Martin Colebourne

Let me get this straight.

I have an an account for online banking, my credit card company, my corporate credit card, my savings provider and an internet broker.

An account for the app I use to take notes, for the site where I publish blogs, for the CMS for my website, for my email account, for the app store on my phone, for LinkedIn, for Facebook, for Twitter, for eBay, for Amazon, for Instagram, for whatsApp, for YouTube and for Vimeo.

An account to pay for car parking in our village, another one to pay for parking in the next town and a third to pay for parking at the station.

An account for my mobile phone provider, my electricity provider, my gas provider, my water provider, my phone and broadband provider, my home insurer and my car insurer.

A travel booking site, another travel booking site, a cheap hotel chain, another cheap hotel chain, an airline, another airline and a car rental company.

I also have a login for a clothing website, a cycle equipment store, a sports equipment maker, and a specialist light bulb supplier that seems to be the only place in the world that sells the weird bulbs that go in my kitchen. Plus God knows how many other shopping sites and apps that I’ve used once and forgotten about.

Not to mention the password for my computer at home, the login for my computer at work, the login for my work VPN, and the other one for accessing work emails on my phone.

OK.

And for each one I have a “username” made up of letters and numbers that identifies who I am.

Sometimes this is my email address (which is great because it’s something I actually know); sometimes it can’t be my email address, but I can choose what it is, so it can be something to do with my name; but sometimes they just assign me some weird concoction made out of bits of my name with random numbers thrown in.

And when I have to make up a username, some places will allow special characters like dots and dashes and others won’t; some have a minimum length requirement; and some have a minimum and a maximum length requirement; and sometimes the username I want is already taken. So my username isn’t the same everywhere I go.

And then I have a “password” that only I know, so they know it’s really me. Unless it’s someone else who stole the password, or a computer program that tried out millions of random possibilities until it hit the right one. They would be fine too.

And this password needs to be a string of letters and numbers and symbols, a bit like my username, but definitely not actually my username, because that would be dumb.

And I need to make this string of characters really hard to guess. So it shouldn’t contain normal words or phrases; and I should mix upper and lower case letters, numbers, and symbols into some fairly random arrangement to make it difficult for computers to find it by trying millions of random possibilities?

And I need to use a different password for each of those 50-odd accounts?

And I should change these passwords regularly to keep them secure?

And I’m not allowed to write them down?

OK.

I just have one question:

How the hell did we get here?