My signature barely matches what the bank insists it is. In about five years of holding this account, I'm yet to finish my first cheque book. I do all my transacting online. My password is my signature.
I use a different password everywhere. I remember all my passwords, or at least all the more frequently used ones, trusting the rest to a password manager.
I never change passwords. My method of remembering tens of unique passwords doesn't work when they have to change.
And so when a site demands a password change every fifteen days as security precaution, my system breaks down entirely. I cycle through the same three passwords across all such sites. My account's security is actually weakened as a result.
Some may say that this will all change with biometrics. I don't buy that. Biometrics will face far more resistance than passwords because it conflates identity with authorisation. It requires changing the fundamental trust patterns of society, which is not an easy sale.
We're going to be a password-based society for some time. How long will it be before a class on password management becomes as elementary as one on letter writing in school?