Password Security - Summary

The idea of using a password is thousands of years old, but today it is most commonly associated with computer authentication. Passwords are kept secret and used to prove the identity of a user on a computer system. Today passwords are used more than any other time in history. Almost every person in the United States has a password of some sort tied to a computer system. This includes new uses such as passwords associated with mobile technology.

Overwhelmed with passwords, many people fall victim to bad habits that weaken the security the passwords were intended to provide. Users often use weak passwords because they are easier to remember and reuse passwords across multiple services. Services often fail to address these problems as well. Poor practices for password storage and site security allow malicious users to access password databases, putting all users of the service at risk.

The people trying to gain access to your passwords are better known as crackers. A cracker might use your password to access the site of origin, but often their motivation for stealing passwords is to gain access to other services. Crackers have a number of tools at their disposal to combat modern password safety measures such as rainbow tables, key loggers, man-in-the-middle attacks, and social engineering attacks such as phishing.

There are ways to protect users against many of these techniques. Services can follow best practices for storing passwords and authenticating users. Alternatives to passwords exist. Users can pick better passwords. Software can help users manage their passwords securely. Some effort is required, but users can combine both convenience and security.

Next time I will introduce passwords with some history and the concept of authentication.

Password Security - Foreword

Computer security is an important topic for me. While I don't consider myself to be an expert, and I know several people who are more committed to secure computing than I am, I still am very interested in the topic. I try to take a pragmatic approach to security where every decision I make considers risk, reward, and cost. In the last few years I have become increasingly concerned over my password security habits, and more so over the habits of others. So much so, that when the opportunity arose I chose to study it and write at length about it.

Earlier this year I took a course in technical writing. The design of the course was fairly neat. Students had to pick the topic for their final paper at the beginning of the course. Each week students had to hand in a writing assignment related to this topic. At the end of the course the final paper largely consisted of the previous assignments with some additional content to glue it together. As you can guess, my topic was password security.

I was inspired by recent high profile hacks and password leaks, as well as my recent switch to using a cloud-based password manager. My report was based largely around these events, though the final version included less examples than I originally intended. It is, to some extent, an elevator pitch to attempt to convince others that there is a real danger in insecure password practices.

Of course, a pitch that is never presented has no chance of success. To date, probably only four or five people have read my paper, and at least one of those people learned nothing from it. So, in the spirit of both my efforts to contribute to the world via my school work and to help get the word out that these practices must stop, I will be splitting up my paper into several blog posts to share with anyone who will read it. I will attempt to add value to the paper where possible, such as links to reference articles and examples that I could not fit in the original.

Google Plus: Modeling Real Life Social Interactions

While the service may be in its infancy, I think G+ shows some real promise. Of particular interest to me is the ways in which the Circles feature models social interactions from the real world. I believe that in this aspect it is far better than Facebook, though it will take time for these interactions to click with users.

Circles: Just Like Real Social Circles

Quickly, think of one of your real life social circles. For most people, they will think of a group of friends, coworkers, or family that is tight knit and perhaps share some commonality. In many circumstances, these people will show up in multiple circles. G+ models this perfectly. You can easily take a person and put them in as many circles as you'd like.

Again much like real life, that person doesn't know that you consider them part of a particular circle unless they know implicitly or you tell them. That person may be on your "frenemies" list. Perhaps you only consider them to be an acquaintance (we'll get back to this) but you don't want them to get the wrong idea that you're keeping them at arms length.

You may never use this feature to its full potential, but one of the aspects of social software is that it allows you to organize and catalog your life in new and novel ways. The implementation on G+ is both easy and visual. You may learn something about how you think of your friends by attempting to put them into circles.

Sharing Controls Allow More Frank Conversations

When you share something on G+ a key feature is that you can easily limit or expand the scope of sharing. I know some people consider this to be a confusing extra step but it is necessary to model these interactions. It allows people to conveniently have separate social circles that need not often interact.

Think about it, is your mom or boss on Facebook? This answer is increasingly "yes." With Facebook's privacy settings it is complicated to avoid sharing sensitive information with these people. It's likely none of your boss's business that you were out partying all weekend, but it is so easy to inadvertently tell her just that. In order to avoid this you must either not befriend these people on Facebook (smart, but sometimes awkward) or go through a fairly unintuitive procedure to modify who can see a particular post. It's not impossible, in fact I have custom security settings that keep several people who are officially "friends" from seeing the content on my wall, but it is nowhere near as intuitive nor as central as it is on G+.

As an aside, I think that Google is placing their bets that by enabling you to have more control over who sees what info you will in turn feel more comfortable sharing things. If that becomes true then people who share relatively little now could find new life in a product like this. Also, I should note, the addition control is not absolute. Just like in the real world, if you say something to anyone then that person has the ability to share that information. Digital communications are easier to copy and verify, so it's not like this would give you carte blanche to trash talk your employer or openly cheat on your spouse.

Dealing With Acquaintances and Beyond

The way Circles work will allow for far less awkward interactions with people you don't know or don't know well. If a random person adds you to a Circle, you can simply ignore it and they will only see public posts. Any posts they share with you will go to your Incoming page. You simply don't have to see those people, and it requires no action on your part. Sure, you can block them if you really want. A better strategy would be to simply treat public posts as you would any other public speech and not say anything too personal or socially unacceptable and you don't have to do anything about them.

Say that guy you met at the party last weekend adds you, and you might share some stuff with him based on what you know about him but you don't want him to know too much about your personal life, then file him under Acquaintances. When you share personal info don't share it with Acquaintances. Or create another group that's even less intimate. Chances are that most sharing of this sort barely has a real world model because many acquaintances don't have frequent interactions after the fact. So even if you never share anything with these people you shouldn't feel bad about.

A Conversation With a Circle

In the real world it is unlikely you will have a chance to talk to people from all of your social circles at once more than a few times in your life. The one time this is likely to happen, at your wedding, is something that many people only have happen once, and others only a few times. Good luck getting your coworkers to buy you a fourth wedding gift.

Instead, you probably have conversations with a one circle of friends at a time. It's likely that you tell these groups many of the same things, but you probably choose not to tell certain groups certain things, and other times you probably change things slightly to match the group. Each group likely reacts differently, even if similarly, to the same conversation. Sometimes, you would tell two people the same thing, but not when they are in the same room. That's how social dynamics work. It's a dynamic that Facebook breaks and G+ models somewhat correctly.

For some people, Facebook has changed this social dynamic forever. Any public announcement will be just that: public for all and for all to comment on. They probably value the varied interactions of their different circles of friends meshing together. Fortunately for these people, G+ offers the "My Circles" and "My Extended Circles" sharing settings, not to mention "Public".

For everyone else, the genie can be put back in the bottle. If you have a conversation with one group of friends no one else need know. You can have the same conversation multiple times shared with multiple groups and avoid any interaction.

Why would you want to do this? Well, maybe you want to give your close friends a low down on your trip to Cancun, but you want to share photos with your family. You don't want your rowdy friends commenting where Granny can read. Or, maybe you know people from Ohio and Michigan and you want to discuss the fine mess that OSU's football program got itself into but you'd rather it not become a huge flame war.

A Conversation From a Circle

Here's another key difference. Right now G+ does not have a "wall" that anyone can write on. Some people think this is terrible, others love it. I like it because it gives me control over who sees what my friends say to me. However, the real benefit of this is that it models how interactions from a circle of friends to you work in the real world.

If you're hanging out with a circle of friends one of them might say something to you that everyone in the circle can hear. This could strike up a conversation within the circle, and maybe it's a story you would recount later to others but people outside the circle would not likely be involved.

How you model this in G+ is to make a post directed at your circle and tag the person you are speaking to. This will allow your mutual friends to comment on this post. If your friend wants to share it more broadly he can do so by clicking Share and selecting more of his circles. By sharing it with your mutual circle of friends you can have the same sort of intimate, candid conversations you would have in the real world. If it's something you want more people to talk about you retell it by sharing, the same as you would need to otherwise.

This again empowers you to control who sees what information. If you think about Facebook's wall, the idea of allowing someone to write on your wall is like asking for someone to write graffiti on your house or draw a penis on your forehead. Sure, it's also like having them sign a cast, but even then they normally ask permission. Think of resharing as your wall plus asking permission.

Public Speaking

Public speaking is something that Twitter does pretty well. Conversations on Twitter are so disjointed that it is more a broadcast platform than anything else. Of course, conversational discourse is kneecapped on Twitter due to the size limitation. Facebook makes most of the things you say into a semi-public event that is invite only. Unless your profile is open to the public only your friends will see it, but then those people not in your friends list can't interact with it. G+ is modeled a little bit after both services, allowing you to have both private and public conversations. However, G+'s public conversations are far superior to Twitter and more shareable than Facebook.

Anything you post that is aimed at the Public should be considered to be something of a seminar. It's like gathering all of your friends, acquaintances, fans, etc. into a big room and offering for anyone to comment. You can assume that this will be fairly public, as it is tied to Google after all, but the people who will immediately know about it are the ones who have you in their circles. Thus, you practically have an attendance roster right on your Circles page. Unless you disable comments then you can allow public interaction on these items, basically anyone with a G+ account can comment.

Getting Along with G+, Acceptance & Adoption

When we deal with a new service like this one we must be careful. Some people will proclaim it the next big thing, others will call it DOA, and still others will begrudgingly drag themselves along for the ride. We'll recall Google Wave (over and over again) and Orkut. We'll think of MySpace, which is funny because it was a huge success that just didn't have staying power. Maybe we'll think of all the other projects Google has done that no one would give a chance to yet have proven to be popular over time, like GMail, Google Maps, and Android.

Chances are that people like me will be more lenient on the service. I don't mean because of the reasons laid out above, but rather that I tend to love Google interfaces. Even their quirks often agree with me. I try to cheque my fanboyism and be objective. Certainly, as someone who does interface design for a living I can be critical of their choices. Still, it works for me for the most part.

It's also important to remember that this service was launched early in the development stages. It is clear that they intend to follow their pattern of rapid iterations and live testing. Google is capable of developing slick interfaces that work well, but often their first generation is somewhat clunky and pointedly favors geek culture with features like keyboard shortcuts. If you're not so much of a geek (or sometimes if you're just that much of a geek) then you won't appreciate this as much as people like me.

I'm sure there are more ways that this service both mimics and deviates from real life social interactions. After all, it is a piece of software and it does do things that are impossible or difficult to physically accomplish, like bringing together people from geographically divergent places. However, I'm not exactly a social scientist nor will I proclaim myself to be a social media expert. This is all I've thought of up to now and it was inspired by several conversations with various friends. This may not be the last I write on the subject, I only hope that the next thing I write isn't a post-mortem.

Found in Email

I'm cleaning my email and I found this gem:

The only downside to that is that people *want* to believe this stuff
so badly that they'll just stop sending it to you instead of listening
to reality. So, you'll stop getting useless bullshit, but the other
people involved won't stop believing it.

That's been my experience.

It's in reference to my wife debunking one of those worthless chain mailings. It couldn't be more true.

Steps and Missteps to Cord Cutting

After some setbacks to my cable television independence, I've recently climbed back on the horse. This time I have some new weapons and a new strategy: ownership. I'll get to that in the next post but for now I'd like to summarize my attempts to cut the cord.

This all started about 4 years ago. I made a change to our cable plan and I let the nice CSR sign me up for the $100/month "Triple Play" service that includes Internet, phone, and Cablevision's extended "optimum" television line up. She also threw in a second DVR, free for a year and made it so the first DVR was billed as a regular cable box. All told it was about $120/month, but for that money I got a lot of services and perks.

Then the introductory period ran out after 12 months. Those perks that seemed so nice for $120 didn't seem so great when the bill started closing in on $200. I took a step back and questioned how much I actually needed these services and which ones I could afford. I kept the Internet services, as theirs is the best in my area. I returned the both DVR boxes. I cut my cable back to their lowest plan, which isn't much more than a rebroadcast of channels available over the air (OTA). I even tried getting a better antenna to see if I could switch to just OTA, but apparently I can only do that if I speak Spanish. Also, I switched my phone service to Broadvoice.

These changes brought my total back down to a more manageable $80. I didn't sack the extra money away in the bank, though. I knew if I'm to make this work I need to invest in some other forms of entertainment. I do have a child, and I'm a guy who likes to watch TV and movies. So I bumped up my Netflix membership to 4 discs and made it a point to buy my son DVDs every couple weeks. I augmented my viewing with online streaming services like Hulu, and I started watching a lot more fansubbed anime. This worked well.

...For a while. Then my mother moved in for a month or so. She's hopelessly addicted to TV. In her house the TV runs 24/7. Often on one of those blathering, vile, manipulative news channels. I'm sure you know the one. So we had to reinstate a broader cable line-up. We kept our separate cable service, though. No DVR this time. A couple months after she left, we dropped our television service back to previously low levels.

...For a while. Next up came my wife's research project. Her concept was to monitor some of those blathering, vile, manipulative news channels and write about how they influence one's worldview. I'm sure it was interesting, though she never let me read it, and she got a good grade. However, this meant we needed to increase our service level and add a DVR. At the time my son was approaching his third birthday.

Big mistake. Once a habit formed of recording shows on the DVR and watching them later we became stuck. Sure, we can always just get rid of the thing and deal with him when we do. That's annoying, though, and it's a little unfair to him. He's just a kid and he likes some shows that have a limited or non-existent DVD presence. We limit the time he watches TV, but kids seek out new things so the shows he watches will drift over time. Two shows in particular seemed troublesome: Nickelodeon's Bubble Guppies and Disney's Jake and the Neverland Pirates.

That brings us up to a week ago.

Here's a quick rundown of the setup:

Service	Provider	Cost/Month	Notes
Cable	Cablevision	$70	including DVR
Internet	Cablevision	$50
Phone	Broadvoice	$15	No Long Distance
Rentals/Streaming	Netflix	$28	4 disc plan

Since we're all caught up now in my next post I'll go over some changes I've made, others I plan, and what the long term picture looks like.

Charles Bukowski: The Happy Outcast

Charles Bukowski died March 9, 1994. In honor of this I've decided to renew my series of reprints from my coursework. This piece was part of my research anthology project for my college writing class. Included is the original work, though I received a fair share of criticism from the professor for some of it.

Charles Bukowski was an American author and poet. He was an odd, ugly man who believed that beauty was hidden in the drunks, pimps, and whores. He spent his time in bars lamenting those who would resign themselves to work eight hours a day. Bukowski, who lived an alternative lifestyle and never conformed to societal norms, was considered ugly, and was more comfortable in the company of misfits, wrote The Genius of the Crowd as a brutal reaction to how he was treated socially and how he viewed supposedly normal people.

The further away from the human race I am the better I feel. Even though I write about the human race, the further away from them I am the better I feel. Two inches is great. Two miles is great. Two thousand miles is beautiful. As long as I’m able to eat. They feed me because I feed them. I don’t like to be near them. When somebody even so much as brushes against me with an elbow in a crowd I react.

I do not like the human race. I don’t like their heads. I don’t like their faces. I don’t like their feet. I don’t like their conversations. I don’t like their hairdos. I don’t like their automobiles. I don’t like their dogs or their cats or their roses. (Bukowski)

Charles Bukowski was once described as the “human embodiment of a raised middle finger” (Miles). He could never quite fit into the mold. As a young adult he had many blue collar jobs ranging from dishwasher to truck driver. He hated these jobs. In Bukowski’s words, “I could not accept the snails pace eight to five, Johnny Carson, happy birthday, Christmas, New Year-to me it’s just the sickest of all sick things.” Instead, he chose to live in abject poverty with no job so he could dedicate himself to writing.

Charles Bukowski looks like someone beat a toad into his face. Those are my words, not a quote. I watched many hours of interviews of Bukowski between “The Charles Bukowski Tapes” and “Bukowski: Born Into This.” During that time I thought about how to characterize his looks and came to this conclusion: if you take an average person and beat a them over the face with a toad long enough to do permanent damage, you may look like this guy. Others are no kinder, Paul Ciotti of the Los Angeles Times said Bukowksi had, “a sandblasted face, warts on his eyelids and a dominating nose that looks as if it were assembled in a junkyard from Studebaker hoods and Buick fenders” (qtd. in The Poetry Foundation). As a child he was bullied and rejected by girls due to his complexion (Gale Literary Database). I am intentionally cruel, because that is the attitude that Bukowski faced for much of his life. His appearance set him apart and changed the way that society treated him.

It was these kinds of interactions that drove Bukowski to alcohol, he was a notorious drunk. He was also unashamedly drunk, often speaking passionately about the beauty of alcohol and his time spent in bars. It infected his work as well. Take, for instance, the poem Here I Am... in which he begins, “drunk again at 3 a.m. at the end of my 2nd bottle/ of wine,” (Bukowski 1-2). His semi-autobiographical character, Henry Chinaski, who featured prominently in several of Bukowski’s books as well as the movie Barfly, was an alcoholic. He chose alcohol over work and dive bars over coffee houses.

With the booze comes the bars, and with the bars comes the patrons. Bukowski was at his element with the people who have nothing better to do than sit in a bar and get drunk all day. He was proud to be a vagrant. In “The Charles Bukowski Tapes” he often refers to pimps and prostitutes as his “people,” complete with a segment in which he drives around West Hollywood pointing out various people on the side of the road to declare them as friends. At this point he had published numerous books and was known to cavort with some of the Hollywood elite. His true calling was with the Hollywood underbelly.

Charles Bukowski did not need to take revenge against those who misunderstood him and treated him poorly. He was perfectly content to go get a beer instead. Yet, when he was alone with his typewriter such resentment was sure to show. I believe that Bukowski felt the he was almost robbed of the chance to write, and to live a life of debauchery that he thoroughly enjoyed, by the average person and their desire to keep the status quo. If he was threatened he surely was not one to act, he didn’t see a point in such behavior. His weapon was his words.

On the attack of the normal, he has many poems. I believe that The Genius of the Crowd best exemplifies this idea. Other poems with similar themes include: 40,000, Another Day, Be Kind, Let It Enfold You, and Pull a String, a Puppet Moves. Over the course of his life Bukowski wrote thousands of poems and hundreds of other works. His works are often very direct, and quite blunt. The life he led and the people he encountered influenced him greatly. In sampling his catalog one can find countless examples on this theme, and I leave you with a selection from one - Some People:

some people never go crazy.

what truly horrible lives

they must lead. (Bukowski 20-22)