MY secret journal will be secret forever. I have forgotten the password that seemed so canny two months ago. Now I am locked out of my private ruminations.
The information technology world has its seasons just as much as ducks and trees and dogs and cats. Late summer is the peak for forgotten passwords and PIN numbers and the helplines take on extra staff to deal with the surge in calls.
The feint neural pathways across the brain made by words and numbers which have no emotional weight are washed away in a few weeks by the tides of summer.
The brain is designed to flush out what it regards as emotionally insubstantial. Underlying the early September surges in calls to helplines and banks, there is growing evidence that the problem is getting worse, as people are required to remember more and more arbitrary numbers.
Research confirms the greater the memory load, the greater the likelihood of failure. According to one company of IT analysts, the Gartner Group, an employer with 2,500 desktop computers can spend more than £500,000 (€620,000) a year resetting passwords. Industry estimates say 20 to 50 per cent of all calls to company help desks are from people needing passwords reset.
There is a lot of research going on to replace or improve PINs and passwords but the problem is itself a testament to their ubiquitous success. It is impossible to lead a worldly life without them. What cheaper way could there be to securely identify certain people and keep the rest out? They guard bank accounts, homes, computer files, school buildings, mobile phones and websites. They have eliminated armies of doormen and bank tellers, saved on endless excursions for meetings. If only there weren't so many of them.
"Most people think of memory as a store room," says Prof Martin Conway, author of Congnitive Models of Memory, "when in fact it is dynamic, a mean system. Unless you are allowed to choose a number such as your birthday, the best way to remember is to integrate the password with something already in your long-term memory". Called "mapping", this process involves laying the thing you hope to remember over something else already fixed in your mind.
One champion memoriser was a running fanatic and he turned the figures he was given into running times. The mnemonic systems of the ancient Greeks, used until printing came along and revered as one of the five elements of rhetoric, involved placing the information in an orderly way along an imaginary architectural structure. However, if you turn 3288 into an eyepopping mnemonic such as a bust to hip measurement and 1347 into the height of a mountain, it only adds to the clutter.
It seems the public is not ready for this unexpected chore. In IT jobs, or management consultancy, where some people have to manage more than 100 passwords at any one time, they have taken to loading up Palm Pilots with encrypted programs where their secrets are stored, so that all they have to remember is one PIN number and the Palm Pilot itself. Even that is not easy.
The Stone-Age version is to make coded entries in your address book, but banks sternly discourage writing PINs down anywhere, and, obediently, most people are still trying to keep them in their heads.
Banks, whose main concern is growing levels of fraud, have put a lot of money into biometric methods of identifying their customers. Eyeballs and fingerprints are harder to steal, and impossible to forget. "But biometrics just isn't accurate enough yet," says Mr Richard Tyson Davies of the Association of Payment Clearing Services (Apacs) in Britain. "A failure rate of one in 1,000 sounds good, but that means the supermarkets turning away 70,000 enraged customers every day."
"Biometrics is not as secure as it seems either," says Mr Arthur Kaletsky, of Scott Polar Research in Cambridge. "Your retina goes down the wire as a string of numbers. If someone is tapping the line, it doesn't matter how long the number is. Then you would have real problems with your identity."
Contrary to the impression given by scare stories, the main security problem is not the PIN; it is the credit card itself. The chances of a thug peering over your shoulder, seeing your number, bashing you on the head and snatching your card are tiny. The French use PIN numbers for all transactions now instead of signatures, and fraud has dropped to negligible levels there.
However, the magnetic strip-type credit card numbers are just ridiculously easy to rattle off down the phone or on the Internet, and, compared to, say, bank notes, a breeze to copy. The banks are fighting back with socalled smart cards, but PINs will stay.
Smart cards were invented by the French 20 years ago. The original idea of a credit card - a piece of hardware combined with a secret code to securely identify the person using it - will still be there, but instead of the magnetic strip the cards have a tiny chip which generates a different encrypted number every time they are used. The PIN is never transmitted down the wire and the chip in your pocket, can't be accessed by counterfeiters. For the foreseeable future, they would also be prohibitively expensive to fake.
"The beautiful thing about them," says Mr Frederic Engel of ActivCard, which is making the new Visa and Mastercards for Britain at the moment, "is that unlike stupid cards [with a magnetic strip] they are also capable of multiple functions. They could be used at work, on buses, on the Internet, in shops, banks, gyms - like an electronic wallet. We could all go back to one PIN."
However, these wonderful objects are not quite what we are going to get straight away. The banks are still wrangling over who would own what if the smart cards' functions were to be shared. A simpler version will be marketed over the next few years; there will be no escaping the proliferation of codes for a while. But is it that attractive to imagine your all-singing all-dancing smart card, issued by a bank, brimming with personal details? Would we want our level of security clearance at work, our account details, which depilatory we use and whether we eat between meals all revealed to the same institution?
PIN numbers will shortly be the only thing which the commercial world doesn't know about us.
