Tag Archive for: technology

Managing Passwords

For the past couple of years, RSA Security has conducted a password management survey. The last survey involved over 1,300 business professionals.

Eighteen percent of respondents managed more than 15 passwords, although only five percent could easily remember that many. Thirty-six percent of respondents managed between six and 15 passwords.

Between personal and work, I manage hundreds of passwords. I have a separate password manager with a master key to keep track of them all. Some folks like KeePass for their desktop clients, Clipperz for online. I use YoJimbo for the Mac. Most of my passwords are static and relatively unimportant if compromised (e.g., my social bookmarking website account). Some passwords need to be constantly updated and are very significant if compromised (e.g., my bank account).

I had one of my passwords change on me today. The password policy for this particular account is to force a change every month and a history is maintained, going back at least a year, to ensure that I do not reuse passwords or perform incremental passwords. The password must be at least 8 characters and it must include a numeric. So the password Forget01 might be okay for month 1, but Forget02 will be rejected in month 2.

For the first few months, this drove me nuts. How can I create strong passwords that are easy to remember?

One approach is to use the current month and year and get creative:

JanYouAiry200Sevn, FebYouAiryOh7, MarrCh2kseVn, EhPrill07, MayTwoOhOh7

Another approach is taking two words that are easy to remember, and blending them:

“blue coat” creates 1bclouaet or taoc.eulb.1

And yet another approach is to take a city and substitute symbols for vowels and then concatenate with another word or location:

Toronto with Ontario creates T*r*nt*.*nt@r!*
Montreal with Quebec creates M*ntr&@l.Qu&b&c

With so many possibilities, I find myself now looking forward to a password change. And, as long as I write the password on a PostIt and stick it on my computer screen, I will always remember it.

Goin’ Phishin’

McAfee has an interesting phishing quiz here. I scored 9 out of 10 so I am a Safety Guru.


The Department of Computing Science at the University of Alberta solved checkers.

Checkers has a search space of 5×10 to the 20th power. That is a really, really big number. How big? 500,995,484,682,338,672,639 possible board configurations. From 1989, dozens of computers were put at work to solve the game. And in April of 2007, they solved checkers.

The computer program cannot lose, resulting in either a victory or a draw. I guess the American Checker Federation won’t stage any more human-computer matches.

You can learn about the Chinook project here.

Flying PCs

This story has crossed all of the mainstream media wires:

A German man became so frustrated at his computer that he threw it out of his window, and the police reaction was essentially “we understand”?.

A classic comedic antic was brought to life when the 51-year-old man said he became “annoyed”? with his computer. He hurled it out his window in the middle of the night on Saturday, waking up his next door neighbors.

A spokesperson for the German police summed it up by saying, “Who hasn”™t felt like doing that?”?

The angered PC user did have to clean up about a half block”™s worth of shattered computer parts, but no police report was filed.

Perhaps what is so sad is that most folks can relate to this story. I had a similar reaction this morning as I spent 45 minutes watching my Windows box download “critical updates” and restart several times.

Freedom of Speech

Governments and companies go to great lengths to ensure that people can be monitored. Wikipedia has a great article on lawful interception here.

Most large companies routinely monitor email traffic ostensibly to ensure that the enterprise is not being compromised by the inappropriate release of insider information.

It looks like blogs and wikis are new targets.

Techrigy offers a service called SM2 which creates an index of what it finds and a catolog of company violations.

From their website:

As blogs and wikis spread throughout enterprises, organizations must deal with compliance and risk-management issues that are created from communications through these media. Not only are employees communicating through these media at work, but they are also doing so at home. Is your organization aware of what employees are communicating through blogs and wikis? Are communications through these media that are affiliated with the organization or company being monitored for liability risks and being retained in case of litigation?

Techrigy”™s SM2 is an enterprise”“level management tool that helps organization control and monitor blogs and wikis that employees are utilizing. SM2 discovers and inventories all blogs and wikis being used in an organization, records these communications and monitors them for risks and liabilities.

SM2 can help your organization implement and utilize social media by providing a tool for monitoring these media and enforcing your organization’s compliance policies.

Software to clamp down on bloggers. So much for freedom of speech. Yet another reason to never blog about work.

Worst Websites in the World

I came across an interesting article which listed the 25 worst websites. Unfortunately, I have used a few of them and I was also familiar with several others. You can check out the list here.

The ones that I have used include hotmail and Windows update. Hotmail made the list because of the inordinate amount of spam that it generated. I gave up on hotmail as I would generally receive hundreds of spam messages a day. Life is too short to search for a valid email buried amongst hundreds of junk messages.

Windows update made the list because it is a cryptic and difficult site to use. Oh, and you can only use Internet Explorer for this site. Because that is the only browser used on the web.

BonziBuddy was downloaded on one of my kid’s machines. What a nuisance. Adware, hijacked homepages as well as stealth tracking of surfing. Reinstalling Windows was the action I took to purge the machine.

The one that I remember most was CD Universe. From the article:

In December 1999 a Russian hacker named Maxim broke into the music retailer’s site, stole 350,000 credit card numbers, and then demanded $100,000 in ransom. When CD Universe refused to pay, Maxim posted 25,000 of the numbers to a website. At the time, CD Universe was owned by eUniverse, which combined its site and its customer database on an unprotected server. “Basically, they put the candy jar in plain sight and left the cover off,” says current CD Universe owner Chuck Beilman. “It was only a matter of time until someone stole the candy.” CD Universe’s customer database is now separate from the website, encrypted and protected by a firewall.

Facebook and MySpace

InformationWeek reported on some informal research comparing Facebook users against MySpace users. From their article:

Since Facebook opened up last September, ongoing press coverage of MySpace as a dangerous place and Facebook’s positioning as a home for those with elite aspirations have help create a socioeconomic divide between the two sites, argues Danah Boyd, a Ph.D. student at the School of Information Sciences at University of California at Berkeley.

“The goodie two shoes, jocks, athletes, or other ‘good’ kids are now going to Facebook,” Boyd observes in an essay titled “Viewing American class divisions through Facebook and MySpace.” “These kids tend to come from families who emphasize education and going to college.”

Facebook appeals to the ruling class, as Boyd sees it.

“MySpace is still home for Latino/Hispanic teens, immigrant teens, ‘burnouts,’ ‘alternative kids,’ ‘art fags,’ punks, emos, goths, gangstas, queer kids, and other kids who didn’t play into the dominant high school popularity paradigm,” Boyd insists. “These are kids whose parents didn’t go to college, who are expected to get a job when they finish high school. These are the teens who plan to go into the military immediately after schools.”

Although just as informal, I am pleased to report that Facebook folks use Macs and MySpace folks use PCs. Perhaps InformationWeek will publish that finding which I am sure is just as solid a piece of research as Danah Boyd’s work.

Amazing the nonsense that gets published in the media.

Kevin Ham

A friend passed me this link to an article about Kevin Ham. Turns out that a number of people have made a fortune out of trading domain names. I wasn’t even aware that sites like this one are up and running auctions.

In Ham’s case, he is now making money from ad clicks on misspelled domain names like http://www.newyorktimes.cm. If you click on that link you arrive at agoga.com which is a site that serves up Yahoo ads.

The article also has a number of profiles on individuals making money from, well, nothing really.

One of them works from his estate in the Cayman islands trading domain names and spelling mistakes.

What a world.