Most passwords suck. They're often based on things like kid's names or so short and simple a hacking program could figure them out in no time flat.
I understand the need for simplicity when we have so many log-ins for so many Websites. I have about 200 different log-ins, so I've have had to deal with this issue. But it doesn't have to be hard. Here are some simple strategies:
First, let's look at what the National Cyber-Security Alliance suggests and then we'll put them into a couple of easy, usable rules.
Use passwords that have at least eight characters and include numerals and symbols*.
Avoid common words: some hackers use programs that can try every word in the dictionary.
Don't using your personal information, your login name, or adjacent keys on the keyboard as passwords.
Change your passwords regularly (at minimum, every 90 days).
Use a different password for each online account you access (or at least a variety of passwords with difficulty based on the value of the information contained in each.
The one rule here I concede to the needs of simplicity is the second, using common words. However, what I do to is to combine two words so that together they make one non-word. I typically add a non-alpha character between them and, if I want to be difficult, I'll make one random letter uppercase. Here's an example to show you that this is easier than it sounds:
Say I like elephants. And say when I think of elephants I think of their big trunks. So maybe a good password would be
elephantrunks
That's a start, but maybe I can make it better. I'll make "trunks" into "chunks" since chunks don't go with elephants, but is close enough in sound to remind me what it might be.
elephantchunks
Nice, but let's complicate it just a bit.
I find the * symbol easy to type, so I use that.
elephant*chunks
You could stop there and have a pretty secure password, but if you wanted it more secure, change p to P
elePhant*chunks
Now, that's a secure password. I read this technique somewhere and the author figured it would take billions of years for a bot to figure it out, and his was simpler than mine.
If you don't want to go through those creative hi-jinks, you could also break words up in unexpected ways, by putting a hyphen or other character in-between words.
This is an even more secure password: elePhant*ch-nks But could be many variations.
The key is to figure out words that are not directly related to you (I use animals) but you'll remember. I find the funnier the better, but I won't reveal to you mine!
The Cyber Security Alliance also has a suggestion that is worthwhile:
"One way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, "How much wood could a woodchuck chuck" would become HmWc@wC."
Equally good. These are all tactics to help bridge memorability and security, so whatever works for you personally is best.
The last two rules the CSA gives are pretty difficult to do, but here I use priorities. The passwords you have for more critical functions, like on-line banking, should never be the same that you'd use for something like signing up to a magazine's Website.
The reason might not be as obvious as it seems. First of course, you don't want to compromise banking passwords in any way (these too are the ones you should certainly change periodically), but not all password storage is the created equal.
Lastly, there are good ways to manage passwords. My favorite (seems like I couldn't live without it) is "1Password" by Agile Solutions, but I think that's a Mac only application.
*8-12 characters is usually a good length, although 12 seems to be a sweet spot for hacking difficulty. Some programs don't allow for very long passwords, although very often you can go as high as 32.
As we live more of our lives online it’s easy to get lost in all the passwords we’re forced to carry in our heads and it’s tempting to settle on something memorable that we can use for a lot of sites/accounts. But the following should come as a real
As we live more of our lives online it’s easy to get lost in all the passwords we’re forced to carry in our heads and it’s tempting to settle on something memorable that we can use for a lot of sites/accounts. But the following should come as a real warning:
“Yesterday, it was reported that wannabe VP Sarah Palin’s Yahoo account was hacked by a perpetrator wishing to find incriminating information in her emails. It was not done using some strange computer security vulnerability. It was not done by guessing her password. It was done just inthe same way as Paris Hilton’s T-Mobile account was hacked some time ago: by guessing the answer to the respective owner’s security questions. For Paris Hilton, it was the name of her dog. For Sarah Palin, it was her zip code, date of birth, ad where she met her husband.
How hard is it to learn somebody’s zip code? Not that hard.Try the whitepages. Date of birth? Easy for a public figure – try Google. This will take you less than a minute each. Now, we know that Sarah Palin and her husband were high school sweethearts. The answer to this question turned out to be “Wasilla High School”. All in all, it took the reported hacker less than 45 minutes to break into the account. In fact, using your pet’s name appears more security conscious than using zip code, date of birth and where you met your spouse.”
This goes for personal as well as professional accounts. We suggest using long, non-word passwords, which may even include characters like ^#& and odd, perhaps even incorrect answers to security questions. These of course are not memorable, but there are many programs out there that will store them for you and your Web browser does too; Firefox is particularly good with handling passwords, although I’d suggest keeping them in another secure program as well (if you want suggestions for password storage programs, just drop me a line and be sure to mention if you’re on a mac or pc). Also think about changing your most important passwords from time to time. Organizations should have a formal protocol for this.
There is hope for our increasingly overloaded info-age life. Standards are being created to both increase security and make access easier. Some of those are very high-tech, but one standard, OpenID seems to be catching on widely. OpenID, according to Wikipedia is a a service that “allows Internet users to log on to many different web sites using a single digital identity, single sign-on, eliminating the need for a different user name and password for each site.” I’ve been using it for a year or so at least and like the layer of security and relative simplicity, but it takes adoption by myriad Web applications and Web sites to be useful and we’re not there yet. Some of the services that use OpenID are Blogger, a free blogging service (owned by Google) and Basecamp, a project management system.
Google reports today that they are rolling out offline access for their Google Docs application and that will be just the first as they utilize their Open Source browser extension Google Gears to download and upload data from your hard drive to the Web in the background. This will allow you to
Google reports today that they are rolling out offline access for their Google Docs application and that will be just the first as they utilize their Open Source browser extension Google Gears to download and upload data from your hard drive to the Web in the background. This will allow you to use Google docs (and in the future other apps, I’ve already seen it in use on a nifty to-do app called Remember the Milk) whether or not you’re near an internet connection.
According to Macworld “Google has lofty aspirations that Apps – with Docs in tow – will extend its reach into medium-size and large companies, and to that end has been boosting its security and administration features, particularly in its fee-based Premier version.”
This is good news because I believe one of the major hurtles Web-based applications have to overcome is availability (at least until every corner of the earth has Wi-fi or its next iteration). Although the aggressively functional Zoho suite of online apps offers offline access, it’s Google’s success that will drive the industry toward Web apps. As offline access becomes a typical feature, adoption of online apps will widen and developers will be able to create better and more varied applications.
The key to Web-based applications is not just the convenience of never having to synch devices or being able to collaborate with teams (or coordinate with family), but the ease with which data can be used from one app to enhance another – say for instance, you could pull financial data in from an accounting app and manipulate it in a spreadsheet app, without downloading or synchronizing. It remains to be seen exactly how the new functionality will handle this “mashed up” data, but as with all of this technology, it’s a work in progress.
Wired reports that Google is finally upgrading the resolution in which they encode videos. The Wired piece is geared toward viewers, but if you use Youtube to get your trailers etc out to the world it’s good news to know that you won’t have to compromise quality. Still the best bets
Wired reports that Google is finally upgrading the resolution in which they encode videos. The Wired piece is geared toward viewers, but if you use Youtube to get your trailers etc out to the world it’s good news to know that you won’t have to compromise quality. Still the best bets for quality videos are Blip.tv and Vimeo or Viddler.
Hardly exciting to write about Gmail after it’s been around for years now and has millions of users, but despite having a Gmail address dating from when you had to get invited and wait for one, I’ve only really just embraced it. Here’s why: Spam filtering, tagging, easy
Hardly exciting to write about Gmail after it’s been around for years now and has millions of users, but despite having a Gmail address dating from when you had to get invited and wait for one, I’ve only really just embraced it. Here’s why: Spam filtering, tagging, easy filters, and very fast search – to start.
The life of someone who gets hundreds of emails every day just got easier and I just uploaded over 6,000 messages from Apple Mail into my Gmail account (if you want to know how I did it, just drop me a line at budparr AT gmail DOT com). Bye Bye Apple Mail, I’ve moved to “the cloud.”
I have quite a few email accounts, one for personal, one for business and others for various projects. It wasn’t until I thought of using them all through the Gmail client that I started my love for Gmail. Now they all get the benefit of filtering, tagging, spam filtering and search and I get them through my iPhone via my one Gmail IMAP set up so I no longer have to check each account individually and changes there (read mail, etc) are automatically reflected on my computer.
So, access is big – Whether I’m on my iPhone, my computer, or any computer I’m looking at the same thing without any synching (I’m an anti-synchite).
The filters, which I always struggled with in Apple Mail are simple and fast, but the search function works so quickly that you only need them for all but your most common emails. The tags are so easy I’m tagging everything now (I’ve gone a little tag crazy like an administrative assistant on his first day with post-it notes).
Apple Mail’s spam filtering was okay, but never really kept up with things. Gmail’s is actually pretty amazing.
Searching, at least for the six thousand message I have (only 4% of my allotment), is very fast. I do try to delete unnecessary messages as they come in, both to keep my space clean and my search results better.
Keyboard shortcuts – learn ‘em. Navigating email is faster.
Gmail is a Web app, meaning that I get improvements as they hit without having to think about updates (why should I ever have to think about updating my software?).
Gmail is smart: Integration with the Gmail Calendar program is nearly seamless to the point it’s almost scary. It detects events in your emails (the same way it tries to present contextual ads) and asks you if you want to add to your calendar.
Integration with contacts (which in and of itself is not fully fleshed out yet) is also pretty clean. When you look up someone in your contact list or even just hover over their name in the inbox you can click to see your “recent conversations” with this person, either “to” or “from” them, something I’d have to set up in Apple Mail, which does either, but not both without setting up a smart folder. I don’t know how “recent” is defined, but for example, if I filtered to see conversations with my friend Mitch, it would list “1-20 of hundreds” etc.
It also integrates with Google Reader, another app I’ve come to rely on (more anon).
What I don’t like about Gmail
1) Ads. But as everyone knows, when you look at them every day you tune them out.
2) It’s a little scary having your life sitting on someone else’s servers (I have another post in store on that).
3) And, related to that, the potential for security leaks, the potential for government access (which, at least in principle is disturbing, although I don’t know how much of a threat that is). If I had concerns for critical data loss, I’d probably run a backup copy on my computer, but that’s not an issue for me.
4) Apple’s Mail handles attachments much more seamlessly. Nice when you’re sending photos, but I do that less because I use Flickr and other services now.
5) On the Mac, clicking a “mail-to” link doesn’t work. This is something that’s broken, so I suspect it will be fixed in time.
Enough Already
I haven’t even really gotten into the chat function, but I probably should and I’m sure there are other things to talk about. The only reason I post about Gmail at all is that I suspect a lot of other independents like me spend a lot of time grappling with an overload of email and I’m also going to be writing about Google Apps soon, so this, you might say, is an entry into that subject.
p.s.
The title of this post is an elliptic reference to Nabokov’s memoir, “Speak, Memory”. Email becomes for many of us a form of technological memory, recording events and conversations accessible in far more linear and accurate ways than the human memory.
I just upgraded to Leopard, the latest version of Apple’s operating system. I didn’t think too much of the highly touted “300 new features” but one thing put me over the edge: Fluid.
One of the best things about Leopard is that you can use an application called
I just upgraded to Leopard, the latest version of Apple’s operating system. I didn’t think too much of the highly touted “300 new features” but one thing put me over the edge: Fluid.
One of the best things about Leopard is that you can use an application called Fluid, which allows you to create separate and independent browsers for Web apps. I suspect that it won’t be long before something like this is integrated into Safari because if anything seems clear to me at all in this brave new internet world it is that applications are moving online. The benefits are clear: 1) the ability to easily collaborate or share; 2) the ability for developers to seamlessly improve applications and respond to market demand; 3) The ability to use your data from one application in another; 4) the ability to access your data from any device without having to sync up.
If you’ve ever gotten your email online in Squirrel Mail or AOL or Gmail, then you’ve used a Web app, but those instances are only the beginning. Google is the exemplar here (though not alone – see Zoho) with their Google Docs, including spreadsheets, documents and presentations, all easily shareable among groups just like their calendar and the wiki pages built into Google Groups. What Fluid does is allow you to segregate those online applications into their own browser window completely independent of the one you use for actual browsing. To someone like me who is highly dependent upon Basecamp and Backpack for their workflow this seemingly small thing is a boon to the way I operate.
Synching between computers is (soon to be) dead
I’ve also given up on using Apple’s Mail and iCal programs – as compellingly elegant as they are – for the far better designed (functionally speaking) and more quickly evolving Gmail and Google Calendar. Synching is dead and Apple’s products are built upon a cumbersome model of uploading and downloading across users and computers. I get email from all of my addresses (4 or so for my various projects) and I can much more easily share calendars, at least with anyone willing to have a Google account.
This stuff is merely the beginning because with Web based apps you also get something developers call the API, which essentially opens up your data from one application to be used in another. Easy example is how I have my Google calendar embedded in another application (Backpack) that I keep all my to-do lists and notes in.
Now, truth is, Apple isn’t really all that behind the times. They have a Web-based version of their mail program, although you have to pay a membership fee to use it and functionally it’s still old school, but most importantly, I think the introduction of the iPhone, which primarily relies on Web-based apps for non-core functionality, and their super-thin and highly coveted by this tech junkie MacBook Air signifies that all you really need is a to get on the Web. Personally, I’m moving to “The Cloud” as techies call it and I’ll be writing more about that here soon.
As we live more of our lives online it’s easy to get lost in all the passwords we’re forced to carry in our heads and it’s tempting to settle on something memorable that we can use for a lot of sites/accounts. But the following should come as a real warning:
Hardly exciting to write about Gmail after it’s been around for years now and has millions of users, but despite having a Gmail address dating from when you had to get invited and wait for one, I’ve only really just embraced it. Here’s why: Spam filtering, tagging, easy filters, and very fast search – to start. 
Integration with contacts (which in and of itself is not fully fleshed out yet) is also pretty clean. When you look up someone in your contact list or even just hover over their name in the inbox you can click to see your “recent conversations” with this person, either “to” or “from” them, something I’d have to set up in Apple Mail, which does either, but not both without setting up a smart folder. I don’t know how “recent” is defined, but for example, if I filtered to see conversations with my friend Mitch, it would list “1-20 of hundreds” etc.
I just upgraded to