How to choose passwords

All of us who are heavy users of computers and the internet know that we get drowned in the number of passwords we need and that it is hard to keep track of them.

James Fallows describes what he learned after his wife’s Gmail account was hacked and gives a list of suggestions for passwords.

The science, psychology, and sociology of creating strong passwords is a surprisingly well-chronicled and fascinating field. On The Atlantic‘s Web site, we will describe some of the main strategies and the reasoning behind them. Even security professionals recognize the contradiction: the stronger the password, the less likely you are to remember it. Thus the Post-it notes with passwords, on monitor screens or in desk drawers.

But there is a middle ground, of passwords strong enough to create problems for hackers and still simple enough to be manageable. There are more details on our site, but strategies include:

  • Choose a long, familiar-to-you sequence of ordinary words, with spaces between them as in an ordinary sentence, which more and more sites now allow. “Lake Winnebago is deep and chilly,” for instance. Or “my favorite packer is not brett favre.” You could remember a phrase like that, but a hacker’s computer, which couldn’t tell spaces from characters, would see only one forbiddingly long password sequence.
  • Choose a shorter sequence of words that are not “real” English words. I once lived in a Ghanaian village called Assin Fosu. I can remember its name easily, but it would be hard to guess. Even harder if I added numbers or characters.
  • Choose a truly obscure, gibberish password—”V*!amYEg5M5!3R” is one I generated just now with the LastPass system, and you’re welcome to it—and then find a way to store it. Having it written down in your wallet is one, though the paper it’s on shouldn’t say “Passwords” at the top. The approach I prefer, and use for some passwords, is to entrust them to online managers like LastPass or RoboForm. Even if their corporate sites were hacked, that wouldn’t reveal all your passwords, since the programs work by storing part of the encoding information in the cloud and part on your own machine.

At a minimum, any step up from “password,” “123456,” or your own birthday is worthwhile.

Finally, use different passwords. Not hundreds of different ones, for the hundreds of different places that require logins of some kind. The guide should be: any site that matters needs its own password—one you don’t currently use for any other site, and that you have never used anywhere else.

“Using an important password anywhere else is just like mailing your house key to anyone who might be making a delivery,” Michael Jones of Google said. “If you use your password in two places, it is not a valid password.”

I asked my experts how many passwords they personally used. The highest I heard was “about a dozen.” The lowest was four, and the norm was five or six. They all stressed that they managed their passwords and sites in different categories. In my own case, there are five sites whose security really matters to me: my main e‑mail account, two credit-card sites, a banking account, and an investment firm. Each has its own, good password, never used anywhere else. Next are the sites I’d just as soon not have compromised: airline-mileage accounts, Amazon and Barnes & Noble, various message boards and memberships. I have two or three semi-strong passwords I use among all of them. If you hacked one of them you might hack the others, but I don’t really care. Then there is everything else, the thicket of annoying little logins we all deal with. I have one or two passwords for them too. By making it easy to deal with unimportant accounts, I can concentrate on protecting the ones that matter.

Seems like good advice.

Dogs Decoded

The PBS series Nova has a wonderful program about dogs with the above title that looks at the amazing things we are learning about them. It was broadcast on October 12 and will be available for free viewing online for only a week after that. Don’t miss it, especially if you are fond of dogs.

I particularly enjoyed it because there were lots of scenes in which they showed dogs that were exactly like Baxter, the Wonder Dog.

baxter.jpg

Phasing out small shampoo bottles

Those tiny bottles of shampoo and conditioner that hotels provide would last me about two weeks but I usually stay just one or two days and I suspect that the rest will be thrown away, which seems awfully wasteful of both shampoo and plastic. Do hotels expect you to leave the remnants behind or are you doing them a favor by taking the partially used bottles with you, saving them the trouble of throwing them away? It seems vaguely wrong to take them home with me without being given explicit permission and I have personally vacillated between taking them and leaving them. It would be nice if hotels left a little note telling guests like me who worry about such trivialities what to do.

But now apparently some hotels are going to be providing full-size bottles that are refillable, so that the ambiguity is removed.
That’s a welcome development. Now if they could do something about the waste of the remnants of those little bars of soap …

Discussion on the scientific basis for justice and altruism

On Friday, September 23, I will be leading a discussion on these ideas, especially the work of Frans de Waal, Paul Bloom, and Peter Singer on the implications of the theory of evolution.

It will take place from 12:30- 2:00 pm in Nord 310B on the CWRU campus.

The event is free and open to all. Drinks will be provided and you are encouraged to bring your own brown bag lunch.

We’re #25!

At least as far as internet speeds go, just behind Romania.

If it seems extraordinary to you that the country that pioneered the internet should lag so far behind now, Tim Karr explains that the prime cause is the lack of competition here, thanks to the ability of the telecommunications giants to pressure regulators.

In the years that followed the signing of the 1996 Telecommunications Act, lobbyists working for powerful providers like AT&T, Comcast and Verizon pressured a compliant FCC to tear down all of the important safeguards established by Congress.

While the U.S. blindly followed a path of “deregulation,” other nations in Europe and Asia beefed up their pro-competitive policies. The results are evident in our free fall from the top of almost every global measure of Internet services, availability and speed.

The lack of competition has turned America into a broadband backwater. In the aftermath of the FCC’s decisions, powerful phone and cable companies legislated and lobbied their way to controlling 97 percent of the fixed-line residential broadband market — leaving the vast majority of consumers with two or fewer choices of land-based providers in any given market.
The absence of true consumer choice has driven prices up and services down.

Bathroom mania

For reasons that are not clear to me, the Plain Dealer wasted a huge amount of the limited space in its front section to a story about a fancy lakefront property that was on sale for nearly $20 million. The item read like a huge, free, real estate advertisement and fell into the category of what is known as ‘real estate porn’, that showcases the absurdly extravagant homes of the wealthy.

But what struck me was that the 38,000 square foot house built on 160 acres consisted of five bedrooms, nine bathrooms, and seven half bathrooms.

Why would you need sixteen bathrooms for a private home that has just five bedrooms? Do rich people need to go to the bathroom a lot and so must have one handy at any moment?

The inexplicable popularity of awards shows

I see from the news today that yesterday was the Emmy awards show. I do not understand the appeal of such shows for viewers and am curious as to why people watch them at all. Surely it can’t be to see the stars since we see them all the time in their performances themselves. The shows apparently have some moments of comedy and some music and dance but most of the time seems to be spent announcing the nominees, showing clips from their performances, and the acceptance remarks of category winners. Surely this must get stale about fifteen minutes into the proceedings?

It is true that I do not watch TV or go to many plays much, which may explain my lack of interest in the Emmys and the Tonys. But I do watch films a lot and my disinterest extends to the Oscar awards show as well.

Do viewers of these shows see it as a quasi-sporting event and root for particular people to win, thus enjoying the suspense of seeing if their ‘team’ won?

I am genuinely curious.