Better Password Management with Smarter Easier Passwords
February 27, 2008
The password commandments that we all know:
- Don’t write down your passwords
- Don’t give out passwords over the phone
- Come up with unique passwords for every service
- Clear your cache on public computers
- etc. etc. ad nauseum
While good advice, are a little overwhelming. It starts to look like a full time job when you consider the lists of rules for passwords.
And, the even sadder thing is that these rules and suggestions are great advice. And they really should be followed to the tee. The problem is that most people don’t have the patience. And even further than that, we’re all afraid to forget a password.
A Weak Solution
So, what do most people do? They do the same thing that I’ve always done: they keep a few passwords, each one with a different “security level”. Here’s the way it works, and I’ll bet you do something like this:
- The first password is the low-security one. This is the password you use for all of the little things you sign up for. You use it for all of the things that you don’t really plan on using often.
- The second password is the slightly more secure one. You don’t use this one in nearly as many places as you use the first one. It’s the gate keeper for you Facebook and Myspace accounts. It’s the one you use when security is a concern, but not life-devastatingly important.
- The third password is the doosy. This is the password you use for online banking and bill pay. If this password got out, you’d be screwed.
And, this system is better than no system, but it’s still not good enough. The reason it’s not a good system is because that’s what almost everyone does, and anyone out there that might be trying to steal your password knows it.
But, faced with the enormity and involvement of managing our passwords the way the experts tell us to, we prefer to keep an easy to remember set of passwords. And, besides, we’re the only ones that have to know our dirty little secret aren’t we?
There’s a better way
I know what you’re thinking. You’re thinking that I’m about to spout all of the rules at you again, and slap your wrist for handling your passwords improperly.
Well, even though I probably should, that would make me a hypocrite, because I’m equally guilty, so rest easy.
But, what if I told you that you could have a unique password for every service and that you’re not going to need a complex password management system to maintain them?
Hard to believe I know, but it’s possible.
Stronger Passwords
Here’s the system I’ve started using that works wonderfully for me.
Take your three passwords, the three that you already use. I’m sure that they are fairly good and the only problem with them is that you use them for so many different services. If you were to compromise one of them even one time, you’d give up all passwords for that security level.
But, because they’re so good, and because you’ve already got them committed to memory, there’s absolutely no reason to throw them out. You’ll be using them as the base of your passwords from now on. Your old passwords will be the group of numbers, letters and symbols that will be the same in every password you use. This is the base that you will start with when creating a new low security password.
Now, to make the password more secure you need to throw in a modifier. A modifier mixes the password up and adds characters, and if you make the modifier service-dependent, it’s easy to remember and creates a unique password for every service.
I think we need an example.
Example
Step 1 - Define your Base
Let’s say that your low security password is: 3a5ypa55w0rd
Step 2 - Define Your Modifier
The modifier is what makes your email password different from your Digg password. It switches things up for every site, and insures that mismanagement of one password isn’t mismanagement for every password.
Your modifier will be based on a rule, that you define, that will stay the same for every password you make. This is possibly the most important part. The rules are what make your passwords unique and distinctly a creation of your own mind. Be creative when coming up with your rules. Just don’t forget that you have to remember the rules you invent.
One example of a modifier rule is to make the modifier the first three letters of the service, written backward. So, if you are registering as a member for my website: Flowercast, your modifier will be “olf.” Because, the first three letters of “Flowercast,” “F,” “l,” and “o” written backward are “olf.”
There are a number of rules you can set for your modifier (Using the first two consonants followed by the first two vowels, using the last three letters, spelling the entire thing backward, etc.) but it’s important not to be lazy and do something silly like use the name of the service (ex: “flowercast” spelled out explicitly) - doing that would make your system much easier to crack.
Step 3 - Place Your Modifier
The last rule for your passwords is where you’re going to put your modifier in the password. There are a number of places to stick it without making the password too difficult to deal with. You can addend it to the end, or place it in the center of the old password, or at the beginning. You could also split the modifier up and disperse it throughout. The important thing is to maintain consistency, so that your system is easy to remember.
In our example the rule we’ll be using is that we’ll always place the modifier between the 2nd and 3rd “5″ in 3a5ypa55w0rd.
Putting it all together
So, to start at the top with our example:
With the low-security password 3a5ypa55w0rd, we decide to register for The Flowercast.
Our modifier is “olf” and we always place our modifier between the two fives in 3a5ypa55w0rd.
The final product, and our new password for The Flowercast, is 3a5ypa5olf5w0rd.
With the same rules our passwords for Facebook, Myspace and Digg would be 3a5ypa5caf5w0rd, 3a5ypa5sym5w0rd and 3a5ypa5gid5w0rd, respectively.
By maintaining your old system and adding the site-independent modifier, you can exponentially increase password security without having to do more than look up at the title of the website.
What do you think? Would this system work for you? Is it too difficult? Too easy? How would you improve on it?
Zombie Locomotion
February 26, 2008
Ok, so there’s been a lot of question about the locomotion of zombies, and many different interpretations of their abilities; and it’s all getting out of hand so I thought I’d write this article to clear everything up. It came to a head this morning, when, standing in line at a convenient store, I witnessed two grown men get into a knife fight over the speed and abilities of what they both defined as a “true zombie.”
The knife fight did not end well, and it’s been bothering me how often I see this happen.
It usually starts with something as simple as a bumper sticker or t-shirt: one of the gentlemen in line this morning was wearing a “Dawn of the Dead” t-shirt. The object usually starts a friendly conversation that escalates slowly into a disagreement.
You can always see it coming if you know what to look for. One of the people in the conversation always steers it slowly toward the movement of zombies.
Something like, “Of course, the zombies in ‘Dawn of the Dead’ were those wacky slow-walking zombies.”
Then, of course, the other person says, “What do you mean wacky?”
And, I’m sure you know exactly what happens from there. And, before you know it, blood is everywhere and someone is screaming for an ambulance.
And, this can all be solved with a little examination.
The question is directly related to their movement, and the styles with which different film-makers and book writers have portrayed it.
The styles range pretty wildly from the slow, shambling gait of a stumbling, dead zombie (See any George Romero Zombie movie or “Thriller” by Michael Jackson and John Landis) to the super-human speed of cheetahs (’Xombies’ by Walter Greatshell).
The problem that starts this whole mess, every single time, is the question about what defines a zombie. And, the reason it starts so many arguments is because no one ever thinks to ask the question.
I propose that there are two types of zombies: Those that are fundamentally ‘alive’ and those that are physically ‘dead.’
This is an extremely important distinction, and I’m not going to make a stance on whether one or the other is truly a ‘zombie’ per se, but I do want to make it clear to my readers that there are two distinct classes of zombie: The physically living and the physically dead.
Why is this an important distinction?
Because it ultimately defines the speed with which the zombie locomotes.
Living Zombies: Ultimately, it has to be said that no zombie is truly living. The fact that they are driven to murderous rage and insanity is a clear indication that zombies can never be said to truly be living.
Living, in this context, refers to the strictly biological functions of the zombie’s body.
A zombie is said to be alive when it’s body is still, biologically, functional.
Examples of the living zombie are the “zombies” from ‘28 Days Later’ or the ‘xombies’ from the previously mentioned book by the same name. These zombies aren’t necessarily dead in the biological sense of the word.
Their lack of deadness implies multiple things:
First, it means that their muscles and joints retain a flexibility that would be lost in death. The circulation, and therefore easier movement, remains intact.
Second, the fluids in the body remain distributed. A lack of distribution, as in dead bodies, results in rigormortis, which impedes balance and movement.
Third, they can be killed. This sets them apart from the “dead” zombies. The living zombie, unlike his dead counter-part, can die of starvation or blood loss.
Dead Zombies: This personification of the “walking dead” is exactly that. And, as a result of his physiological deadness, he/she suffers from all of the maladies mentioned above.
Rigormortis, lack of flexibility, lack of balance, dry skin and and dried mucous membranes (resulting in vision loss and blindness, as well as an inability to speak or yell).
The one upside, or downside depending on how you look at the situation, for the dead zombie is his/her inability to die.
I realize that these categories are very generalized and fail to define a number of other factors (How the zombie came into existence, it’s condition before it became a zombie, etc) but the generalization was intentional.
The separation into two categories, categories that can predicate the answer to a crucial argument, clarifies the situation and arms potential aggressors with the ability to avoid bloodshed and loss of life.
In the event that you find yourself about to defend the locomotion of “zombies,” or about to witness a horrible fight,make sure that both parties in the argument have clearly defined the type of zombie they are talking about.
The correct response to “Zombies aren’t slow and shambling like that.” is, “Well, the living ones aren’t.”
I leave you on a serious note with an image of a zombie cat… and a link for further reading: Zombie Comic
Problems with Soundflower
February 23, 2008
5 Tips for facilitating a Decision Group
February 18, 2008
Decisions have to be made and, unfortunately, they sometimes have to be made by a group.
A group is good at many things. With the right group you can win a sports tournament, move a boulder, and erect a building. Groups are also an excellent resource for idea processing and brainstorming, which is why they’re often called upon to make decisions.
But, a group is horrible at narrowing things down to a single, final decision. And, what do you expect? With so many different minds holding so many differing opinions working on the same set of problems, it’s madness to expect otherwise.
But, in my experience, there are a few things you can do, as a facilitator, to insure an easier experience:
- Make Everyone in the Group Meet - The only way you’ll ever get a group to come to a final decision is by forcing them all to come face to face. No one can switch sides later, and everyone feels represented fairly.
- Present cases thoroughly - Make sure that everyone understands all aspects of the decision. Make sure that the case for each decision is represented thoroughly and fairly. This often means presenting the choices on paper or the equivalent.
- Use the Process of elimination to reduce choices - If the decision cannot be arrived at through conversation remember the process of elimination. Make everyone agree on a generalized decision and narrow the choices slowly.
- Be objective - It’s not your place as facilitator to make a decision or influence the decision in any way. It doesn’t matter how well informed you are. If you are an expert you should offer your expertise objectively and try not to lead the decision.
- Don’t make an executive decision - If your group is refusing to agree, even after being brought face to face, you need to meet again. Do not make the decision! No matter how impossible the situation seems, it will only be made worse if you make the decision.
Rob the US Treasury and I’ll pay you.
February 15, 2008
Anthony LaFauce wrote a post about the SMUG Facebook Hacker Challenge.
Lee Aase, at SMUG, is offering $100 to the first person who can hack into a Facebook user group that he created, and tell him what it says in the “recent news” section. He said further that he is willing to double the payout to anyone who can, in addition, post a photo to the group.
While reading the post, I suddenly realized that I had a similar challenge that I wanted to make, and that, in fact, I was willing to offer more money for mine.
You see, I, Justin Flowers, trust the security at the US treasury so much that I’m willing to offer a $1000 dollar reward to anyone that can break into the US Treasury, and steal $1,000,000 US. If you show me the 1 million, I’ll pay up. I’m willing to double my payout if you bring me a picture of you in a vault at the Treasury.
And, why am I willing to make such a large payout for such a menial task? Because I’m an SEO clown.
Honka! Honka!
Bokayme virtual flower service - Good idea lost on the old-school capitalists
February 11, 2008
|
|
 |
Today, while doing a bit of work on the interwebs, I ran across Bokayme.
Bokayme is owned by 1-800-flowers.com and it allows people to go online and send virtual flowers to their friends, partners and family members. The flowers are somewhat interactive, so when you visit them the next day they have opened a bit more and so on.
My first impressions were pretty favorable. Viral marketing apps like this are a great idea. Used correctly they have the potential to really explode a brand. And, this one has all the right elements. Great looking site, tied into an existing social network (there’s a facebook app) and the steps are fairly straight forward. Throw in the fact that it’s customizable, and you’ve got a winner.
Except for one small problem: They charge real money for the bokays.
“But, Justin”, I can hear you say, “charging for virtual goods is becoming an accepted institution in online marketing. Look at what facebook is doing with ‘gifts,’ or look at any number of online role-playing games. They’re all doing it, and they’re making money.”
True, but they’re doing it either as their whole business model or as a side gig. None of them are using it to supplement an already existing business.
1-800-flowers.com is just being greedy here. They’ve built a fantastic viral marketing campaign but couldn’t help cutting it’s legs out from under it before it was ever given a chance. And, I can tell you exactly how this one went:
A young guy in marketing said, “Hey, we need something viral, let’s make online flowers - there’s no cost after set up, and people will love it.”
The young guy went to his boss. The boss loved it, got it approved and hired a web development company.
When it was done someone on the board said, “How much money is it going to make us?”
The boss said, “Um, none I guess.”
Person on the board shook his head and said, “It needs to make money.”
“But” the Boss said, “this is designed to increase recognition of our brand.”
“What does that even mean?” The board member said, “I don’t care about brand, I care about money. That’s what we’re in business for, to make money. This thing either needs to cost money or it needs to be scrapped.”
In desperation, a pay scale was added to the application and the angels of marketing wept.
Measuring the Unmeasurable
February 7, 2008
I attended Jeremiah Owyang’s webinar last week, and did a brief comparison to another seminar that I had attended the day before.
But, even more important than that comparison about the old and new media way of thinking about things, is one of the larger points that were brought up during his webinar. In his blog, Web-Strategist, Jeremiah went on to point out that one of the often asked questions was, “how do I convince my management to embrace this new social media world?”
Jeremiah makes a distinction between digital lifestyle “natives” and “immigrants,” which is a very adept way of stating the issue.
At my own company, I’m dealing with this problem. My company is a new one and is still suffering from the “velocity over sentiment” ideas that Brij Singh pointed out. So, when I tell them what I’m doing to help raise awareness about the company and our product, they ask me for concrete numbers.
The problem is that there really are no scientific measurements for what social media accomplishes. And, the measurements that exist are largely intuitive.
Jeremiah says, “Campaigns are happening off your servers, so you cannot easily measure [them].” His new measurement attributes are:
- Attention
- Interaction
- Velocity
- Sentiment
- Quality
- Impacts
And, as you can see, not all of them are nearly as effective to a proof-based corporate management structure as, say, Google’s Analytics.
So, how can you introduce new ideas into the culture?
In my experience, I’ve found that the best way to deal with old media ideas is with old media facts. I appreciate the idea that Jeremiah mentioned in the webinar, about pointing out how children are communicating (through IM, texting, social networks, etc), but that doesn’t work in my situation. The idea is sound, but it’s hard to pitch.
Measuring social media and its effect on your marketing or PR campaign starts with defining specific goals for your “immigrants.” And the best pitches start by defining results.
Here are a few questions to ask:
Why are your immigrants hesitant about social media?
There are as many reasons for being hesitant about using social media as a marketing or PR platform as there are people who are hesitant.
You can make assumptions all day, but until you actually determine why your immigrants feel the way they do, there’s really no way to assuage their doubts. So the first thing you need to do is find out what, specifically, is the problem they have with the medium.
What is it that the company hopes to accomplish that can be helped with social media?
This is the most important question, of course, but it’s an easy one to overlook. What are the specific problems that need to be addressed, and what are the goals that will resolve the problem? In other words, what are the concrete facts/numbers that need to be improved, and how are they measured?
How can you narrow broad ideas?
If the problem is that there aren’t enough hits on the website, then obviously there is a way to measure that. If the problem is something more complex, for example: “We need to develop a love of our brand by consumers,” then you’re being too broad and you need to break it down into more specific issues.
Ask yourself what the first step toward your lofty goal is. If you define the first step, you can define the first goal. And, goals are what your immigrants want to see.
If you define the problems and goals with your immigrants, they will be able to see them as clearly as you can.
The best way to lead the way on a brand new path is by showing the people following you how similar it is to the old path.
My next acting gig
February 6, 2008
So, I think that I’m almost certainly cast as a cockney bum in Major Barbara. More than likely I’ll be playing the part of either Bill or Snobby.
If you don’t know the play, it’s set early in the 20th century and the story takes place around Barbara, who is a major in the Salvation Army.
Barbara will be played by Dana, and I’m going to be one of the cockneys that she saves from the streets.
Jerry’s directing, and I think he’s cast most of it.
Of course, I was a bit concerned about it at first, and almost entirely for selfish reasons. I was getting used to having my evenings free, and I’m not sure that I was ready to give them up again. On top of that, I’m not sure that Major Barbara is a play that particularly appeals to me. But, I do love acting, and I really wanted to be involved.
And, if I know Jerry’s innate ability to cast exactly the right people for the roles, I’m sure that I’ll love every actor and their performances.
It’s an interesting tale and, even though it’s not exactly my cup of tea, I’m sure that I’ll love doing it.
More details at the Stage West website.
**Update - February 13, 2008**
The cast list has been posted and it looks as though I have been cast as Snobby:
Cast List - Major Barbara
Dana Schultes - Barbara
Jim Covault - Undershaft
Ash Smith - Cusins
Jack Greenman - Bill/Morrison
Nancy Sherrand - Lady Britomart
Allison Pistorius - Sarah
David Fluitt - Lomax
Steven Levall - Steven
Justin Flowers - Snobby Price
Shannon Worthington - Rummy Mitchens
Jon Kruse - Peter Shirley/Bilton
Megan Penny - Jenny
Nancy Lamb - Mrs. Baines
Done Bun can’t be Undone
February 6, 2008
So, almost everyone knows by now, and I thought that it was high time that I announce it to the world.
<trumpets>Dana’s pregnant!</trumpets>
Sometime in late September or early October, I, Justin Flowers, am going to become a daddy, and there’ll be one more Flowers in the world, god help us.
My Dad is loving it, most of all he finally gets his wish and becomes a grandfather, and secondarily he’s going to love all of the trouble the kid is going to cause me.
When I told him, he said, “You know, Justin, a person’s kid is always worse than you ever were.”
When I laughed it off, he smiled with cold eyes and said, “Pay-back’s a bitch.”
… I guess I was a little harder on him, growing up, than I thought I had been.
Oh well, how hard can it be?
Seriously, the kid is going to be tiny. I’m a pretty big guy, the kid is going to be nothing in comparison! I’m Justin Flowers…
I can take him.
-
About
Justin Flowers
Mad Scientist
Zombie Expert
Fort Worth, TX -
Subscription
