I Don’t Want Your Password

Thank you, no. I don’t. I really don’t. I don’t even want to be looking at the keyboard when you type it in.

I realize that you’re trying to be helpful. I really do. But here’s the thing – I cannot know your password, I can’t even have a hint. I just can’t.

There will never be a time that I need your password. It might be a convenience, to help you set some parts of your account up ahead of time (sure beats registry hacking) and maybe even to look at that file on the server that’s giving you problems, while you’re at lunch or troubleshoot your permissions problem. But that’s not a need – believe you me, when the word “need” rolls into the room, I have far more powerful tools available to me than you do. You have no idea. Seriously.

No, I have a very serious reason for not wanting your password, and it is pretty simple: most people use the same password for a lot of different things, or their password is some pattern that they will reuse, over and over again. People will use the same password on their PCs that they will on their bank accounts, on their voicemail, on the alarm system at their homes; it’s an absolutely terrible idea, and lots of well-meaning people do it without a second thought.

There’s a chance, maybe small, maybe not, that if I see your password and I know a little bit about you, I can take your life apart. Financially, personally – your credit rating, your identity, maybe even your most closely-held secrets – I will be able to peel your life apart like a trailer park in a hurricane, in ways that you may never be able to recover from, because in many cases, the recovery mechanisms you would need don’t exist.

I won’t do this to you; I’m happy in my own identity, and don’t need your SIN, VISA number or anything out of your attic. But here’s the thing: if that does happen to somebody where I work, I can’t have anything to do with it. Not one thing. More importantly, I can’t be percieved to have had anything to do with it. That is a career-ender. If it happens to two people, that’s a disaster that I want to be as far away from as possible.

So no, thanks. I don’t need, or want, to know.


  1. Posted November 16, 2004 at 2:59 am | Permalink

    When someone tells me their password, I add it to the list of banned passwords for the organization and set their next password expiry time to 2 hours.

    Word gets around pretty quick.

  2. Melanie
    Posted November 16, 2004 at 11:39 am | Permalink

    So, reusing or recycling passwords is a bad idea – this I know. But for those of us with less than computer-like memories, what is the alternative? I have dozens, maybe hundreds of password-protected accounts in my life right now, from bank accounts to my palm pilot to my LARP character sheet which I access online. Many of these (admittedly, not the LARP) rightly require me to change my password regularly. This at least multiplies the number manyfold. I have a hard enough time remembering my USERNAME in many of these places, let alone the password. What is the alternative? Write them all down on a sheet of paper and hide it in my sock drawer???? Please advise.

    Oh, also. Now that I am married, it turns out there are some kinds of accounts (for example, wedding registries) that REQUIRE you to share a password. Granted, with someone you really ought to trust pretty well. But when such a person is a password-conscious meticulous freak, this doesn’t go over very well.

  3. Zeynep
    Posted November 16, 2004 at 12:35 pm | Permalink

    I wish some of the sysadmins here had the same concept as you do. They don’t seem to understand “You don’t need my password. If I could solve this with the access I had as the user, I would solve it myself. Pass me on to someone who has root.”

    Of course, after getting in my account and finding out that, surprise surprise, there’s nothing they can do, they do find someone that has su. Sigh.

    Signed, tired of having to change passwords every time there is a mailbox lock problem.

  4. Mike Hoye
    Posted November 16, 2004 at 1:05 pm | Permalink

    Please advise.

    Well, don’t write them down. Unless you’re going to put “P.S: Kick Me” at the bottom of the page.

    For usernames, standardize as much as you can and try to get it down to one or two possiblities. Usernames are plaintext everywhere, and aren’t all that important.

    As for passwords, make a value judgement about the importance of the account you’re working with, and choose your password accordingly:

    • For things that are of little or no importance with regards to your finances, privacy, identity or security of person, choose a pattern (not a single identifier) that has something to do with both you and the thing you’re accessing. I use an embarrasingly simple password pattern to get me on to the New York Times, Slashdot, the Washington Post and so forth, because I couldn’t possibly care less if somebody else is reading the New York Times as me. Don’t sweat these passwords, and don’t worry about changing them, because they’re de-facto throwaway accounts anyway, so who cares.

    • For things that do fit under the “finances, privacy, identity or personal security” umbrella, pick something that is difficult to machine-guess, meaning “eight to ten or more characters that contains uppercase and lowercase letters, numbers and standard-keyboard symbols and looks kind of random” and difficult knowing-you guess, meaning if you like both dogs and l33t-speak, your password probably shouldn’t be “d@ch5und”.

    Those last, you suck it up and memorize. And you change every few months, and don’t reuse. The “standard-keyboard symbols” thing is important, because you don’t want to get trapped not being able to log in because you can’t type in an Umlaut or a Euro symbol from wherever you are.

    You should base this judgement in part on the obvious stuff like “is this my bank account, are these my medical records” and in part on less obvious stuff, like privilege-escalation. For example, somebody who has the root password to my home machine could very quickly use that to get my banking information, if I bank online. Thus, the root password on my home machine must remain secure if my bank account is going to do the same.

    If there are more than eight or ten passwords of that level importance in your life, this means that your life needs to be simplified, not your password scheme.

    Do not give your personal passwords to anyone. Not your mom, not your husband, not your priest and not your sysadmin.

    If your husband is unwilling to divulge the passwords to shared accounts, they’re not going to be shared accounts; it’s hard to get around that, but this is a relationship problem, not a technical one; the same rules above apply, with the caveat that you consult before changing.

  5. Melanie
    Posted November 16, 2004 at 4:13 pm | Permalink

    Prioritizing is good. I do do that. I’m not a complete nincompoop.

    I guess I probably do have about 8-10 in the high level of priority. And there is no way I can keep track of 8-10 passwords that change on a regular basis. Especially the ones I don’t use as often. And as far as I know, it’s not actually possible to choose your own username for many of the big ones. I have called my brokerage account more than once to remind me of my username. I eventually wrote THAT down somewhere, though not under the header “brokerage account username”. Might as well make the robber have as much trouble as I did figuring out what it is.

    I guess what I’m saying is “whine whine whine”. But seriously, there has to be a better way. I foresee a continuing expansion of password-protected accounts in the coming decades, including more and more of the ones you actually care about.

  6. Jamie
    Posted November 16, 2004 at 5:06 pm | Permalink

    Mel, get the program Strip for your palm. A very secure (I can’t remember if it uses AES or IDEA) password storage program, using 128-bit block encryption. You give Strip a passphrase (I think up to 30 characters) from which it hashes the 128-bit encryption key. For your passphrase, use at least 20-24 characters, include spaces and different cases, no common words, and mix in numbers (though avoid obvious replacements like 3 for e or 0 for o).

  7. Jamie
    Posted November 16, 2004 at 5:08 pm | Permalink

    I forgot to add that strip will generate random passwords for you and will tell you how old each one is (so you can keep updating them).

  8. Melanie
    Posted November 16, 2004 at 5:18 pm | Permalink

    Ooh, I like that.

  9. DQ
    Posted November 17, 2004 at 12:09 am | Permalink

    To make a hardcopy of a hard-to-guess, hard-to-remember password harder to decode I use a needle in a haystack approach.

    Easiest way to explain is take a piece of graph paper, at a random position write the password down in a creatively odd pattern like a zigzag, circle, Nike Swoosh etc. Surround the pattern with random characters to make a matrix. First couple of times logging in, take a look at the pattern so you commit the pattern to memory.

    To make it more complex, try writing a matrix of random characters down first (perhaps a page sized matrix) and then randomly picking the password by picking a pattern. Wrapping around the edges, and starting anywhere in the matrix is allowed.

    I don’t mind temporarily pulling the matrix out in front of people to enter the password because unless they track my keystrokes or track my eyes, good luck.

  10. Mike Hoye
    Posted November 17, 2004 at 7:41 am | Permalink

    But seriously, there has to be a better way.

    Probably not. Biometrics is a long way from being anything more than expensive snake oil, and you can’t just change your retinal-scan if it’s compromised; you’re compromised forever.

    Right now, it’s strong passwords regularly rotated, or pretty much just forget about it. “Regularly rotated” could mean “every six months, providing nothing goes wrong” – which your sysadmin, bank and medical clinic should be civilized enough to tell if it happens – but it probably shouldn’t mean every year.

    The truth of the matter is that for the most part, all you need to do is avoid being one of the low-hanging fruit. So, change your passwords every six months, keep track of your credit card purchases and shred your trash.

  11. Ben Ryan
    Posted November 17, 2004 at 9:56 am | Permalink

    Biometrics is a long way from being anything more than expensive snake oil, and you can’t just change your retinal-scan if it’s compromised; you’re compromised forever.

    There are a couple scenarios I envision in which your retinal scan is compromised. In none of them is my first concern identity theft.

  12. Melanie
    Posted November 17, 2004 at 10:02 am | Permalink

    Ooh, yeah. We bought a paper shredder a little while ago, and it has the extra bonus of being fun! A friend of mine has a horror story of someone successfully applying for a credit card in her name and making a bunch of purchases, ruining her credit for a long time. So shred those credit card applications you get in the mail too.

    Yeah, I almost added a sentence to that post about “what about biometrics”, but realized I wasn’t really serious.

  13. Jamie
    Posted November 17, 2004 at 10:54 am | Permalink

    Mike, six months sounds ok, but for every password this might be overkill (even for semi-important ones). We live in a world where the lowest hanging fruit keep a copy of their bank card PIN in their wallet, use the default “admin” on their network gateway, have their phone number as their bank password, and just toss out credit card applications and bank statements. Quit encouraging people to become more secure, otherwise I’ll have to improve my practices! :)

  14. Mike Hoye
    Posted November 17, 2004 at 6:59 pm | Permalink

    Just because the low-hanging fruit are practically touching the ground doesn’t mean that you’re not ripe and withing arm’s reach. And you might be a fair bit juicier than the stuff at ground level, if you don’t mind my bruising your nice fruity metaphor with overuse.

  15. Mike Bruce
    Posted November 18, 2004 at 2:58 am | Permalink

    Sadly, I know more passwords than I’d like to.

    Like, I know my boss’s password from a previous job. I just checked it, and he still hasn’t changed it. I am actually sitting here right now trying very hard not to think of what I could do with that particular password.

    Before I read this post, I hadn’t actually thought about how unfortunate it was that I know this password.

    Sigh. I wish I could forget it.