A Brief Reminder Regarding Passwords

20 January 2017


Password security is your responsibility. You must create them carefully.

Effective passwords will have the following characteristics:

They will be unique. That is, each and every one of your passwords must be utterly different than all of your others: work, personal finance, social media, getting money into your kids’ lunch accounts. For those of you juggling 70-80 passwords, the creative possibilities are endless!

They will be hypersecure. It is not enough for passwords to contain the occasional capitalized letter or number. They must contain special characters, logograms, typographical symbols, alphabetic characters from other languages with diacritical marks, mathematical symbols, inverted letters, etc.

Note that passwords consisting of ordinary words or keyboard sequences are unacceptable, as IT departments may choose to allow hackers to consecutively attempt tens of thousands of logins on a single account without locking out the hacker. Even so, any such successful dictionary attack is by definition your fault, not that of your IT department.

Password requirements will not be revealed in advance. Telling you before you start crafting your password that it must contain no fewer than seven Korean logograms or at least 11 mathematical symbols would be no fun. You must guess what the requirements are! Each failed attempt to set up your password will be followed with a hint about what you did wrong so that you can try again. And again. And again.

Passwords will be supported with authentication procedures. These may require you to reveal your personal e-mail address or cell phone number. If you begin receiving unwanted e-mails or phone calls after that, rest assured that there is no known reason for that happening. This is true even if those messages consist of marketing from the entity that required you to set up the password in the first place.

Password resets will require correctly answering any number of “challenge questions”. These questions must be chosen and answered in advance, and may contain deeply personal information. Please know that it is inconceivable that anyone might use this information in an inappropriate manner.

Passwords must be memorable. You should never write down any passwords, no matter how many you have. You must remember all of them.

Passwords must change frequently. In general, you should not use any password for more than thirty days. You will need to come up with a steady stream of new passwords that meet all of the above requirements.

Passwords are disposable. Never use the same password twice. After thirty days, delete and replace. Recycling may be good for other things, but not passwords.

Passwords must never be shared. If you are responsible for online bill payment and die, your significant other or surviving family members should have to obtain a variety of court orders before they can pay the utility bill.

We hope this will help you keep your accounts secure. However, if your account should become compromised, please understand that while we may be able to reconstruct the complete and utter history of all of your online activities since 1996, it will be impossible for us to determine where the contents of your IRA went. Good luck!