What We Talk About When We Talk About Passwords

I work at Google. That said, this is a personal piece; the opinions & ideas here are my own, not those of my employer. 

It is just after six p.m. and I am home from work. The sky is still bright, a clear transparent blue behind fast moving fluffy clouds. The late afternoon or early evening light is clear and bright too after a rainshower that drenched the car just as I stopped at the gas station to refill the tank. I am upstairs sitting at my desk facing the window looking out, and wondering if there will be a rainbow. I open my laptop, log out of my work account, and log in to my personal account.

Some months ago I changed my password. This was in response to some generalized security breach or other; I don’t remember which. But as I was choosing my new password, I thought about what it should be.

Something I’d remember.

Something not like other passwords I’d used.

Something not easily guessable.

Every time we choose a password, we attempt to describe our own minds. Consciously or not, we attend not just to what am I thinking about today, but what will I think about tomorrow, what will help me remember this code I’m creating, what will I associate with this thing I’m trying to log in to. Even if we open up an app that generates a supposedly random sequence of letters and numbers and punctuation (and don’t you wonder about the security and privacy on an app like that?), the choice to do so still reflects something about us.

In choosing a password, I think we create a metaphorical thumbprint of the way we think, what matters to us.

In spy movies and thrillers, there’s so often a moment where the hero or villian needs to get information off of or onto someone else’s computer or phone. They do so by guessing a sequence, hands poised dramatically over the keyboard or screen: a moment, eyes closed, reflecting, considering. What matters to the person whose device they’re hacking? What is a significant birthday, a catchphrase, a city? The hacker’s fingers move, and the target’s life and secrets are spelled out in just eight to ten characters. Access granted.

Of course, real hacking attempts are rarely anything like that. They’re more often like the Target data breach: the target hacked isn’t an individual as such, but a much larger trove of much broader and more general information. Those attempts have little in common with the hacker in a movie, pausing to remember someone’s birthday in hopes of cracking the code.

Some of my own passwords are more complicated than others. Heresy though this may be, there are sites where I just don’t care if my so-called information gets stolen – those are the sites which don’t have much information to begin with. Some of my passwords follow intentional patterns. Some don’t. Some are legacies, leftovers from old thoughts, old ideas. Some are so clever I can’t remember them, and have to use the ‘forgot password’ link each and every time I log in.

But this time… when I was resetting the password on my computer, which is a pretty basic and fundamental thing, I thought harder about it. I wanted a password distinct from my own patterns, memorable to me, meaningless to anyone else.

And so I took a deep breath, and chose something in honor of my Dad, who first taught me about computers – and who these days may or may not remember that.