I’ve started using BitWarden – the open source password manager. As I’ve been binge-watching Marie Kondo, I thought it was about time that I deleted all the accounts that I no longer user.
I got rid of dozens related to previous employers. I hope the passwords wouldn’t work after I left but 🤷♂️.
I scanned through the list and deleted old bank details, failed social networks, and obvious duplicates.
I’m left with seven-hundred and ninety-five different login details!
How has it got this bad?
Partly it is my fault. I seem to have three different passwords for PlayStation. I’m not sure which is the main one, and I’m too afraid to delete the others in case they are important.
Some is the fault of companies which insist on separate logins for their website account, discussion forum, and help centre.
I’ve been online since the 1990s and have accounts all over the place. I have no easy way of knowing which of my accounts still work.
Is this actually a problem?
I don’t trust centralised logins. If everywhere offered, say, Twitter logins – then I’ve put all my eggs in one basket. If the login provider breaks, or goes out of business, or blocks me – then I’ve lost access to everything!
It also means that one provider can’t track me around the net. I don’t want Facebook knowing every time I log on to my electricity provider’s site.
But… It puts the onus on me to be responsible. There are risks associated with password managers – but I doubt I could remember eighty complex passwords, let alone eight-hundred.
(I know some people recommend a password algorithm like
pass1234-fb for Facebook and
pass1234-tw for Twitter – but this doesn’t scale when sites ask you to update your passwords, or have different complexity requirements.)
Can this be fixed?
I don’t know which companies have merged or vanished. It’s tedious going through every account testing whether my login works.
Basically, websites should have a page called
/.well-known/change-password. If you visit
twitter.com/.well-known/change-password, you’ll be taken to a password change page.
A password manager can use that to test whether my password can be changed – that might tell me if a service is still live. But given that the proposal doesn’t yet have wide support, there will be lots of false negatives.
So I am left with two options:
- Accept the clutter. Live with the pain of searching through nearly a thousand passwords every time I want to log in somewhere.
- Spend a few weekends deleting the accumulated crud of a few decades.
Does this password spark joy?