XKCD this week had a wonderful piece of commentary about the way we choose passwords.
Four randomly chosen common English words make for a remarkably good password. Randall Monroe's example uses a word-list about 2,000 words long (11 bits per word). The beauty of this suggestion is that you can choose any 2,000 different words you like and even assume that the attacker knows your word list and it will still have about 44 bits of randomness in. And 2 to the 44 is a pretty damn big number.
This is very similar suggestion to one made by Thomas Baekdal a few years ago that:
"this is fun" is 10 times more secure than "J4fS!2"
I'm pretty sure that's wrong, but in a slightly subtle way.
More on Simple/complicated passwords…
Tagged: Security, Technology, Social
Posted at 07:46 EDT, 12th August 2011.
I've got a little more diligent recently about using encryption where I can. In particular, several sites allow you to use an encrypted connection, but don't force it:
More on Using secure Web sites more frequently…
Tagged: Tips, Security, Technology, Web
Posted at 06:03 EDT, 28th June 2008.
I've always been quite wary of the Telephone Preference Service (and its sibling the Mail Preference Service). It makes me nervous that the do-not-spam list is held by an organisation that promotes direct marketing.
After getting more marketing calls, and this weekend a spam text message from Firezza (a local pizza firm, no link-love from here), I finally signed up for the TPS for my mobile number and our home number.
More on Telephone spam…
Tagged: Security, Business, Rants, Technology
Posted at 06:45 EDT, 19th May 2008.
It's a little thing, but if we are to have a hope of educating users to protect themselves online that reputable sites don't behave just like the fraudsters.
Here's a quick spot of fuckwittery from Harvard Business Review.
More on Harvard Business Review Fuckwittage…
Argh.
The front page of Halifax's online banking has an extravagantly stupid 'feature'.
Somehow, they have managed to publish their warnings about phishing attacks so that they look like, well, a bit of a phishing attack!
Pictures of the stupidity
I'm unsurprised at recent developments at Oxford as over-zealous proctors fine students for misbehaviour using evidence from Facebook.
I think there's some real trouble with people understanding quite what they're publishing, and to whom.
Worse than that, I think people have a false sense of security when they tag their updates as 'friends only' on sites like Twitter, Facebook and so forth.
More on Phoney privacy…
Tagged: Web, Technology, Security, Rants
Posted at 04:12 EDT, 20th July 2007.
While using my Halifax Visa card online recently, I bumped into the Verified by Visa programme.
It's a nice idea, in theory, but the implementation I saw was woeful. It was depressingly similar to a phishing attack, warmly assuring me about security by chatting about it in the Web page, while hiding the parts of my browser that can tell me that more sensibly.
Like most geeks, I try and educate my less geeky family and friends about how to behave safely with technology. Things like this make that job harder.
Update at 17:51 EDT, 21st April 2007 – Follow-up: Guardian coverage
More on 'Verified' by Visa…