Friday, March 5, 2010

passwords

We all have far too many passwords to remember, goes without saying.

Then there are the irritating sites that require high security passwords for uses that are clearly not of high security for us individually, for example twitter vs. your bank.  REALLY!  I know twitter gets hacked a lot and it is a big fat hassle for them, but honestly, they're more uptight that the banks!!!!

Due to a recent massive virus attack at work I have been forced to update the passwords I have everywhere and I have also been forced to increased their security.

This has tipped me over the balance of password happiness.   Isn't that precious of me?

 I have been gradually increasing their security, as the IT types want us all to do.  No longer the simply easily remembered word. Back in the good old days we could use our kid's middle name and be done with the beast.  No,  I moved onto longer words; you know, middle name of both kids put together in chronological order; then onto longer words with associated numbers. Then you move to increasingly difficult to guess items.  Kids are out now, you've got to go with an anagram of the name of the salesman that sold you your second car or something equally stellar.

 Now I have added capitals and non-numeric, non-alphabetic symbols as well.  This proved extra challenging as I have to use the same passwords on both Spanish and English keyboards and some keys are easy to locate on one board, but hidden or unclear on another.  Finding one that had both some logic and was easily locatable on both boards took some time.  My personal favourite, and I wonder who dreamed this up is the dash/bottom of the line line, you know, these: - or _ .  HOW can I remember which is which on the keyboard????

I just went to log into facebook and decided it wasn't worth the hassle of typing in the password.  The stupid thing is enormous and there are so many keystrokes.  There must be a better system, no?

I went to change the password on my stat counter site and they didn't accept my non-numeric, non-alphabetic symbol of choice.  I had to invent a separate password for that site alone, a sure guarantee that I will never be able to get in again without going through the entire 'I've lost my password' e-mail saga.....

I have heard of people that have used complex formulas based on the date and page numbers of books they are reading at that time.  Pity those who work in industries where they have to change the password on a weekly basis.

Or, the rotating password horror.  People who have a stable of passwords that they spin around and around as the weeks pass, sort of a modern day pony express.  The poor ponies gradually working their way across the continents or shuttling back and forth eternally between the same few changing stations.

Sometimes I think that virus writers are actually the marketing departments of anti-virus software companies, no?  Either that or they are mad scientists trying to bring about the end of civilisation as we know it by creating the simultaneous melt down of all computer literate people caused by the crashing of our neurological systems under a weight of unrememberable passwords.


BWAH HAH HAH HAH HAHHHHHHH!!!!!!!!!!!!!!!!!!!!

10 comments:

mmichele said...

Passwords are the bane of my on line existence.

Lynda said...

Drive me insane.. especially the ones where they force you to use all manner of weird and wonderful. I recently had the same problem as you when I was using a german keyboard.. I couldn't put in my password.. because I couldn't find the key!

Beth said...

Shhh...don’t tell anyone but I have to write down all my passwords in a little book. Which, of course, is very well hidden. ;)

What the heck are we all going to do as we get older and our memories get poorer? I won’t even remember where I hid the book.

The Bodhi Chicklet said...

I'm with you, I'm forever hitting "I forgot my password" for different sites. How on gawd's green earth are we supposed to remember all our passwords and pin numbers? AND change them regularly. Stretched to the impossible.

elpadawan said...

If you have a look there: https://www.opends.org/wiki/page/PasswordPolicyFeatures you'll see that there is a standard and unhealthy amount of parameters that are commonly accepted for constraints on a password. One crazy example would be "must be between 10 and 20 characters, mixed of at least 3 letters and 3 non-letters, different from the last 10 passwords that you had in the last year, must differ from the previous password from at least 5 characters, has to be changed after one week, cannot be changed twice in a day, and your account will be locked for 30 minutes if you put the wrong password thrice in the same minute, and locked for good if you put the wrong password five times in a row".

Good luck with that. I think the whole crazyness, even for "not so important websites" comes from the fact that people usually try to keep the same password everywhere, so if you hack, say a twitter account, then there are good chances that you also discovered the password for that person's email account, opening the door for even more passwords.

Personnally, I use words that I can remember, uppercase some letters, and replace random others with numbers. for example: orenetaaground would become oR3net4Agr0unD. Voilà. You're secured. And also, I use firefox to remember my passwords, the list of passwords itself being encrypted with a "master password", that I keep as secure as possible. But hey. This way, only one master password to remember for all my websites.

oreneta said...

Mmichele...oh oh oh oh oh, you said it honey.

Lynda, they are evil aren't they. If there were some international code for weird demands, but no!

Beth, my boss came into work today, and she can't find her little book, hasn't been able to for days.......I would have changed all the passwords right then and there and started all over again. She didn't. NOT MY PROBLEM. Well, not yet.

Bodhi, doesn't rank as something I really want to spend my day doing.

ElP, you are, as always, a breath of wisdom and reason. It is true that many folks use the same passwords for many things, I was talking to a woman the other day and she and her husband BOTH have only one password for absolutely everything!!!!

Taking it too far. I like your idea of the SMS lingo, but most hackers are probably young and might think of that no? Protection from the geriatric? You let firefox remember your passwords???????? REALLY???????

That always seemed to me to be the height of folly!!!

Please, explain further!

elpadawan said...

The thing with mixing case and replacing letters by numbers is that it makes it much more difficult for hackers to use "dictionaries". You can document yourself about "rainbow tables" if you wish, but so far, it's generally accepted as unsafe to use a password that uses only letters and less than 8 characters, because even from the "crypted" version of your password, it's almost easy as pie to find it out. When you mix the case and replace letters with numbers, it makes brute force attacks much more difficult (your common hacker will not try to guess your password based on you especially, because he doesn't know you in particular. he/she will use dictionary based attacks, or brute force attacks, using all possible passwords to try to find out what's good.)


For the firefox password manager feature, it uses two-way encryption algorithms to save your usernames and passwords on the computer, the "key" for encrypting/decrypting being your master password. The algorithm in use is deemed secure until 2030 by the US government. Provided you use a complex enough "master password", you're pretty safe. Of course, this is assuming you're on your home computer, not on some "shared by thousands" computer. Firefox being Free Open Source Software, one would assume that if they provide any "password saving" feature, and the source code for the implementation of the feature is publicly available, they would use secure algorithms for encrypting the data, wouldn't they? Otherwise it would be to easy to break the encryption and get your hands on the passwords list.

oreneta said...

ElP....I followed that, and I am impressed with myself that I did! My biggest problem is that I have to use so many different computers in so many different places, indeed on different continents....and the IT guys at my work here are, forgive me, but they are ABSOLUTE CLOWNS. Honest to god I could almost do better myself. First of all I would get rid of the hard drive from the 80's that they are scamming my boss with....yadda yadda yadda......

ANYWAY, because of my peripatetic nature I am stuck working with the grey matter for saving passwords, and so I do try to enter some logic into it, alongside a great mass of capitals and numbers and signs....

sigh.

elpadawan said...

Then just limit the remembering to what you access from those "public" computer, and leave the rest to the "firefox at home" ;). This will serve the double purpose of disciplining yourself in the meantime, keeping you from logging onto "distraction" websites while at work. ;)

oreneta said...

hmmmm, that might just work!!!