Recently, I used my wife’s car rather than my own to run errands. This meant a whole new set of radio stations to navigate, including her “go-to” station (you know, the one where the printing on the key has been rubbed off from use) – NPR. The interviewee was author Dean Buonomano who wrote Brain Bugs: How the Brain’s Flaws Shape Our Lives. On the drive I learned about some of the ways in which our brains differ from computer memory. One of the primary differences is that humans use the same mechanism to read and write our memories, whereas a computer uses separate mechanisms to read and write. A consequence of this is that our memories can be colored and may reflect events that are different than fact.
Another difference, I intimate, is that our brains do not require a password to access information. Access to the internet has a seemingly endless proliferation of novel – to the point of being unmemorable – passwords, each iteration outmoding (and rarely simplifying) the prior. In fact, in a “pay to play” schema, passwords and periodic changes to them are mandated in the payment card industry with such foundational cornerstones as PCI DSS 2.0:
3.1.4 The payment application requires changes to user passwords at least every 90 days.
3.1.5 The payment application requires a minimum password length of at least seven characters.
As PC Magazine points out, “Your password-protected PCs and data files aren’t nearly as secure as you might think…password-cracking utilities tend to be marketed primarily for the legitimate purpose of helping administrators recover lost passwords. In the wrong hands, however, such programs can easily compromise your system’s security”. I thought I was being clever when I used my son’s current favorite sport – soccer – as a password. But according to the New York Times, “soccer” is actually the 32nd most common password. Hmmm…where does “football” rank in the rest of the world? “Futbol” in Latin America?
My mind drifted and I recalled Mrs. Wood, my high school Calculus teacher, talking about limits. “If you took a step toward the wall, then half a step, then half of that step, then half of that step…would you ever reach the wall?”. And applying that logic to password security, I wonder what the rational limit of passwords will be? Taking this to an absurd level, how about passwords that must be changed every 5 minutes? Passwords that must be 200 characters long (cut and paste not allowed by administrator enabled default). So my commute question boils down to “When does security end and obtrusiveness begin? Fortunately I had arrived at my destination, but was still ponderous over the false sense of security, loss of productivity, and incalculable frustration into which the seemingly innocuous yet fallible password has evolved. Gee…when I forget my password, a new one is sent to my email address, which is (gulp) password protected (sigh).
As we arrived at the destination, my child to reminded me “Be sure to take your Iphone out of your pocket before you get in the pool, Daddy.” So another difference between humans and computers is that we can always unplug for a little while.