{"id":1089,"date":"2010-09-05T10:13:35","date_gmt":"2010-09-05T16:13:35","guid":{"rendered":"http:\/\/minkhollow.ca\/beckerblog\/?p=1089"},"modified":"2014-09-12T11:49:52","modified_gmt":"2014-09-12T17:49:52","slug":"on-website-passwords","status":"publish","type":"post","link":"https:\/\/minkhollow.ca\/beckerblog\/2010\/09\/05\/on-website-passwords\/","title":{"rendered":"On website passwords&#8230;.."},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Approximate Reading Time: <\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span><p><a href=\"http:\/\/www.nytimes.com\/2010\/09\/05\/business\/05digi.html?_r=1&amp;th=&amp;emc=th\">Digital Domain &#8211; A Strong Password Isn\u2019t the Strongest Security &#8211; NYTimes.com<\/a>.<\/p>\n<p>I agree with most of this. It should be MY business to choose a good password, and IT&#8217;s business to keep their system secure if I choose a bad one. It is not my job to make their job easy. I am so tired of sites that make me formulate a specific <em><strong>kind<\/strong><\/em> of password:<\/p>\n<ul>\n<li>more than <em><strong>n<\/strong><\/em> letters<\/li>\n<li>NO more than\u00a0 <em><strong>m<\/strong><\/em> letters (as if storage space for ASCII characters were at a premium)<\/li>\n<li>MUST have letters, numbers and special characters<\/li>\n<li>MUST NOT have special characters<\/li>\n<li>MUST have upper and lower case<\/li>\n<li>yadda yadda yadda<\/li>\n<\/ul>\n<p>If you have multiple accounts with multiple groups (as most people do these days) you end up needing to write these down, or relying on the &#8220;I forgot my password&#8221; link.<\/p>\n<p>Truth is, those sites that let you know the &#8220;strength&#8221; of your password as you type it in without forcing you to do anything are MUCH more likely to encourage people to create better passwords than the ones that piss people off by forcing all kinds of contortions. (See the book: <a href=\"http:\/\/www.amazon.ca\/Switch-Change-Things-When-Hard\/dp\/0307357279\/ref=sr_1_1?ie=UTF8&amp;s=books&amp;qid=1283701555&amp;sr=8-1\" target=\"_blank\">Switch<\/a>).<\/p>\n<p>IT folks take note: <em><strong>If your system is unable to protect itself against some schmuck who lets a stranger guess his password and log in<\/strong><\/em>, <em><strong>YOU SHOULD ALL BE FIRED. If your system allows ordinary users (like the aforementioned schmuck) the kind of access to your system that will permit access to sensitive system data, then YOU are not doing YOUR job right.<\/strong><\/em><\/p>\n<p>I worked at a place last year that upgraded their file system and INSISTED that everyone change their password. Not only that, they checked that new password against the old one and refused to allow me to re-use my old one. <em>As far as I&#8217;m concerned, they have NO business storing my old password and checking.<\/em> That amounts to little more than an IT power trip &#8211; they do this because they CAN, not because there is any evidence that it improves security.<\/p>\n<p>Actually when it comes to that, <em><strong>most<\/strong><\/em> of what an IT department does in the realm of security is done for one of two reasons:<\/p>\n<ol>\n<li>They CAN.<\/li>\n<li>It makes THEIR lives simpler.<\/li>\n<\/ol>\n<p>Try this game sometime: Ask your IT guy to show you the evidence (stats, reports, numbers) that what they are proposing\/requiring will actually make things more secure. They rarely can.<\/p>\n<p>Really, if you want to encourage people to create reasonably secure passwords, run a password checker from time to time, and send mail to people whose passwords are too easy to guess. If faculty don&#8217;t change their password after, say two or three warnings, then announce it &#8216;publicly&#8217; (i.e. within the faculty mail system).<\/p>\n<p>And by the way, I should be able to use ANY character on the keyboard in my password <em><strong>including<\/strong><\/em> blanks. The <em><strong>only<\/strong><\/em> exception I can think of is the &#8220;return&#8221; character, because you still need some way to mark the end of your password.<\/p>\n<div class='wp_likes' id='wp_likes_post-1089'><a class='like' href=\"javascript:wp_likes.like(1089);\" title='' ><img decoding=\"async\" src=\"http:\/\/minkhollow.ca\/beckerblog\/wp-content\/plugins\/wp-likes\/images\/like.png\" alt='' border='0'\/><\/a><span class='text'>Be the first to like.<\/span><\/p>\n<div class='like' ><a href=\"javascript:wp_likes.like(1089);\">Like<\/a><\/div>\n<div class='unlike' ><a href=\"javascript:wp_likes.unlike(1089);\">Unlike<\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Approximate Reading Time: <\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>Digital Domain &#8211; A Strong Password Isn\u2019t the Strongest Security &#8211; NYTimes.com. I agree with most of this. It should be MY business to choose a good password, and IT&#8217;s business to keep their system secure if I choose a &hellip; <a class=\"more-link\" href=\"https:\/\/minkhollow.ca\/beckerblog\/2010\/09\/05\/on-website-passwords\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[12,14],"tags":[6,175,53,163],"class_list":["post-1089","post","type-post","status-publish","format-standard","hentry","category-games","category-general","tag-computer-science","tag-doing-it-right","tag-technology","tag-user-experience"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4Hsb6-hz","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":3175,"url":"https:\/\/minkhollow.ca\/beckerblog\/2012\/11\/16\/the-gamification-of-everything\/","url_meta":{"origin":1089,"position":0},"title":"The Gamification of Everything","author":"Katrin Becker","date":"November 16, 2012","format":false,"excerpt":"I really hate that term. My fear is that it will stick though. Don't get me wrong - there are some very useful things that are being called gamification. Many of them aren't new though. There's also a lot of crap that's being labelled as gamification. I'm worried that most\u2026","rel":"","context":"In &quot;Games&quot;","block_context":{"text":"Games","link":"https:\/\/minkhollow.ca\/beckerblog\/category\/games\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":64,"url":"https:\/\/minkhollow.ca\/beckerblog\/2008\/11\/03\/how-to-avoid-the-70-hour-work-week\/","url_meta":{"origin":1089,"position":1},"title":"How to avoid the 70-hour work week.","author":"Katrin Becker","date":"November 3, 2008","format":false,"excerpt":"Warning: what follows is another rant. So here I am working at a new job. I really like the institution (for the most part). I really like the faculty (for the most part). I really like the job (for the most part). BUT (there's always one of those when a\u2026","rel":"","context":"In &quot;Educational Technology&quot;","block_context":{"text":"Educational Technology","link":"https:\/\/minkhollow.ca\/beckerblog\/category\/educational-technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2401,"url":"https:\/\/minkhollow.ca\/beckerblog\/2012\/07\/25\/whats-the-opposite-of-anthropomorphism\/","url_meta":{"origin":1089,"position":2},"title":"What&#8217;s the opposite of anthropomorphism?","author":"Katrin Becker","date":"July 25, 2012","format":false,"excerpt":"Dog Ownership and Video Games - NYTimes.com. Dog ownership is like a videogame..... The characters are unremarkable. The setting is ordinary. The action is dull. But like all games, owning a dog is about the quiet magic of doing. The love comes from the doing. Do you agree? I'm sure\u2026","rel":"","context":"In &quot;Educational Technology&quot;","block_context":{"text":"Educational Technology","link":"https:\/\/minkhollow.ca\/beckerblog\/category\/educational-technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/minkhollow.ca\/beckerblog\/wp-content\/uploads\/2012\/07\/2011-04-02_14-29-11-300x225.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1972,"url":"https:\/\/minkhollow.ca\/beckerblog\/2012\/01\/21\/interesting-take-on-gender-stereotyping-in-comic-characters\/","url_meta":{"origin":1089,"position":3},"title":"Interesting Take on Gender Stereotyping in Comic Characters","author":"Katrin Becker","date":"January 21, 2012","format":false,"excerpt":"The Avengers: Strike a\u00a0Pose! Here we have the original ad pic for the new Captain America film (note the position of the Black Widow) followed by how it might look if all the superheros were made to pose like us girls usually are. http:\/\/danhf.wordpress.com\/2011\/11\/29\/the-avengers-strike-a-pose\/ In this series, Aaron Diaz takes\u2026","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/minkhollow.ca\/beckerblog\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5305,"url":"https:\/\/minkhollow.ca\/beckerblog\/2015\/08\/21\/proteus-effect-threshold\/","url_meta":{"origin":1089,"position":4},"title":"Proteus Effect threshold?","author":"Katrin Becker","date":"August 21, 2015","format":false,"excerpt":"Put simply, the\u00a0Proteus Effect\u00a0happens when an avatar behaves in line with the stereotype suggested by the appearance of that avatar. In other words players behave in the ways the appearance of their avatar suggests they should. How realistic\u00a0does an avatar need to\u00a0be in order for the Proteus Effect to be\u2026","rel":"","context":"In &quot;Book&quot;","block_context":{"text":"Book","link":"https:\/\/minkhollow.ca\/beckerblog\/category\/book\/"},"img":{"alt_text":"ac-025","src":"https:\/\/i0.wp.com\/minkhollow.ca\/beckerblog\/wp-content\/uploads\/2015\/08\/ac-025-300x300.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2990,"url":"https:\/\/minkhollow.ca\/beckerblog\/2012\/10\/14\/theories-of-games-and-interaction-for-design-6-putting-ourselves-in-the-game\/","url_meta":{"origin":1089,"position":5},"title":"Theories of Games and Interaction for Design (6: Putting Ourselves in the Game)","author":"Katrin Becker","date":"October 14, 2012","format":false,"excerpt":"These are public postings of my writings for the first course of the Graduate Certificate Program in Serious Game Design and Research at Michigan State University. Please note: these posts are not intended as any kind of commentary on or assessment of the course I\u2019m taking, or its instructor, OR\u2026","rel":"","context":"In &quot;Computers&quot;","block_context":{"text":"Computers","link":"https:\/\/minkhollow.ca\/beckerblog\/category\/computers-2\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/minkhollow.ca\/beckerblog\/wp-content\/uploads\/2012\/10\/2011-04-05_20-06-01.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/posts\/1089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/comments?post=1089"}],"version-history":[{"count":5,"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/posts\/1089\/revisions"}],"predecessor-version":[{"id":1095,"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/posts\/1089\/revisions\/1095"}],"wp:attachment":[{"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/media?parent=1089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/categories?post=1089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/minkhollow.ca\/beckerblog\/wp-json\/wp\/v2\/tags?post=1089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}