Too Many Passwords

too many passwordsI am old enough to remember a world where people did not need passwords to access their own information. Then came the era when passwords could be simple phrases, like a child’s name or a birthday.

Then I got hacked. Now I am not sure why a hacker would want to hack a website that contained absolutely no personal data or credit card or other information. What is visible to you online at this website is pretty much all there is to it. We don’t have a shopping cart or other elaborate repositories of personal information. But we got hacked in what I later learned was a “dictionary hack.” My password was a word. It was not a common word, but it was a word, and there are apparently software gremlins that just attempt every password in the dictionary until your website opens up. The hackers then used my good domain name to spam people. I know they did this because I had thousands of bounced emails the next morning.

This happened years ago. My tech savvy buddies suggested that I mix letters and numbers since that made the password much harder to hack.

Now I hear this: if you mix upper-case and lower-case letters plus numbers plus a symbol in a password that is more than 12 characters long, it takes even advanced automated systems 17,000 years to hack it. I cannot claim that this information is correct (the 17,000 years part) but that’s what I heard.

So now my passwords have all gone from buccolic phrases and joyful memories of pets and friends and places to convoluted codes.

That is not the affront. The affront is that people think we know these cruel passwords. Take these recent experiences:

  • I got a call from my credit card company. I missed the call and all that showed up on my phone was a number with no indication as to who it was from. I called back. I get a voice recording and the first thing it said was to type in my 16-digit credit card number. Remember, at this moment, I did not even know who the call was from. I just get a demand–cold–to type in my credit card number. This may come as a surprise to you, people at MasterCard, but I do not have my credit card number memorized.
  • I was recently asked for a PIN number on a web page account for which I have a username and a password. I had no idea I even had a PIN number, much less what it was.
  • An otherwise very nice person asked me if I wanted to join a certain group. When I found out I needed a password, I declined. I told him I couldn’t stand the emotional burden of another password. I think he thought I was being dramatic.

As medical marketers, you might think this does not apply to you. But as medical marketing migrates more and more to online sites and features, the password rears its ugly head. If you maintain web pages or other accounts for which your customers must maintain usernames and passwords, here is some good customer-facing advice:

  1. If you are going to demand that the customer provide a password or other secret code, give them some warning. For instance, you may want to say, “This is MasterCard calling about your account. Please call us back and have your account number handy.”
  2. While you can make your customers jump through hoops to access web pages or other content, remember that each password represents a burden to them.
  3. If somebody ever wants to access something and that person has a legitimate username and password but cannot find it, this annoys them. Every time you make a customer deal with a username and password you are running the risk, maybe even the probability, that you will at some point get them mad at you.
  4. If you offer special services and want to attach a username/password to them, think twice. Sometimes this is the right thing to do. But if you can find a way around it, so much the better. Nobody wants another password.

The main goal in any type of marketing, especially medical marketing, is to keep value, content, education, information high and annoyance low.