Monday, January 7, 2013

Too much online 'security'

I am so tired of having to remember dozens of passwords that fit different criteria. Just because my password has a combination of letters, numbers, and other characters doesn't mean it is secure. Just ask xkcd about that. It might actually make it less secure since I now have to remember some random string, which means I need to write it down. Well, I guess it's only insecure if someone breaks into our house and finds it.

Actually, I like passphrases. But few places allow them. (Go IU, with your insistance on passphrases! and kudos to Facebook for allowing them!)

So now I've had to write down my password. Worse? I have to remember what the username for every website is. Because some use my email address (ah, but which one?). Some want a separate username. And those usernames need to be unique, which means that sometimes my preferred (read: rememberable) one is already in use by someone else. So I have to make up something else. Uh oh. You know where this is going, don't you? Yep, have to write those down too.

Why am I blogging about something that many, many people have blogged about, griped about, ranted about before? Because I just got off the phone after having to create a new account, with a new username and password.

Here's how my morning went:

Pull up website to pay bill. Oh yeah, they changed websites. That's ok, it redirects. No warning that I need to re-set-up my account. It looks like it should take the username and password I used last month. No problem.

A few minutes later.....

Crap. It didn't like that. Did I type the wrong one? (Check. Nope, that should be the correct username and password.) Try again. Great, now I'm locked out for entering my password wrong too many times.

I get an email. "Password disabled. Go to [redacted] and click on Username/Password Help."

I follow the link. Nope, password help doesn't help me. It just gives me an error.

I call the handy 800-number.

"I'm sorry, but that account is set up under the joint owner. He'll have to call to reset it. Or I can set up your online account access."

"But it's a joint account."

"Yes, but online access is not allowed to be joint. You have to have your own online account access."

"Fine. Set up my account. I won't remember a new username (since I can't use the one already tied to the other online access account). But set it up so I can pay the bill."

Now, I understand that some people have multiple accounts at an institution and might want to limit access to certain ones. They might not want to share online account access. I'm all for having the ability to have separate online access. But that should be MY choice, not the institutions. We have 1 joint account that now has 2 online accounts to access it.

And I still have to write down my username and password so I can remember them. Yep, not very secure, is it?

4 comments:

  1. I highly recommend the browser add on Last Pass. It creates and stores those passwords for you. My hubby has the extension installed on his computer as well, and we have one Last Pass account that stores both of our passwords so we can each easily access the same accounts from separate computers.

    ReplyDelete
    Replies
    1. I have a system that works, but that's certainly worth looking into. I think I know why we're having these problems since Chris called and get a temp password and it still doesn't work. I guess we're stuck with the new online account I set up, but I did send feedback with my guess.

      Delete
  2. I use an application called 1Password, it works as a stand-alone app, a browser plugin, and has versions (that all sync with each other) for iPhone, iPad, Mac, and Windows. Good stuff. No more remembering stuff, no more writing stuff down. It's all stored securely on your hard drive. (And if you have multiple devices, you can sync via the cloud, which provides another backup.)

    ReplyDelete
    Replies
    1. Forgot to mention: also works on Android.

      Delete