Many hat tips today. To S, C^2 and Matt, another.
- Have you noticed that companies you deal with online increasingly force you to place symbols, capitals, and numbers in your passwords — under the illusion that their nannying guarantees a password stronger than any you could possibly invent for yourself? In its own inimitable style XKCD notes the folly of that.
- Another bank closes. But not for the usual post-crash reason. Nope. Just the usual governmental reason.
- “A right to be forgotten”? There’s an interesting concept. Could it really interfere with the right to free speech?
- More village self-defense. But this time, is it justice, or …?
And two personal notes.
Because Pat asked: Nope, you didn’t miss part V of “Responsibilities of a Resident of the Police State.” I haven’t written it yet. Was hoping to get to it last week, but my brain has been overloaded lately. Think pieces are hard, and that one just hasn’t gelled yet.
I usually don’t mention such things until afterward, since the only way I can get through them is to pretend nobody’s listening. But I’m scheduled to be on Brian Wilson’s radio show tomorrow at 4:30 EDT. Brian is so cool I have no worries about the interview going well. We’re going to talk about Hardyville for 15 or 20 minutes (which also explains the book-selling post that’ll go up tomorrow morning).
There’s some good comments over on stackexchange on the xkcd thingy
http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase
For me, who has a bad case of fat finger (especially when I can’t see what I’m typing). if I was issued a four random word passphrase like “deadtacotealrefrigerator” I’d either go nuts entering in the password three times as often before it was finally accepted, or I’d adopt some other method of security. (probably password-less shared public-private keys over something stupid like pasting in the word from a unencrypted text file, but that’s just me).
I’m uploading code to our amazon instances three or four times an hour as is, and my workstation locks after 60 seconds of idle time. I key in a bunch of passwords all day long.
(for those that know what I’m talking about, we clone our images for our instances, so the salt on /etc/shadow is exactly the same across the entire enterprise)
It’s always a balance, and ratcheting down on security via sysadmin fiat can cause ordinary users to do some really insecure things.
Another good site to get more comments about the xkcd comic is http://www.explainxkcd.com
xkcd is a great comic and one of my daily reads (well M/W/F)
What irritates the daylights out of me is when some damn site or other decides, ex cathedra, that I need to change my password…usually without, oh, notifying me. After all, e-mail is so dreadfully difficult to use, isn’t it?
So I try logging in, and try and try and try. And then I have to come up with a new password, which is up to their specifications.
This sort of thing infuriates me, but I’m just as mad at the “hackers” and “script kiddies” who make it necessary with their damn password-finding software.
Eric Oppen (nice to see you again) — amen on the sites that force you to change passwords constantly. PayPal earns my undying loathing (well, maybe not undying, but …) by doing that all the time. Not only do they do that, but if you’re in the middle of trying to pay for a purchase when they decide you “need” a new login, they forget all about the purchase. You have to go back to the original site after you’ve rebuilt your PayPal account and hope the vendor saved your cart. That was particularly crazymaking back when I was on a slow, glitchy connection. But it’s totally idiotic for anything that claims to be “the world’s most loved” payment system.