It's not hard to remember a different, strong password for every website

in , , , , , - on 6:27 AM - 1 comment
Let's take it as a given that it's a good idea to have a long password with upper case, lower case, numerals and special characters. Let's take it as a given that it's a good idea to have a different password for every website, and the main reason people don't is because it's very difficult to keep track of them all, and too much mental effort every time you need to sign in.

Your choices are:

  1. Use the same password for every site and hope nobody hacks it, and then uses it on all your other websites.
  2. Use a password wallet service and hope they never get hacked (NOT a given!), or nobody finds out the one password you use to sign in to it. 
  3. Find a way to have a different password for every site.

I choose #3. You don't need to memorize 500 passwords; you need to memorize one set of rules that allows you to easily mentally calculate your password each time. Here is one example; I use one just like it, except totally different.

1. Memorize a list corresponding to letters of the alphabet

This may seem daunting, but it's surprisingly easy. Within a week, you're able to recall them instantly with no problem; it would be hard to remember 26 random words, but alphabetizing them fools the brain into giving them structure, and structure is easy to memorize.

Our example:
aardvark, bear, camel, duck, elephant, fox, giraffe, hamster, etc...

2. Transform them so they are not complete words

xkcd notwithstanding, it's not a good idea to use complete words, because one hacking strategy is dictionary-based. There are many ways you could transform them, swap out some letters for others, remove all vowels, truncate them to the second vowel; in our case, we'll just take the first three letters so it's easy to follow.

aar, bea, cam, duc, ele, fox, gir, ham...

3. Replace letters in the target website

Use a non-obvious pattern. In this case, we'll take the first four letters of the website, but in reverse order. Our example website will be cabernet.com (it doens't exist... yet), so the letters are e-b-a-c and our code is now:

elebeaaarcam

4. Add some rules for capitalization, numbers and special characters.

The sky's the limit here, we already have a pretty good password, so you can limit the complexity of these rules so they're easy to implement quickly. For our example, we'll:

  1. capitalize the first and last consonant
  2. right in the middle, add 858 if the website ends in .com, 636 for any other TLD (I just took the easily remembered 747 and shifted it up or down a digit)
  3. at the end of the word, add %$# (that's the special characters above 543) if the website name begins with a vowel, #$% (the same, reversed) if it begins with a consonant.
So our example is now:

eLebea858arcaM#$%

This scores 100% on passwordstrength.com, and most importantly, if a hacker finds it out due to a vulnerability on a website you're signed up for, and over which you have no control, they don't now have all your passwords or an easy way of figuring them out.

This is a bit of mental effort, traded for a lot of security. And it's a lot less mental effort than it seems; the human brain is really good at remembering and implementing repetitive rules. My algorithm is somewhat more complicated than this example, and I never have to hesitate more than a second or two, and I always gets it right.


Read more
Labels: , , , , ,

The Meaning of The Game of Life

in , - on 6:05 AM - No comments

When it was family board game night in the '70s, I always picked The Game of Life or Careers (or sometimes Masterpiece ... I was a weird kid), not Uno or Aggravation. I guess I liked the complexity; I even found Monopoly too predictable (it's a Markov chain, after all). My love of complexity was given a mainline overdose in 1979 when my dad became the first person in our town to own a home computer, a Texas Instruments TI-99/4 with a whopping 4K of RAM. (That's 1/16 as much as a Commodore 64.) He also had a subscription to a programming magazine, so every month I would read through mostly incomprehensible (to me) lines of badly-typset BASIC (a different dialect than TI BASIC, which caused me no end of grief), and occasionally laboriously type some in. There was Eliza the automated psychotherapist, the Lissajous fractal generator ... and Conway's Game of Life.

In 1970, British mathematician John Conway invented a set of rules for cellular automata that would allow you to start off with any combination of black and white squares on a grid like a chessboard and by applying three simple rules determine whether in the next turn a square would stay the same or change colour. Since computer time was too precious to be wasted on mere experimentation, Conway designed Life with pen and paper and only computerized it when he knew he would get a passable result. And what a result! While most cellular automata (a concept invented as a side project by scientists working on nuclear bombs) until then had been uninteresting, quickly gravitating to all black or all white squares, Conway's developed long, sometimes extremely stable cycles, with some shapes persisting, some cycling, some even spawning other shapes, looking like birds or stars or spaceships or even cells... it was a perfect storm of mathematics, armchair philosophy and whimsy at a time when computing was just starting to be able to accommodate all three.

There are many websites (and a humungous wiki with hundreds of named patterns) devoted to The Game of Life, but it seems to have lost its place in the geek imagination over the last ten years or so: most of these sites use Java applets that are routinely disallowed by modern browsers. To see Life in action, you pretty much are now stuck with Animated GIFs or downloadable freeware. Life is the first computer program I actually understood. I typed it into my poor overworked computer (it got so hot I actually burned my elbow once), and when it ran, the 7 or 8 second pause for recalculation between iterations didn't bother me. (At the time, everyone compared computer pauses to how long it would take a human to do with a slide rule and graph paper, so it was miraculous.) Then in the next issue, there was a revised code of the same program that ran over twice as fast by holding only three lines in memory at a time instead of the entire array. My mind was blown and I sat down with a pencil for hours and marked up the code to understand why this was so.

Then I gave up coding for 30 years to study opera and work in underground journalism, but that's another story.

(I've come full circle with keyboards, however: I now use the first chicklet keyboard I've had since 1979. Oh, and in the meantime Steven Wolfram claims to have reinvented science (or something, I only understand about 5% of it) using cellular automata with catchy names like Rule 90, not to be confused with Rule 34... don't worry, the link is safe for work).

To celebrate The Game of Life, I've rewritten some BASIC code using Joshua Bell's terrific javascript emulator (he was kind enough to help me implement it, since my BASIC is way better than my javascript). Enjoy, and marvel at what passed for computer graphics when Jimmy Carter was president. If you're a programmer, feel free to look at the code and smirk at the LET syntax, lack of ELSE statements and highly vulnerable GOTOs (I wrote so many infinite loops it was practically my breakfast cereal ... unlike Mikey, who preferred Life).

Note: Blogger seems a little finicky (and/or I'm a little incompetent) when it comes to displaying javascript. If you don't see a big black box above this sentence, click here or here. But not here or here. And definitely don't click here.
Read more
Labels: ,