Computer security is an important topic for me. While I don't consider myself to be an expert, and I know several people who are more committed to secure computing than I am, I still am very interested in the topic. I try to take a pragmatic approach to security where every decision I make considers risk, reward, and cost. In the last few years I have become increasingly concerned over my password security habits, and more so over the habits of others. So much so, that when the opportunity arose I chose to study it and write at length about it.
Earlier this year I took a course in technical writing. The design of the course was fairly neat. Students had to pick the topic for their final paper at the beginning of the course. Each week students had to hand in a writing assignment related to this topic. At the end of the course the final paper largely consisted of the previous assignments with some additional content to glue it together. As you can guess, my topic was password security.
I was inspired by recent high profile hacks and password leaks, as well as my recent switch to using a cloud-based password manager. My report was based largely around these events, though the final version included less examples than I originally intended. It is, to some extent, an elevator pitch to attempt to convince others that there is a real danger in insecure password practices.
Of course, a pitch that is never presented has no chance of success. To date, probably only four or five people have read my paper, and at least one of those people learned nothing from it. So, in the spirit of both my efforts to contribute to the world via my school work and to help get the word out that these practices must stop, I will be splitting up my paper into several blog posts to share with anyone who will read it. I will attempt to add value to the paper where possible, such as links to reference articles and examples that I could not fit in the original.