For the past couple of years, RSA Security has conducted a password management survey. The last survey involved over 1,300 business professionals.

Eighteen percent of respondents managed more than 15 passwords, although only five percent could easily remember that many. Thirty-six percent of respondents managed between six and 15 passwords.

Between personal and work, I manage hundreds of passwords. I have a separate password manager with a master key to keep track of them all. Some folks like KeePass for their desktop clients, Clipperz for online. I use YoJimbo for the Mac. Most of my passwords are static and relatively unimportant if compromised (e.g., my social bookmarking website account). Some passwords need to be constantly updated and are very significant if compromised (e.g., my bank account).

I had one of my passwords change on me today. The password policy for this particular account is to force a change every month and a history is maintained, going back at least a year, to ensure that I do not reuse passwords or perform incremental passwords. The password must be at least 8 characters and it must include a numeric. So the password Forget01 might be okay for month 1, but Forget02 will be rejected in month 2.

For the first few months, this drove me nuts. How can I create strong passwords that are easy to remember?

One approach is to use the current month and year and get creative:

JanYouAiry200Sevn, FebYouAiryOh7, MarrCh2kseVn, EhPrill07, MayTwoOhOh7

Another approach is taking two words that are easy to remember, and blending them:

“blue coat” creates 1bclouaet or taoc.eulb.1

And yet another approach is to take a city and substitute symbols for vowels and then concatenate with another word or location:

Toronto with Ontario creates T*r*nt*.*nt@r!*
Montreal with Quebec creates M*ntr&@l.Qu&b&c

With so many possibilities, I find myself now looking forward to a password change. And, as long as I write the password on a PostIt and stick it on my computer screen, I will always remember it.

The Department of Computing Science at the University of Alberta solved checkers.

Checkers has a search space of 5×10 to the 20th power. That is a really, really big number. How big? 500,995,484,682,338,672,639 possible board configurations. From 1989, dozens of computers were put at work to solve the game. And in April of 2007, they solved checkers.

The computer program cannot lose, resulting in either a victory or a draw. I guess the American Checker Federation won’t stage any more human-computer matches.

You can learn about the Chinook project here.

Governments and companies go to great lengths to ensure that people can be monitored. Wikipedia has a great article on lawful interception here.

Most large companies routinely monitor email traffic ostensibly to ensure that the enterprise is not being compromised by the inappropriate release of insider information.

It looks like blogs and wikis are new targets.

Techrigy offers a service called SM2 which creates an index of what it finds and a catolog of company violations.

From their website:

As blogs and wikis spread throughout enterprises, organizations must deal with compliance and risk-management issues that are created from communications through these media. Not only are employees communicating through these media at work, but they are also doing so at home. Is your organization aware of what employees are communicating through blogs and wikis? Are communications through these media that are affiliated with the organization or company being monitored for liability risks and being retained in case of litigation?

Techrigy”™s SM2 is an enterprise”“level management tool that helps organization control and monitor blogs and wikis that employees are utilizing. SM2 discovers and inventories all blogs and wikis being used in an organization, records these communications and monitors them for risks and liabilities.

SM2 can help your organization implement and utilize social media by providing a tool for monitoring these media and enforcing your organization’s compliance policies.

Software to clamp down on bloggers. So much for freedom of speech. Yet another reason to never blog about work.

InformationWeek reported on some informal research comparing Facebook users against MySpace users. From their article:

Since Facebook opened up last September, ongoing press coverage of MySpace as a dangerous place and Facebook’s positioning as a home for those with elite aspirations have help create a socioeconomic divide between the two sites, argues Danah Boyd, a Ph.D. student at the School of Information Sciences at University of California at Berkeley.

“The goodie two shoes, jocks, athletes, or other ‘good’ kids are now going to Facebook,” Boyd observes in an essay titled “Viewing American class divisions through Facebook and MySpace.” “These kids tend to come from families who emphasize education and going to college.”

Facebook appeals to the ruling class, as Boyd sees it.

“MySpace is still home for Latino/Hispanic teens, immigrant teens, ‘burnouts,’ ‘alternative kids,’ ‘art fags,’ punks, emos, goths, gangstas, queer kids, and other kids who didn’t play into the dominant high school popularity paradigm,” Boyd insists. “These are kids whose parents didn’t go to college, who are expected to get a job when they finish high school. These are the teens who plan to go into the military immediately after schools.”

Although just as informal, I am pleased to report that Facebook folks use Macs and MySpace folks use PCs. Perhaps InformationWeek will publish that finding which I am sure is just as solid a piece of research as Danah Boyd’s work.

Amazing the nonsense that gets published in the media.