CLICK, click, clack. “Wrong password or username.” Agh! Click, clack, clack. “Reset password.” Fume. Clack, clack, click. “Your new password cannot be your old password.” Laptop disappears through window. I mean, how can they say I’ve entered the wrong password when they had it all along?

Password rage is one of the defining conditions of the internet age. One in three of us suffers from it, according to one of those improbable surveys on Buzzfeed. I certainly do. I mean, why do I need a username and password to book a ferry crossing to France? Even when buying a pair of boots online ( not something I would recommend because they always turn up the wrong size) you’re asked to open an account with the inevitable password.

Most of us have, I’m told, 27 passwords to remember – but I seem to have far more than that, invariably forgotten. I tried using Last Pass and Apple’s Keychain, which is supposed to remember your passwords for you. It generates strings of symbols and letters that would be impossible for anyone to remember. But the problem is that Keychain doesn’t seem to remember them reliably either. As often as not when it autofills the password on an app or a non-apple website, I still get an error message. Or it won’t autofill at all and then I need to remember the password, which of course I can’t. Biometric identification? don’t make me laugh.

Loading article content

So what do I do? Well, what everyone else does: I note my passwords, pins and memorable data in a little black book; only, I’d better keep quiet about this because if Ross McEwan, boss of RBS gets his way, that might preclude me from being able to claim compensation for fraud. “You can’t keep blaming this on an organisation” he says, “when customers don’t take their own duty of care as well”.

Increasingly, companies are refusing to accept responsibility for frauds that result from phishing expeditions on the internet or from people not taking care to keep their passwords and pins secure. By secure is meant, presumably, kept in your head and not on a post-it note next to the computer screen.

Phishing refers to the increasingly sophisticated email scams whereby people are conned into giving out their passwords and other sensitive information. These scams seem to increase at an alarming rate. Almost daily I get emails allegedly from Paypal or some other reputable business telling me that my account will be de-activated if I don’t enter my login details. It could be from Netflix telling me that my account is on hold because there was a problem with my last payment.

Phishing used to be easy to spot. It was usually a badly-spelled email from some dodgy character in Nigeria offering untold riches if you would just help them transfer frozen funds out of the country. Really, it was your own lookout if you gave them your bank details so that they could give you your cut of the loot. But those days are gone and phishing is much more sophisticated.

Here’s one I received purporting to be from Apple. “We will hold your account for one week from the date of this email. After that date, if your account information is not updated, your account will be terminated and you will not be able to use it. To unlock your account, please sign in and follow instructions.”

I suppose most savvy people would understand that this is crooked. We are always told that we will never be asked for account details over email. But it looked genuine to me; all the logos were correct. The address is supposed to be the give away but often it comes from plausible accounts such as Support.Paypal. Or there are phoney “no-reply” addresses that are also used by legitimate firms.

I have fallen for at least one of these scams. It was an email message from the former editor of the Sunday Herald and asked me to access a drop box. I replied that I never open these attachments and could he tell me what it was about. He said it was something that couldn’t be discussed in an open email or on the phone and that I needed to open the drop box. I did, giving away my Apple ID in the process. My editor’s email account had been hacked. This was my first experience of what is called “spear phishing” where the scammers can actually conduct a conversation with their marks.

Of course, we all have to be vigilant and responsible but the scams are getting so clever that anyone could fall victim. But increasingly firms are reluctant to accept any responsibility. I always refer these scams to Apple, Netflix, Chase Manhattan, Paypal or whomever they allegedly come from. But I have never found any of the companies volunteering this information to users. Surely, as soon as they are aware of a scam, they should notify their customers but they don’t.

Indeed, I’m somewhat amazed that a mega-tech firm like Apple lacks the means to track down the IP addresses of the scammers. These are all-seeing, all-knowing organisations that harvest our personal information and use it for commercial purposes. They are very good at tracking our movements on the internet without us knowing about it. But they seem remarkably tardy in tracking down phishing expeditions.

The UK Government’s new data protection bill is in many ways admirable. It gives users the right to know what information is being kept about them and a right to have embarrassing teenage posts on Facebook “forgotten”. But it doesn’t address the other end of the privacy relationship and the responsibility of internet firms like Paypal to help guard the privacy of their users’ accounts. We need some form of once-only secure identification. Password proliferation is destroying internet security.

It is understandable that these companies don’t want to admit just how much personal information is stolen by phishing. Estimates of losses are unreliable but run into to hundreds of millions of pounds. But I fear they are cutting their own throats commercially by keeping shtum. I’ve stopped using my Paypal account because I don’t trust the name any more.