Password Hell

For the last few days, I have been in password hell. I’m not sure exactly what I did to get sent here, but I don’t like it.

Once upon a time, passwords were easy: a simple word or phrase that unlocked virtual doorways. From the start, at least in my hazy memory, it was recommend that you not use your own name. A mere six characters was enough! And you could use the same password everywhere.

Password Hell
pale woman with glasses looking very frustrated in front of a background of random letters disappearing into the distance

Slowly, over many years, passwords have become much more complicated. At first, you could make your password more difficult to guess by substituting numbers for some of the letters. Special characters were still mostly off limits. It became a little harder to remember which variation of the same word you had used on which website, especially when some now required at least eight characters.

Then came the addition of the special characters. The easiest to remember were things like substituting @ for a, or ! for i. Heck, just slap an exclamation point or question mark at the end of your password, and consider the requirement fulfilled!

Progress has led to password hell

Fast forward to today (and it’s not even that far forward!), passwords have to be more and more complex. Gone are the days of using one password for every online account. It’s not even that safe to use the same password for two different sites! A strong password today must be at least 12 characters long, contain a combination of upper case letters, lower case letters, numbers and special characters, and not be in an order that would make a word. Leet speak is a dinosaur, boys and girls!

I’ve known for a while that I need to be less lazy about my passwords. I have a few that I have used for YEARS, in various combinations, on countless different websites. The problem with that is compromised data. As fast as humans can create security measures, other humans find ways around said security measures. Some data breaches are innocuous – more of a counting coup than anything. Others are much more insidious, targeted specifically to get personal information about registered users.

I’ve had accounts with several sites that have had data breaches. Many of them are sites I haven’t logged into for ages. My usual response is, “Whatever. I’ll deal with it later.”

Later finally caught up with me

A couple of weeks ago, I had a few strange transactions on my pre-paid debit card. I was really lucky, and caught it within 5 minutes, because I get notifications when a transaction goes through. I was able to immediately lock my card, and open a dispute about the transactions, though it will take a bit for that process to complete.

(Aside: if you are wary of credit cards, or have over-spent in the past, and you live in Canada, I LOVE KOHO. Besides the notifications, they have a cashback incentive, a roundup feature so you can save money for when you need it, a saving for a specific goal feature, and so much more. If you’re interested, we can each get an extra 1% cash back for 90 days if you use my referral link.)

What really lit a fire under me was the Canada Revenue Agency. They locked my account last month because my email address had been connected to a data breach. You can see if your email has been connected with a data breach here. I called them last week, and went through the pretty rigorous process of changing my username, password, and security questions, as well as setting up two-factor authentication (which means I have to enter a code that is sent by text message whenever I want to log in), only to have my account revoked on Saturday along with 800,000 others.


To say I was livid is an understatement. I checked my computer for malware – just in case – even though I have protection monitors on my computer. And I started the painful process of changing ALL of my passwords. At least, all the ones I can find… thank goodness for my password manager! I have spent time each day for the last three days logging into accounts and changing the password, and I’m still not finished. It has been HOURS and HOURS of effort.

I can say with confidence that I no longer remember ANY of my passwords. Each login has a completely unique gobbledygook password. The bonus is that I’m getting rid of one of my email addresses, so I needed to update a lot of those logins anyway. I’m telling myself that’s the silver lining.

If you need me, I’ll be updating more passwords…


PS. If you could use a break while you are updating your passwords, you might want to check out Unconditional Love Guided Meditation. It helps remind you of your true nature – love – and calm the raging technology beast.