Subscribe
Recognizable New Yorkers are fed up trying to keep track of new security measures thrown at them by their telecommunications companies.
The New York Times Fashion & Style section (really?) took a dive into the frustrating world of pre-assigned passwords, captcha codes, and user verification questions that confound New York’s more prominent citizens, sometimes with hilarious results.
“It’s a nightmare,” the comedian Tracey Ullman told the newspaper. “These passwords just keep getting longer and longer. I try to think of a startling emotional thing that jogs my memory or something that’s frightening, or my grandmother’s name with 666 at the end. But I really don’t know what to do.”
In an effort to respond to an increasingly security-conscious online world, providers are password protecting subscriber information and equipment to keep prying eyes out. But sometimes those anti-hacking, anti-eavesdropping, anti-identify theft efforts become mind-boggling to confused customers who end up locked out of their own accounts.
Among the latest trends: locking down wireless routers with passwords straight out of the box.
Bernhard
Any long time Wi-Fi user already knows America’s largest open wireless network does not come from AT&T or Verizon Wireless. It comes from a company formerly known as “Linksys” (today Cisco). Customers confounded by wireless security simply plug in their new routers and start using them without setting any Wi-Fi password or enabling security measures.
Time Warner Cable tried to lick that problem by issuing pre-assigned passwords to customers using the company’s wireless router. Unfortunately, comedian Sandra Bernhard, never smart to antagonize, ended up with one that came with a mish-mosh of letters and numbers (they range from 13 to 28 characters) that cannot be changed.
“We have that one written down somewhere, but where it is I’d be hard pressed to tell you,” Bernhard told the newspaper, noting that her relationship with the cable provider is “an S&M experience without the pleasure.”
Verizon and AT&T love their creative security questions, designed to verify you are who you say you are. But New Yorkers who think too deeply about the questions are sure to be tripped up by the experience.
Jeffrey Leeds, a fixture on the New York social scene, tells the Times he hates questions like, ‘What is the name of your first girlfriend,’ because he unsure if that means the first girl he slept with or the first one he liked who never returned his phone calls.
The confusion inevitably leaves hapless customers writing down their password and security questions on sticky notes or in a notebook, which entirely defeats the purpose of private “only you should know” passwords.
Courtney Love thought she could outwit the hackers with her own system, based on mnemonics.
“You use the lyrics to a song,” she said, for example, “ ‘Lucy in the Sky With Diamonds’ — litswd-1 — and that way you can’t forget it.”
But the newspaper reports that worked until Love was tripped up by “Hey Jude.”
“I kept forgetting if it was ‘Hey Jude, don’t make it bad’ or ‘Hey Jude, don’t make it sad,’ ” she said. “So I gave up on that.”
But the most reviled security measure of all is the deadly, incomprehensible “captcha” code — the barely decipherable slanted text and numbers that real humans are supposed to be able to identify but spammers using automated tools cannot.
“Don’t you hate those?” Ullman said. “I always get those wrong because it looks like they were written by someone on LSD. It’s awful.”
Other stories of interest:
- If Your Password is ‘Password1′, Change It: Everyone Knows
- Cable One Shuts Off Customers Using Unsecured Wireless Routers That Are Easy to Hack
- Fear Factor: Media Sensationalizes Wireless Router Hacking Risk – ‘Borrowed Access’ Much Larger Threat
- Turner Introduces New TV Everywhere App for Everyone But Time Warner Cable Customers
- Rochester Democrat & Chronicle Blisters Time Warner Over Internet Caps
The average american believes that they should NEVER have to think about anything or learn anything new, and everything should just work. They should just be able to violently mash their hand(s) on the keyboard and all their work, and everything else they needed to accomplish just magically completes itself.
I don’t have any of the problems stated in the article because I chose to use my brain for hour to solve them (GASP!!!)
Whats next? feeding plants Gatorade instead of water….after all its got electrolytes, which is what plants crave!
I think the point of this is that social engineering would generate more compliance and less confusion (that results in expensive tech support calls or unsecured networks).
I get accused of being long-winded in a lot of my articles that also get praise for being fact-packed and very detailed. But people skim them anyway and then ask questions that are, in fact, often answered in the piece.
So the question is, should I tailor things for the lowest common denominator reader who wants to be in and out of here in one minute a day, or stay detailed and hope that if the information is particularly pertinent, people will spend more time with it?
This is the same kind of challenge with Internet security. Websites are increasingly forcing password changes (and ones that require capital letters and numbers to break the “asdf” or “qwerty” password habit), ask a lot of detailed security questions, and pre-configure routers to be secured right out of the box. And people are annoyed.
I personally put up with most of this with little concern, but captcha codes are my personal line in the sand. I have increasingly run into newer, more incomprehensible versions of these than ever, and after three failed attempts, no matter what it is I am doing, I will bail on that website for good. The audio versions of these are even more ridiculous. Now some of the newer ones have you dragging and dropping puzzle pieces to make pictures. No thanks.
I think the conclusion we should consider is whether it is time for a new approach that can combine secure credentials with ease of use. If you don’t have both, the security will either not be robust enough or people will simply go out of their way and not use it.
I am not saying your observations are incorrect, but you can only complain for so long before you recognize it won’t change reality on the ground.
At my last count I had nearly 60 different accounts. Each with a different password (as sites get compromised they can get into your other accounts). Some of these accounts are totally ‘who cares’. Others you do not want anyone in.
I gave up trying to remember passwords long ago. They are written down. But if you stop and think about it this is ‘ok’. If someone breaks into my house to get my notebook; there are thousands of easily sell-able valuable things laying around. I know where they are and I can get my hands on them quick. My biggest concern isnt my password list but sites (such as sony, linkedin and eharmony) getting hacked *AND* having bad password hashes. With my system it is easy to change the one account (line it out and make up a new password). The biggest attacks happen not at my computer but from some other country.
The downside is this does not work remotely very well. But my 99% case it is working very well.