Resetting passwords, a meta-analysis anecdote.

I’ve been a 1Password user for, well long enough that some of my passwords have “creation” dates of 2014. So, a while. And that means that, like all things humans store things in, occasionally it gets to be a mess in there. Once I realized that way more of my passwords were weak or had been leaked than not, I decided to take on the task of cleaning things up.

Here’s what I learned over two weekends of checking and changing the passwords stored in my password checker:

  1. Nobody tells you when a site you used to use goes under. You just discover that clicking the address for it goes to a 404 or that Safari can’t resolve the domain name at all. There are just under 100 passwords in the trash now because their sites are dead and gone.
  2. Similarly, nobody tells you that Foursquare, a site I used to keep track of places that I visited in a quasi-augmented-reality kind of way, would still be alive and kicking years after it gave up its gamification and became boring. Hello, Foursquare folks! I’m sure you’re not actually¬†boring boring but I do wish I still had all that checkin stuff from my trip to London.
  3. As an industry, we haven’t settled on where our password settings go. Account? Settings? Security? Options? Passwords? I critiqued a menu the other day by saying that labeling one option “Junk drawer” instead of “more” would be easier for users to understand (and pissed off more than one designer in the process) but information architecture is very much about information scent, and having changed probably over 100 passwords I can tell you that we don’t have consistent information scent on “where I will find my password change”. If you point at 5 competitors and say “they’re all using X” I now know where I can find at least 50 that are not using that term.
  4. Some websites, especially if they’re associated with an app on your phone, straight up don’t offer editing your password. It’s a minority, but it’s real.
  5. While you weren’t paying attention, there’s a strong chance that some of the sites you rarely use implemented 2 factor authentication (2FA) without telling you. I have a password. It is valid. I typed it in. Then I had to go fetch a code out of my email to log in, even though I never opted in to this. Or a text message. Or immediately get prompted to set up 2FA. I mean, ultimately this was a good thing but also it added significant time to the process of changing a lot of passwords in a lot of places.

In sum total, obviously, doing this clean up was worth my time and effort, both because it cleaned out a lot of cruft and because it significantly increased the security of my accounts.

I’m not sure it’s the way I’d recommend doing a comparative analysis of password resetting, but it was certainly a lesson in all the good and bad ways to do it.

Five things I wish I could do

Five things I wish I could do:

  1. Indicate to stores that try to resell me things I bought in the past (Amazon, Wegmans Instacart, looking at you) that I never want them to sell me the disgusting / broken / incorrectly advertised / crap thing again. I don’t want to be offered it. I don’t want to see it. Those frozen sweet potatoes are dead to me.
  2. Convince Safari on the iPhone that when I say “Don’t save this password for this site ever” I mean “ever” and not “please prompt me again the next time which will be in 20 minutes because I’m playing email tag with this doctor.”
  3. Blast email all the car dealerships that I contacted when I was looking for a car with a “found it!” message so they don’t call me every three months hoping I’m coming back. And actually have them listen.
  4. Remove the phrase “But Google does it!” from the lips of every PM, designer, researcher, and executive who doesn’t work at Google. I don’t care what Google does, I’m not working at Google. If Google jumps off a bridge, are we going to too? (Note: question null and void for Bing, since at least as far as LMMs are concerned the answer appears to be yes. Hope you packed your parachutes.)
  5. Work a design job where lunch was not only respected but expected. That’s actually on me — I have to be more of a bear about protecting my time.

And one shout-out to the lady who has been working for the siding company for eight years and has called every spring to see if this is the year we’re going to re-side the house: your tenacity and organization astounds me. May we all have the guts to keep calling even when the answer has been no for eight years straight. I’ll talk to you next spring.