At this point, I can’t even count how many accounts I have online that require passwords. If I’m logging in to Techlicious to type up an entry like this one, ordering takeout from my computer or sending someone an e-card, I need to enter an eight to twenty character string to prove my identity. Proper password safety practices call for me to use unique strings for each site, insert numbers or special characters, and avoid guessable words. And while I do use strong passwords for the important stuff, I can still remember a number of cherished legacy passwords, including the first ever password my brain created back in the 1990s to sign on remotely to my school’s bulletin board system (BBS).
I won’t reveal what that password is here – there may be an old, long-forgotten account with my name on it somewhere that still uses it. But it’s something special and unique; a string of letters and numbers that had real meaning in my life 18 years ago. Passwords aren’t meant to be shared, so they often become home to our personal secrets – a first love, a cherished lost pet, an inside joke or critical date. It’s bad security practice precisely because it happens so much – passwords are often predictably meaningful.
An incredibly interesting article in this weekend’s New York Times Sunday Magazine (page MM37) called The Secret Life of Passwords takes an in-depth look into this phenomena. It details the work of Cantor Fitzgerald and a team of Microsoft tech experts to crack the passwords of the trading firm’s employees who were lost in the attacks of September 11. Even as the search for bodies continued, the normal operation of U.S. financial markets required tech investigators to somehow – and quickly – crack these now lost passwords without access to the backups or company files buried in the wreckage.
To regain access to company accounts, a team from Microsoft began calling the family of the deceased to learn more about them, and in doing so, hopefully obtain clues to the lost employees’ passwords. Grieving spouses offered up their wedding anniversary dates, pet names, child names and other meaningful personal tidbits that often find their way into passwords. The process was incredibly difficult for all involved, sometimes taking over an hour per call.
What follows in the story are a series of character studies – looks into the lives of anonymous strangers who are willing to confess the meaning behind some of their oldest, most loved passwords. One athlete told the Times she used the password “swim2659nomore” to mourn a shoulder injury that prevented her from scoring a time of 26.59 seconds needed to qualify at a swim meet. Another man admitted to using “1060” in all his passwords as a symbol of how he succeeded despite scoring a 1060 on the SATs in high school. And in one heart-wrenching story, a mother discovered her son’s password scrawled on a piece of paper shortly after he had committed suicide. It read “Lambda1969,” a reference to the Stonewall gay rights riot that happened in New York City. It was only then that the mother realized her deceased son was gay, shedding light on a painful secret that may have led him to take his own life.
If you’re interested in learning more about these people (or the many others that author Ian Urbina detailed) I strongly recommend giving The Secret Life of Passwords a read on the New York Times website. You might also want to take the time to check out these ways to minimize your risk of password theft to make sure your secret codes stay as secret as they’re meant to be.
[Password entry screen via Shutterstock]