Replay: Living post-password

With a couple edits, one of the things I’ve learned in 2014 is that passwords are evil. Learn how to overcome the inherent problems of passwords.

[Editor’s note: The below post, “Living post-password”, was originally posted on this blog on 2 April 2013. It’s been reposted below with several updates and new insights as part of this blog’s ‘Marching Toward 2014’ series of posts.]

passwordPasswords and passphrases. I (still) hate them.

Yes, I used the ‘h’ word. Passwords and passphrases give people the illusion of safety and security when they are one of the easiest things to crack. I cringe when I come across major banks whose login mechanisms are weaker than, say, Facebook’s mechanisms.

I’ll admit that the inspiration for this post came in November 2012 after reading the story of Mat Honan in WIRED Magazine. The article’s linked but I’ll summarize: Mr. Honan had his entire digital life wiped away because a hacker could defeat his email account password.

Do I have your attention? Good. Because for the next few paragraphs, I’ll showcase some alternatives and addition to passwords and some questions that you need to ask yourself about your own computing practices. Continue reading “Replay: Living post-password”

Computing in 2013: Things I’ve Learned

The world of computers and computing has changed drastically in 2013. What we thought we knew about safe computing has changed: here’s what I’ve learned.

marching toward 2014The world of computers and computing has changed drastically in 2013.  From leaked documents showing how broad a net our Federal government has cast when it comes to observing its citizens’ private communications to high-profile password leaks, what we thought we knew about safe computing has changed.  I’ve learned a lot in 2013 and here are my top five lessons:

1. Passwords are inherently evil. I really don’t like passwords.  They provide a false sense of security to users because they’re used inappropriately and in an unsafe manner.  One of the more popular posts that I wrote this year (and I’ll repost in the coming days) is on why I don’t like passwords and some things to offset the inherent security flaws of passwords.  We’ve read stories in 2013 of major corporations having their password files hacked and distributed to the Internet.  Last year, we even read the tale of WIRED editor Mat Honan having his entire digital life wiped away because of his unsafe use of passwords.

2. You cannot have too much encryption. With documents surfacing that shows how our own Federal government spies on its citizens, we’ve learned that encryption should be used on a wider scale.  We read stories in 2013 of how Dropbox, the popular cloud file storage and sharing service, has been hacked and documents leaked to the cloud.  As free public wireless Internet access points become the norm in places like coffee shops, libraries, restaurants, stadia, airports, and hotels, we should start to heed warnings about how to take charge of what information we share online and when we do it.

3. Backup, backup, backup! Just as you can’t have too much encryption, you can never have enough backups of your data.  My main computer is a MacBook Pro and I have a Mac mini that’s set up as a central server for file shares, iTunes, and Time Machine.  Attached to that Mac mini is an external RAID array for keeping irreplaceable files like my lifelong photo album backed up.  And that is backed up to the cloud.  Paranoia?  Perhaps.  But when it comes to the digital world, one cannot backup their data enough.

4. When it comes to network and systems design, simplicity is key. In the previous academic year (2012-2013), I served as the head of IT for a downtown Phoenix charter school and started to lead that school’s efforts to moving toward a one-to-one system (in which each student has or has access to their own computer or tablet computer).  There were a lot of things that had to be done before the school could get to that point and I determined that we needed to standardize on a few things to make management (the IT department chair’s job) easier.  By simplifying things, we were able to make the computing experience that much better.  As I redesign my home computer network, I’m needing to remind myself that it doesn’t need dozens of complex moving parts, just something that works and can be easily centralized and managed.

"Amsterdam Commute" by stephenrwalli/Flickr (CC BY-SA 2.0)5. The best computer is the one that’s with you. In April, I wrote a post about balancing computing necessities with commuting realities.  My MacBook rarely leaves the house; if I’m taking Phoenix’s streets on bicycle, then it will not be coming with me.  My iPad is the machine that I usually bring with me; as it is constantly in sync with the various cloud services I use, I know that it has a current copy of my data.  In some instances, I’ll bring with my XT2, a tablet PC I acquired as a cheap PC when I need to do more things than my iPad can do.  Sometimes, I’ll even leave the iPad at home and just go from my iPhone.  That’s traveling lean.

Living post-password

Passwords are a façade of Internet security. Learn how to live post-password.

passwordPasswords and passphrases. I hate them.

Yes, I used the ‘h’ word. Passwords and passphrases give people the illusion of safety and security when they are one of the easiest things to crack. I cringe when I come across major banks whose login mechanisms are weaker than, say, Facebook’s mechanisms.

I’ll admit that the inspiration for this post came back in November after reading the story of Mat Honan in WIRED Magazine. The article’s linked but I’ll summarize: Mr. Honan had his entire digital life wiped away because a hacker could defeat his email account password.

Do I have your attention? Good. Because for the next few paragraphs, I’ll showcase some alternatives and addition to passwords and some questions that you need to ask yourself about your own computing practices. Continue reading “Living post-password”