/ Money, Technology

I can’t remember my *!!@@@@***ing password

In just one week I have not been able to spend money online because I have forgotten my password for authenticating my bank card online! Do banks need to make shopping online so difficult?

I know this is my fault for not remembering my password with the appropriate number and/or symbol and/or mixture of capital and lower-case letters. But I’m coming to the conclusion that while it’s great banks are trying to protect my money, I think they could come up with a more consumer-friendly system…

My fury at online security systems

This week I thought I would be super organised and apply for the Sports Relief mile, take back my daughter’s broken shoes and order a new pair via John Lewis’ website in store, and apply for Paralympics tickets (just before the closing deadline).

I had to endure the joys of ‘quick and easy’ online shopping by getting over the hurdles of completing numerous online pages to provide all sorts of information. Delivery addresses, ages, shoe sizes, billing addresses, event choices, seat prices, Visa number, dates, security code etc.

Each time I was stopped in my tracks by the final page – the dreaded “helpful” online security system to check that I’m the rightful owner of my credit card. The very last piece of information following page after page of the online buying process is leading me to so much frustration!

I have tried to complete this security check. I filled in what I thought was the password, only to be told that I was wrong. I tried another version but then didn’t dare risk another due to fears of not being able to use my credit card at all. I was told that they could email me the password – not much help while I’m in store at John Lewis.

Is it just me?

When I did get home I was able to check my email and was given the chance to provide another password, which I did, only to be told “You cannot use this password, as you have used it before.” Isn’t this the absolutely perfect clue that it’s me trying to use my card?

Maybe I am unusual and just incapable of remembering passwords, but I suspect that other people have not spent money online due to the utter frustration of recalling obscure variations of memorable words and numbers. And I’m not alone, in a previous Conversation about online banking security, Rose commented:

‘Is there anyone who can carry all these passwords/PINs in their head? They must have amazing memories if they can, as each system seems to require a different combination of letters/numbers, plus different frequencies for changing them. So we’re probably all less secure as many people probably write all their passwords & PINs somewhere!’

Shouldn’t banks have another think about making online shopping less frustrating? Especially for the people who would benefit from Sports Relief, my family who may have had the experience of attending the Paralympics and for the poor assistant in John Lewis who had to put up with my fury at being beaten by the online password, again.

Comments
Guest
Gabbybop says:
5 October 2011

I have a little system that might be a little overkill for people, but it works for me…..
uses a master password made up from a date and name.

Heres how it works:
(example) of date+name: 1993 and Edward
I would split the date and put the name in the middle = 19Edward93
to make it a little more secure I would replace letters with number or symbol = 19Edw4rd93
This is then my MASTER PASSWORD.

To make a unique password for each site I log into I then add the first 2 letters and last 2 letters to the start and end of my master password:

So passwords for a couple of sites as example:
ebay = eb19Edw4rd93ay
paypal = pa19Edw4rd93al
play = pl19Edw4rd93ay

This gives me great security as I have unique passwords for each site, and my master password is meaningful to me….. so I will never forget that either.

People think that my system is overkill, but it works for me 🙂

I use a similar system for my security pwd pins…. never had a problem ;P

Guest

Definitely an overkill…. I’ve taken to foreign language words that very few indeed would understand or could have guessed, for good measure, would include a memorable date or two.

Guest

Gabby – I think that you are a password genius! I must admit your system looks complicated for me but I will try out your tips.
Jenny

Guest
Gabbybop says:
5 October 2011

It not complicated – it just looks it until you try and use it.

I use an absolute TON of websites, and most people use the same password for all their website accounts, from forums to banking to emails to Facebook. So if someone gets your password once, chances are they can get into lots of accounts with it.

I needed a little system to manage my passwords, and one day in Uni we were coming up with ways to do it. This way stuck in my head, and I just stuck to using it….. it could easily be made more simple to suit.

Guest
Mark says:
5 October 2011

I use a very similar system, but I’ve recently been educated as to how unnecessary it is:

http://xkcd.com/936/

What I do now is have one super safe password which I use under LastPass (password manager that can generated and record all other passwords). That’s it. Life’s too short to have to remember dozens of password entries.

Guest

So glad someone posted that XKCD comic – as soon as I saw this convo I wanted to add it =)

I find it fairly easy to remember my website passwords, but I am similarly frustrated with the ‘extra’ layer of banking security when you buy something. I may have been known to be a bit childish in the past and set passwords such as ‘ih8thissystem’ or ‘th1s1srubb1sh’ but I don’t think they’ve got the hint.

I’m sure they’re necessary for security, but it’d be good if they gave us a bit more flexibility about our choice of passwords, so we could use the xkcd system and have more memorable (and more secure) ones.

Guest

Gabbybop, this sounds like a great idea for having easy-to-remember passwords that are unique to each website, and I have tried it myself in the past, but found that it was not without its problems. Firstly, there are websites with different names that use the same credentials. For example, hotmail.com, live.com and microsoft.com are all websites belonging to Microsoft and they all use the same password. Which two pairs of letters do I choose for the prefix and suffix of my password? If I choose li and ve, then try and login on microsoft.com, I will end up trying to enter the wrong password. Secondly, what about companies that are taken over or change name? For example, Sun became Oracle – should I also change my password to reflect this? I haven’t got the time to get my passwords to chase capital events.

Guest

Re Gabby…

Reminds me of a techie of a guy writing for the Independent who was on to this sort of complicated stuff of a mere password…. you’d think he was on to something so ambitious as if wanting to seek/(prevent) access to Fort Knox and spirit all of the contents out…… for want of a better comparison.

If negligence cannot be proved, any loss sustained in a third-party financial transaction falls entirely on the other side.

Guest

I’ve had to come up with various stategies over the years to remember passwords and not write them down:

If you always use a computer from the same location (office / home), you can use passwords associated with objects in your field of vision. OK, so “desk”, “chair” are a little too simplistic, but many objects can be combined: “SaltPepper” or include the manufacturer’s name or serial number, e.g. “Leitz5504” is a stapler on my desk. Visual signals stimulate the memory and I find I can recall passwords, even after an extended break away from the location where these objects can be seen.

If you need to change passwords on a regular basis, use a themed series of something you might be interested in or knowledgable about: “Americano1”, “BloodyMary2”, “Collins3”, “Daiquiri4”, etc.

Another approach to to combine a day, day, month, year in some permutation and place a small mark next to the date in your diary. You just need to remember your date pattern to reconstruct the password, e.g: OctWed5, Y11M09D05, W05O11 are all passwords constructed from today’s date.

Provided no one knows what strategy you use to create your passwords, they are pretty secure and certainly better than using your pet’s name, favourite colour or birthday.

Guest

Some good suggestions in the above posts.
Its a pity that password rules differ between sites so much:
– max no of chars can be as low as 8,
– must include , UC and LC character or even special character.
– no special character allowed ie ” & ! #”
– must include number.

I agree the Credit/Debit card extra password challenge when using it online can be a real pain – have you ever tried to change the challenge message and password ?

Guest
Gerard Phelan says:
7 October 2011

I remember once using passwords based on patterns on the keyboard. I just had to remember the current pattern and the starting position. It all went wrong when I visited our Paris office – their French AZERTY keyboards had keys in a different place and I did not know my password, just the pattern on a QWERTY keyboard, so I has to survive a week computer-less.

The moral I took from this is that simple solutions become complex!

Guest

I gave in to trying to create and remember different passwords for home and work especially if you have to change them so often as I do with many of the providers I use. I now use Roboform Everywhere which means I have a set of passwords that I use on my work computer, home computer , phone, in fact anywhere! You have to bit the bullet to pay some money and store your passwords in one place and to use the system remember 2 passwords, one for your account, the other a one time login when you use your computer. The only one I do not store there is my bank details, so just one to to remember!

It makes life a lot easier as it has its own search bar so typing in the beginning of the site you want to go to matches the site, click it opens a browser window and once loaded completes login and password details. Now I switch off local browser passwords and rely on the application to do its job. There are also free versions if you want to try them out http://keepass.info/ but I like the support and ability to sync that Roboform.

Interestingly its easy for me to see how many different sites I use between work and home and this totals up to over 250 sites with a user-name and password combination of which each can there own password. At home I also use Affinion Fraud Protect software so if someone ever managed to take control / view my screen they would not be able to see the passwords been typed via a key logger or view the browsers password manager to view any passwords.

Guest
John says:
21 October 2011

err.
I guess your referring to the verified by visa or mastercard systems?
This is a little link on the same page which allows you to reset your password by knowing your date of birth. I guess you can still remember that??? 😉
This works really well as my wife forgets here passwords all the time.

Regarding passwords. I’ve had two good suggestions.
Create a master start of the password and stick a suffix on the end for each service. You can even write the suffix down so you only have to remember the single master password. This is similar to the first suggestion on this page.
Or, use the first letter of song lyrics. This creates a strong password of random letters and is fun to remember. You can even write down clues as the password is not an actual word and really hard to guess…

Guest

What is the point of them as many don’t communicate with Macs fairly causing severe wastage of time.
Beware I have had technicians accessing my computer remotely which means there is no security or privacy .
Today Amazon the Internet site have used details given for former purchase to send me 2 bundles of ink cartridges had been looking at but decided not to take up as no paypal. They were informed before dispatch that didn’t want but went ahead regardless
.Worse still the Pollce [ Call centre] say not a crime & bank say have to wait till tomorrow but are not interested in fraud against us .
Why should I have to waste valuable time & money sending back to a call Centre that will probably not refund.As for Visa Disputes they side with biggest bank account wasting moths & months……