Why online security is taxing our brains

NEW YORK Fri Mar 9, 2012 7:59am EST

Cyber security analysts work to defend a network during a drill at a Department of Homeland Security cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, September 30, 2011. REUTERS/Jim Urquhart

Cyber security analysts work to defend a network during a drill at a Department of Homeland Security cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, September 30, 2011.

Credit: Reuters/Jim Urquhart

NEW YORK (Reuters) - Nathan Acosta is feeling a little overwhelmed.

The 24-year-old from Raleigh, North Carolina, who works for a financial services firm, is trying his best to keep up with all the passwords and security questions he has to juggle, just to log onto his personal accounts. But sometimes it feels like a losing battle.

It's a battle millions of consumers can identify with. For a while it was just your mother's maiden name, then your first pet, the street you grew up on or the make and model of your first car. As passwords and security questions multiply, so does the potential for things to go wrong, possibly locking you out of your own life.

Unless you're a savant with total recall, you need a system to manage that morphing body of login credentials necessary to navigate your virtual life.

"They ask me about my favorite book, and I can't remember how I answered that five years ago," says Acosta. "If I answer anything wrong, then it's red flags and tons of red tape," he says. "I was born in Winston-Salem, but many programs don't allow hyphens, so then I have to make up a fake city and remember that too."

His answer? An elaborate Excel spreadsheet that's password-protected.

Others go more old-school, like executive coach Darla Arni in Slater, Missouri. "I have an entire notebook that I keep all my passwords in, but its pages are filling up" and becoming increasingly disorganized, says the 55-year-old.

"It's so bad that if anything ever happens to me, my instructions are: Find the password notebook - or you will never be able to access anything of importance ever again."

If you're at your wit's end with the demands for encyclopedic recall, don't despair: Some smartphone apps, like RoboForm, Keeper Password, and PasswordWallet, can help consumers manage password overload.

UMPTEEN PASSWORDS

You may as well get used to the Kafka-esque scenario of constantly having to prove you are who you say you are. According to one Microsoft research paper, the average computer user has 25 online accounts and 6.5 passwords - and that was tabulated back in 2007.

"You might have different logins and passwords for Google, Facebook, Amazon, Flickr, your bank, your favorite retailers, and on and on," says Chenxi Wang, a vice president and security analyst for technology consultants Forrester Research. "If you're trying to remember all the different passwords and security questions and combinations, it can be a challenge - and I haven't yet seen a concerted effort to help consumers manage that challenge."

To be sure, going through several layers of authentication is a good thing for consumers, helping reduce the risk of increasingly sophisticated hackers gaining access to their accounts and emptying them out.

"Today, you have to have multiple levels of security, like those ‘challenge questions' you have to answer whenever you're using a new device," says Keith Gordon, a security, identity and fraud executive with Bank of America. "It's what helps us identify fraudsters in Eastern Europe who have stolen your online credentials."

But Gordon sympathizes with consumers who feel like they're taking the SATs at every turn. In fact, he says the industry is moving towards challenge questions that focus more on recent behavior, rather than memory-challenging questions relating to childhood.

"In future it will be more like, ‘You had a transaction this weekend at which one of these retailers?'" Gordon says. "Or ‘You owned a home a couple of years ago in Indianapolis; which one of these addresses is yours?' Those are things that are a little more relevant and real-time, than the name of the dog you had when you were 10."

Forrester's Wang predicts the tide will turn towards fewer passwords. Online retailers will likely gravitate to logins for the sites that "know you best" - like Facebook or Google - thereby cutting down on the reams of information you have to dredge up, she says.

Nathan Acosta hopes things go the way of biometrics: Just apply your thumbprint to your smartphone screen, instead of having to recall the name of your old college mascot.

Until that happens, be prepared to be quizzed ad nauseam about your birthplace, your favorite actor and where you went on your first date with your spouse.

(Editing by Bernadette Baum and Beth Pinsker Gladstone)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (3)
katdeLA wrote:
I love this article…I can relay.

Mar 09, 2012 12:28pm EST  --  Report as abuse
Eideard wrote:
Every adult geek simply used one complex-password protected piece of software to track the panoply required – and forgets the rest.

I use 1Password – it’s what I just used to log into reuters.com – but, there are beaucoup packages around.

Mar 09, 2012 5:02pm EST  --  Report as abuse
reg.doug wrote:
I actually don’t write down most of my passwords, but I admit that I do record every site that I sign up for I record in an Excel spreadsheet with a password hint. To date I have about 50 accounts and 9 base passwords which I add a little bit of “salt” to for slightly different passwords for each account.

Mar 09, 2012 9:35pm EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.