the twain shall meet. No, the only thing to do is try to get the sympathy of the hacker. My password is "Pleasesirormadammyidentityisworthlessbutitisallihave8." (They make you put a number in.)
— — —
Alexandra Petri is a member of the Post's editorial staff.