(EDITOR'S NOTE: Back Again columnist Bob Urban is on vacation this week. Pinch hitting for him is veteran journalist and Summit Hill native Bruce Frassinelli, who was kind enough to lend his vast talents to this space.)
By BRUCE FRASSINELLI
I don't know about you, but the never-ending number of passwords and personal identification numbers (PINs) we need to operate our computers, do our banking and perform other vital life functions is driving me nuts.
I live in mortal fear of forgetting some key password when I need it most. Of course, I am warned nonstop not to carry the password or PIN for my bank and credit cards in my wallet because some nefarious individual will steal them, and, with them, my identity.
Just for fun, I counted all of the passwords and PINs I have to operate the various accounts associated with them. I was dumbfounded as I stared at the number - 65.
How am I supposed to keep 65 codes squared away and brought to mind instantaneously when needed? Well, the sad truth is I can't, so I have to cheat. I write them down. Wait! I know what you are saying, but here's my genius at work: I write them in code, so only I can decipher a long string of numbers and characters that probably look like gibberish to someone who might find my list.
To make matters worse, my online bank requires me to change my password every six months, so it seems that just as I succeed in memorizing the existing combination, I get a message that it's time for a change. Several other online providers do the same, so, invariably, for the first couple of attempts after a password change, I absent-mindedly type in the former password and get scolded by the computer. Sometimes I even have to call the bank to answer a series of inane questions: What was the name of your first pet? What is your favorite ice cream flavor? Who was your best friend during childhood?
I have tried to memorize my ATM PINs so I don't have to carry them in my wallet. (I am a customer at three banks.) For awhile I was carrying them in my shoe, figuring it would be the last place a thief would look, but it was kind of awkward taking off my shoe and fishing around for the little slip of paper I had taped inside. I also got strange looks from other ATM patrons behind me when I performed this little caper.
Since I am not always the steadiest guy on one foot on the planet, I usually needed to prop myself up by holding on to a post at the ATM machine. Once I asked the guy behind me if I could lean on his shoulder. He was nice enough to say ``yes," but I can only imagine what he was thinking.
After about a dozen uses, I scrapped the shoe ``solution" and just memorized the PIN. Once or twice, I have gotten the PINs of the various banks confused, and, on one occasion when I entered the wrong number three times in a row without realizing what I was doing wrong, the ATM ``ate" my card and wouldn't give it back. I was told I needed to contact the bank to reset my number and get a new card.
Imagine my joy when I heard recently that the U.S. Commerce Department is proposing a new online security system that will eliminate the password maze. This would require a single sign-in using something like a digital token, smartcard or fingerprint reader. Once I am logged in, I would have access to any Web site that has signed up for the program.
John Clippinger, co-director of the Law Lab at Harvard University's Berkman Center for Internet and Society and a supporter of the proposal, says passwords don't provide good security because most people choose character combinations that are easily hacked.
According to Bloomberg Business Week, the most frequently used passwords are: ``123456," ``password" and ``abc123."
I was stunned to find out that it would take just 10 minutes for a hacker's computer to randomly guess your all-lower-case six-character password. It would take four hours to solve a seven-character password, four days for one of eight characters and four months for one of nine characters.
If you had a combination of six lower- and upper-case characters, it would take 10 hours and as long as 178 years for a nine character lower- and-upper-case password.
Better yet is a password of upper and lower case characters and a symbol, which would take a hacker anywhere from 18 days to 44,530 years to randomly crack, depending on whether there were six or nine characters.
All of this doesn't take into consideration the varying usernames I have. There are 29 unique usernames by which I am known, and, sometimes, these are even more difficult to remember than passwords or PINs.
(Bruce Frassinelli of Schnecksville is an adjunct instructor at Lehigh Carbon Community College. You can contact him at firstname.lastname@example.org.)