MICHELE NORRIS, host:

From NPR News, this is ALL THINGS CONSIDERED. I'm Michele Norris. And it's time for All Tech Considered.

(Soundbite of music)

NORRIS: Today we're going to dig a little bit into a problem that seems to plague all of our increasingly Web-based lives. From our emails to those Netflix accounts and credit card statements, I'm talking about the curse of the online password. How do you actually keep track of all those bizarre combinations of letters and numbers we're forced to come up with every day? Just coming up with them in the first place seems to be tough enough. Well, it's time for some solutions. But first we sent producer Skye Rohde to ask a few folks about their own password predicaments.

Ms. CHERRY BROWNLEE(ph): My name is Cherry Brownlee. I have so many passwords, I can't keep track of them. I have a company, and I have to call the person in charge of accounting to keep track of all of our passwords on our various accounts. It's one of the curses of technology.

Mr. GRANT KRILLY(ph): My name's Grant Krilly, and I had to throw away a $500 laptop because I forgot my password and no one could figure out how to fix it. Apple tried and they couldn't get it. And when your company can't fix your computer, there's a big problem.

RABINA: Hello, my name is Rabina. Stumbling over trying to find the perfect password that I would remember, well, I just thought, hmm, who am I? What do I look? And what's going on in my life? I'm a grandmother. I have dreadlocks. And I'm an artist. So I say that all in a different language.

CAROLINE (Caller): I'm Caroline from Connecticut and my password story goes like this. It was one of the first three professional development days at school before the kids were there. And we had gotten a new computer system at school and they were trying to get all the faculty logged in with individual passwords because it was going to be used as our grading system.

And they gave us a set of directions, you know, try this, try that. You know, here your password should be unique and only identifiable to you. And I tried everything. I tried my name. I tried my birthday. I tried all the old standbys. It wasn't taking anything. So I became rather frustrated and in my frustration hit the caps lock and typed (beep), and it took.

And then I spent the next probably three minutes trying to figure out how to undo the damage. And I'm thinking in my head, I don't have tenure. This is a public high school. This is bad.

Mr. DEREK TUKSBERY(ph): I'm Derek Tuksbery. I'm a freelance writer out here in Los Angeles. And my problem with a password that I had was probably about four years ago. I was working at a company and I was trying to get online and it turned out that my password wasn't working. So I had a call to tech support. So I talked to them, I'm, like, is there any way that you could fix this? Can you get into my program somehow? And they said, no, we have to use your password. And I'm, like, oh my god, my password - it's so embarrassing. I don't want to tell you what it is. And they said, we can't get there anyway without your password, so just tell us your password. And so I said, all right, I'm going to tell you, but you're not going to be happy about it. My password is ninjas in my pants.

(Soundbite of laughter)

NORRIS: That montage is from independent producer Skye Rohde. And you may not want to choose ninjas in your pants as your password, although it is memorable, but chances are you still struggle with keeping track of everything from time to time. And here to help us clarify the how-to is our resident tech expert Omar Gallaga. He covers technology culture for the Austin American-Statesman. Welcome, Omar.

OMAR GALLAGA: It's good to be here, thanks.

NORRIS: So, why do we need so many passwords? Why can't we have something like a universal remote, one password that we can use for everything?

GALLAGA: Well, I think you just gave the IT people at NPR a heart attack. Having one username and password for all the sites you access is a very bad idea, because if someone cracks one of those passwords, they have access to all of your accounts. So it's also a bad idea to use a password that's any word that can be found in the dictionary. So the ideal password is usually about eight letters long, preferably 14 or 15, and includes letters in lower and upper case, as well as numbers and symbols. I do know that I'm going to have to go back and change all of mine because I didn't know ninjas in my pants was so widely used.

(Soundbite of laughter)

GALLAGA: But the last thing you want to do to use the same password as your login name, to use family information like your date of birth or, you know, birth of your kids as passwords, or to write down your password on a Post-it note and stick it on your desk. I know everybody does that, but that's another way to drive your IT department crazy.

NORRIS: Now, there are people who've looked into this, and you've talked to some of them, what have they found?

GALLAGA: Well, I spoke to Nick Forcier, the CEO of a company called Large Software. They make a piece of software called Password Manager for Windows. He says that the average user has at least five to seven logins and passwords to keep track of at any one time. And that the solution is to use software like that can keep track of them all and can also generate much stronger passwords for you. You wouldn't have to come up with them yourself. On the Mac side I've been using a program called 1Password, the number one, password, which keeps all of my passwords remembered and is easily accessible in the Web browser.

And one reason I really like it is that there's also an iPhone version of it that transfers all of my passwords to my phone. So if I'm accessing Web sites on the go, it has the same passwords as my desktop. And there's even a handheld device I've been playing around with called the Logio Secure Password Organizer. It's a little white device the size of a credit card. And you actually type in your Web site's logins and passwords into it. It's encrypted and you only have to remember one master numerical pass code, and if you can remember that, you've got all of your passwords in front of you. And if it gets stolen, it's protected by that.

NORRIS: Now, there's some basic dos and don'ts when it comes to passwords, perhaps we can just tick through some of those quickly. How often should you change your password?

GALLAGA: Some people say every six months, others, like Nick Forcier that I talked to, said as often as once a month. I'd say it depends on how sensitive your online accounts are and how good you are keeping track of them and remembering them. If you lose them or can't remember them, changing them once a month isn't going to do any good.

NORRIS: Now, it is a good or bad idea to click that remember my password tab that we see so often we log on?

GALLAGA: Well, it really depends on whether you're sharing a computer with others in a public or work space or if you're the primary user. If it's a home computer that only you are using, it's fine, but if other people can access the same machine, or if you're on an unsecured wireless network, you definitely want to deselect that option.

NORRIS: Before we leave the subject of passwords, I have one last question. Sometimes passwords are assigned to you by a Web site or a retailer, should you accept that or just immediately change that first opportunity you get?

GALLAGA: You should change it and get it consistent with whatever system you're using to remember them. For one thing, you could lose the password and then you don't have access to it anymore. And also, you know, it's much more difficult to remember a random password assigned to you than something where you've got a consistent system or a place to store it.

NORRIS: Now, I understand that you're going to be posting a lot of these links on our Web site on the blog.

GALLAGA: Yes, definitely. We're going to be posting links to a lot of the software and a lot of tips. But we also wanted to make note of some of the posts we've received from last week's segment. We talked about what happens to your passwords and private information when you die. And we actually received some really great posts on the blog and on the story segment from people who have had that experience, who have had family members who have passed away, and they've set up online memorials on Facebook, or have had to control the Web site after a family member died - some really moving stories that we got on the Web site.

NORRIS: Well, we'd love to hear from you, meaning our listeners, about your password strategies, if you use ninjas in your pants or it's Christmas in July, whatever it is, we'd love to hear about it. This is a joint-learning process. So you can write to us at the All Tech page at www.npr.org/alltech. No password required. Omar, thanks so much for being with us.

GALLAGA: Thanks for having me, appreciate it.

NORRIS: That's Omar Gallaga. He covers technology culture for the Austin American-Statesman.

Copyright © 2009 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR’s programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.