Password Annoyance

After the 2016 Presidential election cycle, there is one thing for certain ... cyber security is more serious than we thought. The Bernie Sanders, Clinton and Trump campaigns all had issues with security of their information and the entire Clinton campaign may have been brought down by lack of server security. That is unfortunate because now all of us regular people doing regular things get to be utterly annoyed by cyber-over-security.

As a lawyer, I know I tend to over lawyer a contract or negotiation by adding verbiage or terms intended to prepare for all the “what if’s” the contract is supposed to protect against. It appears there is now a profession that can overdo it more than lawyers. Congratulations IT people in charge of our cyber security.

Recently, I was asked to complete a letter of recommendation for a former student. Long gone are the days of writing a letter and mailing it in. There is not even a process for emailing in your letter of support. Now, in order to give someone praise one must make a secure account, upload and check two or three prompts ensuring you have uploaded what you wanted to upload and then give the well earned compliment. These millennials will have to earn these letters going forward.

I don’t know if Georgetown, Vanderbilt and the other top tier schools I submitted these letters to have had a rampant issue with security of letters of recommendation. I guess it is possible that some smart college student hoping to gain an advantage could hack into the systems and replace each of his competitors’ letters with his own rendition of the ABC’s or horrific social media post by the applicants. Somehow I find that doubtful. I’ll be sure to consider that “what if” however on the next relevant contract I draft.

Nonetheless, I was required to create a password and an account. Great, more emails to sift through. Unfortunately, I could not create just any password. This ultra-secure site required a password with at least one capital letter, one number, and one special symbol. Like many of you, I try to create passwords that I can actually remember. Although I don’t expect to have to sign in to submit a second letter of recommendation for this student, just in case I got logged out I tried to pick something memorable. At the same time, due to over secure warnings, I did not want to use the same password I use for my bank accounts and other truly important log ins. Of course, as expected after choosing an over complex password I was logged out, directed to my email where I had to click a link to reenter the password I just created. How annoying.

There are only two things more annoying than a complicated password requirement. The first is when you forget the complicated password and must create a new one. Why can’t I use a password I used before? Is there a deadline or fall off period like the seven years on your credit report when you can use the same password again? Creating a new password that is not the same as the one you had before only works for people who can remember all their passwords – in which case they wouldn’t need a new one. Whole reason you had to reset the darn things again is because they made you change it in the first place. I dread the prompt that says “Time to change your password.” Why? Who asked you.

The other annoying password issue that tops the other is this newer requirement for a two-step sign in. Every single time after entering your unique, multi-character password you then must receive a text with a verification code. It seems like my phone is always in my hand except when I need to get the text for the verification code. I have to search for the phone and hope I don’t get distracted by a notification for a missed call or other text because of course the verification texts are only valid for a limited amount of time. Miss the time then you get to start the process all over again.

My husband is an IT guy. He reminds me all the time that you must have these things and they are for my “safety.” Hogwash. These things were created to annoy me and make me want to launch my laptop across the room. Protecting my security is just an added benefit.

There are things that need to be secured and safe. Our bank accounts, our private health information, but the security level on the kids’ lunch money account, this letter of recommendation site, and other basic information is pretty ridiculous. Sounds like IT people with too much time on their hands or who want to prove how capable they are although their skills are being wasted. Hey IT cyber security folks, let’s focus more on the Russian hackers ruining our elections and less on protecting letters of recommendation.