The Orphan Wilde: Password Security

Friday, March 25, 2011

Password Security

I'm not one of those paranoid people who gives each website its own unique password, memorizes it, and then changes it weekly.

I have two basic schemes I think work well:

The first is the one I use, a security gradient; you maintain a fixed number of passwords, changed occasionally, to which you attach different security levels.

So my personal e-mail uses my medium-security password; all my online game accounts use my low-security password (oh noes smbdy stoled all my roonz/gold in diablo/lotro however will I live). My bank account uses my highest security, and the e-mail I have my bank notices sent to uses my second-to-highest security.

In practice these each have a couple of variants; I attach a number to the end of my low-security password for websites which insist I use a higher security level. (Really, people, my password choice is deliberate, I don't -care- if somebody steals the account information to a blogging site I only joined to write a comment on somebody's shit with.) I have two high security passwords after freaking out that a site just stole it. (My bank account site redirects you to a different domain if you get logged out due to inactivity, and I only noticed the domain after I typed in my username and password. I late figured out the domain was legit, and accessed by redirect every time I log in for some retarded reason, but I was freaking out for a little while there.)

The other scheme I think could work, which I've seen referenced, is to have -one- password, and to encrypt domain names using that password as a key, to constitute the passwords for those individual domains. I'm slightly reluctant to move to this because string-based encryption isn't terribly secure, and a clever site could potentially reverse-engineer what I'm doing. (Using a proper encryption key would be better, but would fuck you over if you ever lost said key.) So mixing this scheme with the first scheme would probably be ideal.

Except for sites with retarded limits on passwords. Seriously, people, can we standardize password lengths? My low security password, the shortest of my passwords, has exceeded the maximum length before. In regards to said site, wtf good is a 6 character password, and why in the fuck do you also require this absurdly short password to have punctuation, numbers, lower case letters, AND upper case letters?

Could a single unethical site - say, my bank - fuck me over?

Yes.

But as a rule, any company I use my high-security password with could fuck me over even without the password. That's why I used my best password to begin with.

No comments:

Diversions

Dwarf Fortress: This is what Minecraft utterly fails to be. You run a fortress full of sociopathic alcoholics - run in the loosest sense of the word, as they do pretty much whatever they feel like, rather than what you tell them to do. Never has water been so terrifying.

Terraria: A game available for purchase, but relatively cheaply. This is the kind of game I adore; old-fashioned graphics, modern sensibilities about content.

Kingdom of Loathing: A browser-based RPG game with more puns than is good for your health. Surprisingly deep and well designed, although I am rather irritated by the ponderous quantities of limited-time content. (The game is practically defined by limited-time content.)

Schlock Mercenary: If this link is new to you, seriously, spend an hour going through this very accessible sci-fi webcomic. No, you don't need to be a sci-fi nerd to appreciate it.

Saturday Morning Breakfast Cereal: A webcomic which has yet to stop getting better, and it started off pretty damn good.

Khan University: The cure for common education.

Comment Policy

I don't delete comments, except spam. (Except for an ancient comment I just accidentally deleted thinking I was deleting the message telling me about the comment, rather than the comment itself, an irreversible mistake I won't be repeating, and which caused me to write this. My apologies, random internet dood criticizing my approach to education.)

Vitriol is expected. If it's amusing it's encouraged, in fact. If it's directed at me, however, fair warning: I can not only sink to your level, I can kick your ass at it.

I approach blogs as forums for discussion, rather than personal journals. I do not expect anything in particular from my commentators, and everything, including off-topic rants, is perfectly fine by me.

Blogs I'm Reading Right Now

The core list I visit daily.

Coyote Blog is almost always an interesting (and usually an informative) read, and only infrequently blogs about his hobbies.

Borepatch is a no-longer-so-recent addition to my frequent reading list on account of the "I am TJIC" campaign; he's a gunblogger, primarily, but also writes interesting libertarian things. He doesn't call himself a libertarian, apparently. I'd sometimes hesitate as well.

View From The Porch you have seen before. What need I say? Libertarian gunblogger. Bit too much "gun porn" for my tastes - there are a couple of blogs with more, but Tam is near the top - but the non-gun topics are quite good of their own right.

The Volokh Conspiracy is Eugene Volokh. You've seen him before as well. Actually, there are lots of other writers there as well, but his name's on the thing. Lots of legal writing; with major cases, such as the healthcare thing, you'll get five or six different perspectives on the matter. Which can be tedious.

Aretae is one I've followed on and off via Borepatch, but have started following more closely lately; he's some flavor of libertarian/anarchist, I haven't figured out which yet. (Anarchocapitalist, possibly? I suppose I could ask him, but that'd defeat the fun of writing these descriptions.) He seems to be a longtime follower of Overcoming Bias, and I suspect I may have seen him comment there way back when, but my memory is not nearly that good. He has a most excellent description of the various lines of reasoning behind libertarianism here.

Ataraxia and the Mental Effluence is a philosophy blog on mind, meditation, and religion. Among atheists, he is, as I count such things, one of the good guys. He presents a strong case for the rather unusual notion that atheism and agnosticism are not conflicting ideologies, to give you some notion of what his blog is about.

Blogs I Sometimes Visit

Some blogs I catch up on from time to time:

Two Four is a hardcore libertarian/Objectivist - I wish he allowed comments, as I think I'd visit more often for the debates, but his blog, his rules

Captain Capitalism saved me around a hundred thousand dollars when I opted -not- to buy a new house on his advice, and whose advice on the stock market could have doubled any investment; I'm inclined to keep up with him now, even if he says ridiculous things about gender sometimes.

Abstinent Sex Blog is not work safe. (Well, his blog says so, anyways. I'm not sure I've ever seen anything on his page that warrants that, but then, I'm pretty liberal in my attitudes on sex.) He discusses life as a divorcee and an abstinent (and/but kinky) Christian.

Quizzical Pussy is not work safe. She discusses sex and gender, primarily, and I agree with her on 99% of everything in regards to this topic. Discussions are generally significantly more civil than most other places, and QP fosters an environment in which dissenters are treated with respect, which is important for some of the issues she discusses, and a refreshing change from most other gender-focused blogs.

Popehat is a semi-legal blog about, first and foremost, first amendment rights. The positions held in it are diverse, but it is a blog that has the intellectual honesty to declare somebody to be scum while defending their right to scummy free speech. The importance of this position cannot be overstated.

Munchkin Wrangler has the best gun rights post ever written, among other things. His was one of the first blogs I ever read (possibly THE first), and that post single-handedly converted me to the gun rights side of the debate. (I had been on the fence before, seeing it as a non-issue) I don't really read his blog any more - his interests have largely diverged from mine - but I feel I would be remiss in omitting an individual who had such an influence on my worldview.

Overcoming Bias - Once a community blog, I believe Hansen is the only poster now. A strongly libertarian blog on logical processes

Less Wrong - previously of Overcoming Bias - is a community blog discussing a wide range of topics. Its emphasis used to be cognitive bias, but it's become more of a speaking platform for those espousing the Singularity anymore, which sparked my own interest - and skepticism. The posts vary considerably in quality, from brilliant and insightful to petty and pretentious, but it's worth an occasional read. I visit anymore about once a month.

Random Acts of Patriotism is a self-described little-L libertarian (and gunblogger) who I recently discovered through Borepatch. (Which, for those unfamiliar with the small-l libertarian term, is a -more extreme- version of libertarianism, rather the reverse of what you'd expect, holding that the current system is likely not rehabilitatable.)

Smallest Minority is a great place for arguments; the author is on the unprincipled/pragmatic side of the libertarian token, unfortunately (and doesn't know what Objectivism actually is, if his posts on it are any indication), but he generally does great research and his posts are terrific places to find information

The Ultimate Answer to Kings is a libertarian(ish?) guy who went Galt. He writes a lot about the difficulties in homesteading, which is always interesting, to me at least. He also wrote a post on living as a libertarian which I think a lot of us libertarians are in dire need of reading, even if we are kinda-sorta winning right now, for a given value of winning.

Friday, March 25, 2011

Password Security

No comments:

Post a Comment