Sunday, March 18, 2007

Forgot Your Password?

Login passwords are obviously integral to the modern Internet lifestyle. Your e-mail account, your personal weblog, your online banking account, your YouTube favorites, your eBay console, your bulletin board memberships, and your instant messaging windows will all need an appropriate password before you can get inside and start doing whatever you want.

This is why we have utilities that exist for the sole purpose of helping people retrieve lost passwords. The most common of these is the "Forgot Password" setup, which sends your forgotten alphanumeric code over to one of your e-mail addresses. It's quick and easy, and unless some identity-thieving offender also has access to said e-mail address, it's fairly secure.

Less popular, however, is the Security Question method. This is a more difficult password retrieval setup where the login system will ask you a question that (presumably) only you can answer. In fact, this setup is common to a lot of e-mail services -- if only because it would obviously be pointless for the system to send a copy of the lost password to your inaccessible e-mail address. :)

As you would probably imagine, the questions themselves tend to be very personal in nature. Yahoo! Mail, for example, offers a selection of nine Security Questions for its e-mail users, ranging from "What is your father's middle name?" to "Where did you first meet your spouse?". You'll notice, of course, that these questions were carefully chosen so as not to reference any answers that may normally appear on any personal information forms: None of them ask for a date of birth, for instance, or for the street name on one's permanent address.

The "fringe" nature of these Security Questions, however, also mean that they can be forgotten under the wrong circumstances. What if you can't remember where you met your spouse, for instance? Or what if your all-time favorite sports team somehow changed over the years?

In addition to the above, the syntax might also turn out to be a problem; Most Security Questions will require no less than an exact answer. Questions like "What is your favorite pastime?", for example, might turn out to be liabilities two or three years down the line. And that doesn't even consider such intricacies as punctuation or personal turns of phrase.

I once had an e-mail address whose Security Question was set to "What year did you start writing?". If you're thinking that this would turn out to be a foolish question, then you're right -- it did: A couple of years later, in my efforts to reactivate the account, I tried a few hundred different responses ("1992", "1992.", "92", "1992!", "Nineteen ninety-two") before I discovered that I was merely a "'92." away.

Nowadays I try to use literary questions when it comes to this sort of thing, mostly involving works of fiction that I conceptualized but never actually wrote. Some examples that I've gotten away with have been the following:

"What dragon has but one arm?"
"What is the name of the crystal fan?"
"Who said 'Ducks would make far better messengers'?"

Yes, they're weird. But in the back of my head, they each have only one answer that is totally unmistakable, and they are therefore secure.

Unfortunately, e-mail services nowadays discourage customized Security Questions; I assume that there's a higher chance of forgetting the corresponding answers as time goes on. Instead, most of them offer users one choice from a set selection, much like Yahoo's nine. I personally subscribe to "What is your pet's name?" myself, if only because nobody outside the family even knows that I ever had a pet at one time or another. (That, and I usually screw up the syntax a bit just to confuse them anyway.)

With that said, however... there's bound to be some point in the future where I can't help but forget the answers that I originally laid out. Maybe I'll have acquired some form of chronic absent-mindedness, maybe I'll have gone senile, or maybe I'll have suffered a debilitating head injury. With a bit of luck, it'll be a while before I encounter any of these situations. But when they do happen... well, I'd probably have nothing left to do except to open up a brand-new account.

On the other hand, e-mail isn't necessarily eternal. We're going to have to let go of all those messages sometime.

I just hope that, when the time comes to open a new account... they'll let me set up whatever question I want. I have this great question about chocolate and cardiology that I'd like to use...

No comments: