Categories
End User security

Intro & Password Pain by @LindseyAnnison

I’m grateful to Tref for leaving the corporate treadmill and embarking on this new venture.  Although he never appeared to hate, or even dislike, his day job as some others in the industry seem to (in fact, having seen him in situ in the Timico offices several times, he seemed to positively revel in it!), I am very much looking forward to his posts, especially about monetising this blog, and hence the new company. So, I would first like to say thanks for the chance to guest post and wish him the best of success.

I guess I’d better briefly introduce myself. I have campaigned for ubiquitous, affordable and, in particular, rural broadband since the mid 90s when I was trying to set up my Internet marketing business in the Yorkshire Dales.  I met Tref because he was kind enough to allow a bunch of broadbandits to invade the top floor of Timico for a colloquium a few years ago. I am currently trying to take a break from all things broadband to write more books (I have so far published six), an internet marketing course for SMEs, and to get back to my core skillset (Internet Marketing and Web PR), and my own business which keeps being put on the backburner because of the broadband shenanigans in the UK. I’m a guest/ghost blogger on many sites, copywriter, occasional ranter, and can be found on Twitter. Usually late at night.

I thought I would begin my guest posting with a tale of woe – the Absolute Pain of Passwords. Is it just me or do others have this problem too?

I have several devices – an iOS smartphone (the iThing), an Apple tablet (iThing2), a Windows laptop, a Remembering PasswordsPC (that can boot into either Ubuntu or two different versions of Windows) and a Mac Mini. That makes a total of seven separate devices. And then there are the many times I might need to use someone else’s device eg whilst travelling, when my battery is flat, cybercafe etc.

If I go to log in to, say, a social media account on one of these devices, and I cannot remember my password, then I either have to find one of the other devices that is logged into the account – which can be a pain if I am not in their location – or, and this is where the nightmare begins, hit “Forgot password”.

This action then kickstarts a chain reaction of marginal chaos.

I do not use the same password for anything and I regularly change all my passwords. Over 20 years, my passwords have gone from a simple word that fit the minimum required by any site in the 1990s, to being, shall we say, a little more convoluted. And they do not follow a pattern per se. Whilst I have a fairly good memory for alphanumerics, there are times when it fails me entirely. (Especially mornings, when my brain simply does not operate at full whack.)

Say I click on the email sent to help me set up a new password. Sometimes, this allows me to set up a new password there and then. At others, it autogenerates a totally random string which I then will need to change once inside the app or service.  The latter often creates further problems for me.

The most likely scenario is that I was trying to log in because I had a task to complete – perhaps answer in a forum, send a tweet, edit a WordPress site for a client etc. If I do not have time to alter the random, site generated password, each time I return I will need to seek out the link in the email to find it again, and at some point make the time to alter the password to something more memorable. And yes, whilst it may only take a few seconds, sometimes even those seem scarce.

In the first instance (set up a new password now), I have just created yet another new password to add to my memory bank. I seem to be creating more and more passwords each day now for new apps and online services. And if I am multi-tasking or busy (or it is before 12pm),the likelihood of me remembering the password for next time reduces. Not only that, but now the password for that account on every other device is wrong. So, each time I attempt to access that account on another device, I need to recall the new password.

Now, the solution might be to only have a single device. After all, smartphones ought to be sufficient but they quite simply are not.  I need a device I can take with me (tablet or laptop) as well as a machine that allows me to test on different OS. And has a decent keyboard. So, the one device solution is out.

I could create all my passwords to a system or pattern. But that would be pretty pointless because if someone discovered that pattern, everything is vulnerable. Unless it was really complex. In which case, even I may struggle to decode my own passwords when amnesia kicks in!

Does anyone have an answer to my dilemma please? How do others cope?

Lindsey Annison

By Lindsey Annison

JFDI Internet marketer, author, Fibre To The Home and rural broadband campaigner, idea merchant

11 replies on “Intro & Password Pain by @LindseyAnnison”

It all depends how secure you need to be. It’s a different issue for me than it is the prime minister.

If you have multiple complex login details which are strong against dictionary attacks it might not be a bad idea to write them down in your organiser/diary. Or perhaps a .txt file in your Google drive docs / Dropbox.

One is vulnerable to being physically found, left in the street or at a cafe, while the other is susceptible to being discovered after losing a device, or to someone who’s gained entry to your cloud documents.

The main thing to bear in mind is that simple word-based passwords with an odd number here and there can be very easy to crack and if you only have one password across all accounts it only takes one to be compromised and they’re all in trouble by association!

I’ve often contemplated an encrypted file to hold passwords sitting on a public server with the private key kept on a fingerprint secured USB or something along those lines. A file on Google Drive or the like would be an option I guess, as most approaches need you to remember one password to get at the others. Something with a password recovery system using SMS has an appeal.

It’s a mess, perhaps two factor biometrics on every device are the way ahead.

1Password works a treat and syncs across Windows, OSX, iOS and any number of devices via Dropbox. It will generate passwords for you and find and log into URLS on one click. All you have to remember is one very good master password. Try it…

OK, thanks for the suggestions. I am starting with iPassword as two of you mentioned that! I am against writing anything down as my paperless office isn’t and the chance of finding the relevant dead tree again is minimal!

I like the idea of my private key being kept on me, but dread the day this leads to implants or similar and someone chopping my arm off to get at my bank details – fat lot of good that will do them, but it could inconvenience me!

Cheers for the image, Chris 😉

EDIT: I would have started with iPassword, except it says this on iTunes:

iPassword – easy to use application to generate and restore generated passwords. iPassword use strong SHA-256 encryption algorithm designed by National Security Agency, USA.

Talk about a turn off!

I can recommend LastPass. I have used it for some time now to manage my passwords. All are not known by me. LastPass also allows use of Google Authenticator to 2FA can be used too.

Lindsey,

It appears you have been duped by an impostor. This is a growing problem on the App Store, and we’ve been in contact with Apple about this.

To be sure you are getting the correct app, you can use the links on our website: https://agilebits.com

The product is called “1Password” (as in: the only *one* you need to remember once you store all your data securely in 1Password). It is a play on Apple’s product-naming prefix. 🙂

If you are interested in the technical details of our data format, you may want to check out our blog post “You have secrets; we don’t. Why our data format is public”:

http://blog.agilebits.com/2013/03/06/you-have-secrets-we-dont-why-our-data-format-is-public/

Links to the technical documents are in the second paragraph there. You may also want to read “1Password and The Crypto Wars” which addresses what I surmise to be your concern with that other app:

http://blog.agilebits.com/2013/09/06/1password-and-the-crypto-wars/

Of course, if you have any other questions or concerns, please don’t hesitate t get in touch. I’ll do my best to monitor the comments here, but we are always available via email:

support@ agilebits .com

Cheers!

Khad Young, AgileBits

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.