Archive

Posts Tagged ‘Security’

Are Some Sites’ Passwords Requirements Getting Too Ridiculous?

January 10, 2012 6 comments

Password Entry via Microsoft Office MP900390550

I have recently decided that I would like to further my education and increase my value to any employer. As such, I have been looking at continuing education programs from some Ontario Colleges* and in order to apply to any college you have to go through the centralized ontariocolleges.ca a site which you can use to to apply to all of Ontario’s colleges and makes the whole process streamlined.

*Side note for American readers: In Canada people who go for their B.A. go to university and a college is a place for further education after high school and a training institution that awards trade qualifications. Info via Wikipedia entry ‘College’

While signing up for an account on the site I was confronted with this as the password requirements:

OntarioColleges.CA password requirments

  • Minimum 8 Characters
  • Uppercase Letters
  • Lowercase Letters
  • Numbers
  • Symbols (e.g. @, #, $)
  • Passwords as entered match each other (you have to enter it twice to confirm)

As I sat there making up a password I thought to myself “Isn’t this a little bit ridiculous already? I mean I get it that a lot of private and personal information is going in to these accounts but quite frankly my bank has less requirements for how I make my password to get into my online account than this website does. I mean, there is a point of diminishing returns for passwords where we are more and more likely to forget them because they have become so complex that we have to write them down somewhere and then what was the point of these long intricate passwords?

I get it that brute force hacking means that the hacking computer is more likely to get the password the more complex it is and complexity is arrived at by adding more characters which makes it exponentially harder to guess the password but the addition of the extra characters into the mix just makes it all the harder for us as humans to remember the password. Beyond that, I promise that a large number of us, me included, end up just telling our computers to remember the passwords for us. If we don’t do that, we write down these insanely complex passwords and if someone is really that dedicated to getting my password don’t you think they’re likely to just try and break into our houses where we’ve written these bewilderingly difficult and complex passwords down because there’s no way we are ever remembering them?

I am fine with setting up a 15 character password. I can do that and remember it with certain mnemonic devices – maybe I’ll teach you my favorite one in a later post – but for me the capitalization aspect is what kills me. At the very least sites that require such intricately constructed passwords could give us all a hint, specifically listing the password requirements below the entry dialogue, and then I won’t be so likely to hit the “Forgot Password” button on a regular basis whenever I visit the site. The funny thing is, I find the sites that require these specifically formatted passwords are always the ones I barely ever use and am more likely to hit the “Forgot Password” button whenever I visit.

Maybe it is time we move to fingerprint or retina scanning on our computers? Maybe Google/Android can share their facial recognition technology with all of these sites so they can make all of our lives way easier…everyone has a webcam nowadays anyway, right? What do you think?

Password image via Microsoft Office.

Advertisements

Should Technology Be Leaving Seniors Behind?

November 5, 2011 6 comments

New credit cards, as I am sure many of you have noticed, have done away with signing to approve your transaction. These days we all have credit cards with the chips where you have a PIN (Personal Identification Number) instead of signing a slip to approve the transaction. For most of us who are used to having debit cards this isn’t such a big shift from the norm but for senior citizens it is a completely different story. A lot of senior citizens have never used an ATM or had a debit card because they are used to just going to the teller when they need money. As well, many senior citizens – in my experience – are not really ones for learning new ways to do things.

Is it fair for us as a society to just leave our elderly citizens in the dust? I have heard of different senior citizens who because technology is advancing beyond their knowledge are being left behind and essentially can’t function by themselves. I am not, of course, talking about people who are losing their full mental faculties due to the ravages of age. I am talking about people who have lived successful and full lives and are still very independent and if all things remained the same they wouldn’t have any issues living without help from anyone.

I was raised to believe we should respect our elders but are we as a society respecting our elders? I completely understand the reason why credit cards have moved towards the chip and PIN technology, it is because of security. The problem is, again, that we might be leaving certain sectors of society behind and I just have to wonder, is that OK? What do you think?

Facebook Adds Password Recovery Via ‘Trusted Friends’ Option

October 19, 2011 11 comments

I have no idea how long this option has existed within Facebook. All I know is that I completely randomly found it earlier today when I was going through some security features in Facebook.* What I found was very much akin – in my mind – to the post I wrote a little while back about setting a friend’s email address as your recovery email address and likening it to a spare house key. (See: “Is Your Recovery Email Address The Spare House Key You Leave With A Friend?”)

*In case you don’t know how to get to these pages they are the Facebook Account Settings page and the Facebook Security Settings page and both of those are direct links which should take you to them if you are logged in to Facebook in your browser already. 

Basically, Facebook has started an option to choose 5 Facebook friends who you consider ‘Trusted Friends’ and if you ever have issues getting into your account and can’t access your recovery email address, for whatever reason, Facebook will send each of your trusted friends a security code. Then, all you need to do is get in touch with your friends and collect the codes. In order to set the whole thing up you have to choose between 3 to 5 Trusted Friends, although Facebook recommends choosing the full 5. Once you need to recover your password Facebook will, I assume, email/message all 5 of your Trusted Friends a code. You only need to get 3 out of the 5 codes sent to your various Trusted Friends in order to get access to your account back. A full description of the service is available on the “Opt-in Security Features” area in the “Facebook Help Center”.

I, of course, decided to opt right in as soon as I saw this option and set it up immediately. My main question is why hasn’t Facebook been pushing users to set this up as soon as they logged in to Facebook the day it was implemented? I can’t even find any mention of the option on the Facebook Blog even though I did a very specific search for “trusted friends” and also manually went through a a few pages of blog posts which took me all the way back to October 14, 2010.

Facebook requires you to re-enter your password before it will let you set up your 5 Trusted Friends.

When you first go to edit the Trusted Friends list, Read more…

7 Reasons To Use Your Cell Phone To Avoid Malware/Viruses To Which Your PC May Be Susceptible

August 15, 2011 3 comments

Yup, it is true. Your smartphone is often a more secure and lower risk place than your PC is when you are worried about the malicious software that is out there. As well, your tablet – most of which use a mobile/smartphone OS (OS = Operating System) – is in the same boat as your smartphone for this discussion.

Got an email that looks spammy and have a smartphone? Check that email on your smartphone before opening it on your PC.

Going to do online banking? Your better off doing it on your phone – especially if it is a BlackBerry which has an extra layer of security in its very connection.

Why do I say this? Well there’s a number of reasons: Read more…

%d bloggers like this: