Password Security - Lock It Down!

By now, most people are aware of the concept – and the importance – of having strong passwords. Generally a strong password is one that is difficult for an individual to guess or a system to crack. There are too many instances where security has been breached and in the case of a corporate breach in security, this is a big problem as confidential client information can be exposed and obtained.

One of the bigger challenges is how to make passwords stronger without making it more difficult to remember.

Intel has a website[s1] where you can enter a password and it will estimate how long it would take for the password to be cracked given the complexity of it.

In a simple case, take the password Twinkletoes76. Many would think that this is moderately strong as it’s not a dictionary term and the numbers at the end just add to the complexity. The Intel webpage (http://www.intel.com/content/www/us/en/security/passwordwin.html) estimates that this password would take 0.007 seconds for an automated system to crack.

Please note that the password(s) that you enter are not sent to their servers, or stored online anywhere, the calculations are strictly done via your local browser.  Still, they recommend making slight changes to your password for safety's sake.

The next approach in password generation is to embed special characters in the password and substitute these characters for the alphabetic characters in the password. Using the same base password as above, by simply changing the letter i to the number 1 and changing the l to an exclamation mark, then the new password of Tw1nk!etoes76 all of a sudden becomes much more secure and it would take a week to crack.

Here is where it gets fun.

A special character can be inserted in the password and it will not make it much more difficult to remember but it will significantly improve the strength. By placing a @ between the 1st and the 2nd characters so that the password is now T@w1nk!letoes76, the estimate is that it would take 1 year to guess the password.

Finally, to supersize the strength, just repeat that newly inserted special character and repeat it either one of more times so that the password is now either T@@w1nk!etoes76 or T@@@w1nk!etoes76 (with 2 or 3 @ signs respectively) and the estimates increase to 33 years for the former and 1,076 years for the latter!

In terms of memorization, it’s no harder for a human to remember the very last password than the original. Cognitively, we recognize that it’s still twinkletoes76 with character substitution with the i and the l and with 3 @ added in to the strong.

Digitized Immortality

Despite a certain appeal to the thought of being immortal, the stark reality is that time stops for no person and there are a plethora of reasons as to why immortality isn’t such a good idea.

The true “immortal” is the impact that our lives had on others and the memories and the love that we leave behind. Hopefully, these imprints of our passed life will comfort our loved ones as they recall certain aspects of our lives.

In this respect, our immortality transcends a physical body, the container as it were. I personally would never be interested in true physical immortality. I’m much more concerned with living my life in a manner that will hopefully impact others, so that my influence on part of this world will not end when I do.

I then think about how this somehow relates as it’s the person who we are that dictates how people perceive and remember us. When remembering someone who has passed before us, we may recall the physical characteristics, but it’s the person that we miss; the kindness, the love, the touch and the laughter.

Although our online personas rarely reflect our true character, for most of us, they are generally representative of who we are and how we have chosen to live our life. For the most part, our digital alter-egos are free of the trappings of the physical bias that one might have in the “in person” world.

One of the benefits of technology in terms of cultivating relationships is that we can interact with individuals in different geographic locations that simply can’t be done as easily in the “real world”. As a result, it’s possible to build more relationships than might be possible in person. In addition, we may have an in person friend or family member who is abroad and technology can be a wonderful medium to stay in touch and in this respect; technology can enable us to improve the quality of our relationships.

I was amazed to read an article on wills recently that dealt with this topic and it’s something that I hadn’t considered. In addition to the normal instructions on disposition of assets, many wills now contain specific instructions for notifications for accounts, in addition to containing email and social network passwords so that the deceased individuals “electronic estate” can be wound down as well, including not only social networks but other sites where credit card information is stored (including those where there are automatic renewals).

Mind you, the biggest problem for me would be to somehow figure out what websites that I have a login. I recently went to buy tickets at Ticketmasters and completely forgot that I had a previously setup account. Accounts such as this, I wouldn’t be too concerned if they lived on long beyond me, but there are some others such as my online art ‘portfolio’ that I’d rather have instructions for it to be closed. Somehow, my artwork is very personal to me and I don’t like the thought of it being accessible in perpetuity.

I was also reminded recently when discussing this topic that one of the other problems with these digital identities and why they need to be “wound down” is that if they are not, it may lead to more identify theft, as the person who would normally monitor their online identify, obviously can’t do so anymore.

Doing the Math, That Would Mean Approximately 99,999,900 Unhappy Users...

...as Microsoft has announced that they've sold 100,000,000 copies of Windows 8.  I'm sure it's not a stretch to think that perhaps that there are 1,000 happy users out there.

Signed

- A Disgruntled Windows 8 User

The World is at Your Feet

I was watching TV this afternoon and saw a commercial for an athletic apparel company and their slogan is "The World is at Your Feet".

I immediately thought of technology and with all of the good of it, the bad is that it encourages and seduces us to be virtual.

As soon as I finished watching this commercial, I thought that if I appended the saying to be "The World is at Your Feet, Not Your Fingertips", this would be a perfect slogan for TecHumanity.

Almost makes a fella want to go out kayaking or something.  Okay, maybe not, maybe we start out with taking the dog out squirrel-hunting - that'd be a start!

The Elephant In The Room

Read a very interesting article yesterday that PC sales are down significantly across the board and it's believed that the reason why is that Windows 8 is the main reason why and that many people are just migrating to tablets.

I am not convinced that there is a direct correlation between the two and it could be anecdotal but it does seem clear to me that Windows 8 definitely isn't taking the world by storm.

It seems to me that technology in terms of significant computing is at a crossroads as the industry tries to decide what our platforms will be.

I still remain very pessimistic about tablets becoming the de-facto hardware in business and heavy home usage.  If it does, then I will certainly buy stock in firms relates to products that alleviate Repetitive Strain Injury as this will be a very high growth sector.

The Vestigial Tale of Technology

ves·tig·i·al  

/veˈstij(ē)əl/

Adjective
1. Forming a very small remnant of something that was once much larger or more noticeable: "he felt a vestigial flicker of anger".

2. (of an organ or part of the body) Degenerate, rudimentary, or atrophied, having become functionless in the course of evolution.

Evolution of species is pretty much all about the development of features and body parts that enable that species to grow and become more sophisticated. An example of this would be the opposable thumb which humans and some primates have developed and has been paramount in the development of the species as it has allowed us to hold tools and therefore to build.

Similarly, there are others that are no longer required during the evolution of the species. Evolution has also decided that a species shouldn't expend energy on parts of the body that are no long needed in which case, the body part of feature becomes less significant.

Scientists believe that at all mammals had tails and that as these species evolved their need for a tail was eliminated. Through countless generations, the tail shrank until now; it’s believed that all mammals have a remnant of it – just a nub at the base of the spine that is referred to as the Vestigial Tail.

Recently, I was out with a friend and we were talking about technology and how it impacts our lives. One of the things that I mentioned to her is that one of my concerns with technology sometimes is that it becomes difficult for us to do things on our own and in some cases, we never adapt skills that might be useful as technology does it force us and we’re never forced to learn.

I’ve never learned how to drive a manual transmission because I've never needed to. Here in Canada, I’ve never had a problem getting a car with an automatic transmission. I was stymied when I went to Cuba last year and I just didn’t bother renting a car as they were all manual transmissions. The other example that I was discussing was my concern with these self-parking vehicles. It’s great that they will automatically parallel park but for the novice driver, it makes them completely dependent on a self-parking car because they do not have the skills to do so on their own. Since technology provides this function, there’s no need to learn the fundamental skill. This in turn can inhibit the growth and development of basic skills.

There are many other aspects of our lives where the technology has clearly made our lives easier but by the same token, our lack of ability to perform a task manually will impede us. I made reference to this anecdote in an article a couple of years ago but it completely gets my point across. I was in a store a couple of years ago making a minor purchase, the cost was something like $4.72 so I handed her a $5 bill. The cashier, who was an adult, was perplexed as to what to do as the till was down. She looks at my $5 and the price tag and then the moment of brilliance crosses her mind and she whips out a solar powered calculator to figure out the change. I was stunned that an adult was incapable of such a basic math exercise.

As technology advances it does wonderful things for us. It calculates much more accurately and quickly than I ever could; I still remain concerned which of our skills may become akin to the vestigial tail as a direct result of technology.

I suppose that there would be those that argue and say that these skills are old school and not worth worrying about. Perhaps they’re right. I don’t know how to use an abacus and in all of my years, I can’t remember one time when I said to myself “gosh, I REALLY wish I knew how to flip these beads on this abacus!”.

That having been said, old school is old school, I suppose. I best be more concerned about being the dog that’s able to learn new tricks than to be overly concerned with any technological vestigial tales.

Password Security

I had an experience today which has really caused me some concern with regards to security.  A received a notification from Yahoo stating that one of the email addresses that I do not use was breached, that there was a successful login.  My very first thought is that this was a scam trying to get me to click through on the links to get my password.

I opened up a new tab in my browser and manually went to the Yahoo Mail page and opened up my email.  Sure enough, it was obvious it had been comprised as there were emails in my Sent folder that I did not send.  As a matter of fact, I probably hadn't logged into that email in months.

I'm not so concerned with this email address and I may eventually shut it down, it's basically just a 'portal' to create a Yahoo Messenger account with a little more privacy.  The bigger question is how did this breach happen.  Now, I will say this, the password that I used for this email was a very standard password that I had used in the past on other sites.  However, there would be no way for someone to tie this email account to me, so it's not as if someone knew this password, that they'd be able to associate the password with this email address.

The second thing that I thought of was that maybe I had malware on one of my computers and it had captured the password as I had typed it in and silently emailed it out.  However, it's not that either, as I don't use the email address and probably hadn't logged in, in the past few months.

I then thought that maybe it was a brute force attack using software to generate passwords from the dictionary, but I don't think that's it either, as after a certain number of unsuccessful attempts, the account would have been locked.

I come back to someone, somehow knew not only my password but also the email address which normally wouldn't be associated with me.

This is more than a bit concerning. I think that I will need to go through my login ID and clean them up and start taking password security a little more seriously.