LOVE LETTERS TO TANZANIA: Getting lost in the password jungle?

Do you have “password fatigue”? The more technology you use, the more likely you are to be afflicted. This condition can be self-diagnosed. If you sigh or even scream every time a platform asks you to create a new password - or if you use the same password for several purposes - you may suffer from password fatigue and should be aware of its dangers.

The term refers to the frustration caused by having to create and remember passwords for an ever increasing number of electronically controlled activities. Tired of inventing passwords, we may use the same password for many platforms or fail to protect accounts or our personal data by creating passwords which are easy to guess or crack. This leaves us vulnerable to crime.

More and more organisations, service providers and businesses force consumers online. Whether we want food home delivered, provide information for taxation purposes, transfer money or access online subscriptions, passwords are required for a growing range of services.

Forgetful citizens end up re-setting passwords frequently, which wastes time and can be frustrating. However, we should be grateful for the “reset-password” button, even if it triggers a series of “secret questions” to which we may not recall the answers required to verify our identity. Service providers unexpectedly insisting on new passwords is annoying when we are in a hurry, especially if they demand codes which abide by specific rules: “strong” combinations of upper- and lower- case letters, numerals and/or special symbols.

We like dates and names we are unlikely to forget or logical letter and number sequences, overlooking that these are also logical to potential hackers and cyber criminals. Password and record management provider SplashData publishes lists of “worst passwords”. Enduring favourites are “123456”,“Password”, “abc123” and “Admin”. The most recent list reflects new length requirements. Surely, nobody considers “12345678” safe or uses the same password for many purposes?

Security experts say we make unwise choices, especially when rushed or tired of having to find yet another password. They warn us to create unique passwords which avoid personal information revealed on social media (like your daughter’s date of birth and name). Passwords should make sense only to the user and be sufficiently complex that nobody can guess them. We must not use one password for multiple purposes. Never tick “yes” if a website offers to “remember” your data. Keep anti-virus software, operating systems and applications updated to ensure maximum protection.

I follow their advice. A minimum of twelve characters and symbols in random places help avoid what experts call “brute force attacks”, in which hackers’ computers try all possible password combinations until the correct password is found. Frequently, I realise just how un-guessable my passwords are when even I cannot recall the twisted way of thinking which created them and find myself locked out of whichever service I want to access.

I write passwords down, but not in notebooks which in cyber criminals’ hands become “treasure maps”. Instead, I conceal and encode them in secret places, so cleverly that even I cannot break the codes - or find the notes. Because I always log out – especially when using my mobile phone which could easily go missing – my online data could be considered very safe – even from me.

Inevitably, resetting passwords has become one of my dreaded online routines. I sigh a lot as I persevere until the system finally ratifies the answers to my “secret questions” and accepts the new “high complexity” password, which I forget soon after logging out.

However, until more advanced technology takes over, multiple complex passwords remain frustrating but necessary. We should welcome exceeding the maximum number of unsuccessful login attempts as a sign that our data and money are quite safe.

The plethora of passwords required these days is challenging, but nobody wants convenience to compromise their safety. Losing personal data or one’s life savings is certainly more inconvenient than hitting the “reset password” button once in a while.