Hildegarde

Jane Haddam’s WordPress weblog

Griping

with 5 comments

This is not going to be a significant post.

I have been having one of those miserable weeks that come to an end with a bang, and I think I’m going to go quietly crazy.

It started, of course, with the damned car, and then it progressed.

My older son had his iPhone stolen on the bus yesterday

That would have been miserable under any circumstances, but in some ways it was less miserable than you’d think, and in others it was more.

It was less miserable than it might have been because the phone was insured and we got the number locked down before any damage had shown up on the account–Matt will have a new phone on Tuesday, and all he’ll be in for is the deductible, which is reasonable.

It was more miserable than usual because I had had my email account hacked a couple of days before, and I’d been finding it impossible to change the password.

By yesterday, I was getting furious reports from the Terms of Service people at AOL demanding to know what was going on, and then finally the account was locked down.

And still, no matter what I did, I could not seem to find a way to change the damned password.

And then it hit me–I couldn’t, because I’m not the registered account holder any more.  The LAST time this happened I had the flu, and I sent Matt onto the account to change the password and reconfigure it as his own.

That was the easiest and fastest way to get it done.

But.

Now he’s in Philadelphia, without a phone, and without access to a computer until after the long week-end.

(His laptop tanked and he’s got a gazillion techie engineer friends who are fixing it for him.)

He can’t call terms of service for me because he doesn’t have a phone.

The only way he can communicate over the long week-end is to send e-mails from his 3DS, since he does have free wireless where he is, and that works with that.

I don’t know what to say.  I thought this was going to be another case of having set up “security controls” that work only to keep me out of my own account, because I can’t remember exactly how I phrased something ten years ago and whether there were uppercase letters in it. 

That tends to happen to me at school, where they demand that I change my password every 45 days.  With school, I ‘ve taken to simply writing each password in my grade book as soon as I change it, because if I DON’T, I won’t remember what it is the next time I need it, and I’ll end up getting locked out right when I have to put in midterm grades.

It seems to me that there really ought to be some way to construct a system that would make it possible for people to remember their own password information without letting in the people who want to run spam.

Because, at the moment, THOSE people can get my passwords, but I can’t.

I’m going to go finish this tea and go to school.

Written by janeh

February 17th, 2012 at 8:29 am

Posted in Uncategorized

5 Responses to 'Griping'

Subscribe to comments with RSS or TrackBack to 'Griping'.

  1. Some tips on password construction.

    First rule, never ever use any word that can be found in any dictionary. Ever. Obviously not English, but any language that uses Roman characters is verboten, capice?

    Second, always, always, include both numbers and other characters, !@#$^&*()_+=?/{}[] etc..

    So, how do you do that?

    Well, my first recommendation is to always start the password with at least one of the characters NOT the * or a number not 69.

    This has to do with the way password cracking programs are set up to test passwords. When starting with a character people for some reason overwhelmingly use the *. So just don’t. 69 is probably self explanatory.

    Second, never use a password shorter than a minimum of 8 characters to preclude brute force attacks where every character on the keyboard is substituted for every position in the password — on any modern computer that task is trivial for passwords shorter than 8 characters.

    Next — Make up a sentence. It can be complete nonsense, so long as it is easy for YOU to remember.

    So, for example, here’s a password: #1Rauacpw

    Note, A characater, a number, an upper case letter and lower case letters — and not an actual word in any dictionary. How would you remember it? Easy:

    # 1 Rule always use a complex password

    How about this: TpUrtbo$100

    The purple Unicorn robbed the bank of $100

    Both of those examples are easy to remember, utterly meaningless and longer than 8 characters.

    For your work password, pick a phrase where the number is, well, any two digit number and then just count up by one each time you have to change it. It’ll pass any review by IT, and you’ll always know what the number is.

    michaelwfisher@cox.net

    17 Feb 12 at 12:45 pm

  2. I have encountered sone sites which only allow letters and numbers in passwords. Use special characters if they are allowed.

    I use a password manager program which remembers passwords for me.

    jd

    17 Feb 12 at 4:58 pm

  3. Welcome to the wonderful world of young adult men, Jane.

    As the father of two sons (now in their forties), I can assure you that having a phone stolen on a bus, while difficult for a primary or middle schooler to do, is easy for a young man. They don’t understand pockets as having any purpose other than somewhere in which to keep their hands warm. When reminded that pockets have other purposes, eg securing valuable and attractive items out of sight and reach of any other than the most determined robber, they will tend to make all sorts of excuses as to why it was not their fault that they didn’t use the most basic self-protective instincts that most mammalian species are born with. You know the sort of thing; “I only put it down for a second”; “my pockets were too hard to get at while I was sitting down”; “the clothes I was wearing don’t have pockets”; and so on and so forth.

    At the same age, one of my sons left an expensive camera on a seat in a McDonalds in the US. Just a few months ago, my younger (41 years old) son left an expensive Cross pen and pencil set somewhere while he was out shopping. Why did he need to have such a thing with him while simply on a routine shopping trip? Oh, he just happened to have it with him and he just put it down somewhere for a second.

    We have a fine collection of expensive designer sunglasses left at our house by various of our sons’ visiting friends over the years. (The adults have more sense than to waste good money on such bling when no name el cheapos do the job just as well.) These guys never have enough sense even to go looking in the most likely places where they might have mislaid them. They just go and buy another one and lose that just as easily.

    I was going to say not to worry because they eventually get through this phase.

    But I’m sure that most boys never do.

    Not even me. :-)

    Mique

    18 Feb 12 at 3:33 am

  4. Four PINs in regular operation. Three passwords for the company, each with its own user ID. One for e-mail, one for Amazon, one for Paypal, one for this blog. I think about six at work, but it gets complicated. Most are hard, and a few change so frequently that I’ve had to throw away the 3X5 card and start fresh. It’s the multiplicity of passwords required by the same organization I find most infuriating–and the frequency of the required updates.

    Then some nitwit from a magazine tells me I can have “free” access to online content: all I have to do is have another login and password. That’s NOT free, and I’m not buying.

    Michael’s right overall, by the way. Same thing holds for safe combinations, most of which are shockingly easy to guess–standard setting, reverse of standard setting and user’s birthday will open most safes. Throw in the number of combinations written underneath a drawer in the nearest desk, and you start to wonder why people learn to crack safes.

    robert_piepenbrink

    18 Feb 12 at 9:01 am

  5. Being a database developer, I have, of course, built my own password keeping database. I use it for all my accounts, and some of my husband’s as well. I think we’re presently at about 114 entries. We have accounts for all the usual, business & personal banking, shopping at Amazon & various online purveyors, but also accounts for file transfer, website, blogs, e-commerce, client access for remote support…it’s endless.

    When I was setting up my new website with e-commerce for my beading software, I think I signed up for 15 new accounts within the space of 2 weeks. We tend to use a pattern for our passwords… a word with numeric substitutions for several letters, then a string pertaining to the account itself, so if I do forget, it’s fairly easy for ME to guess. I have some other unguessable ones that I do use a mnemonic sentence to remember.

    And of course, the one I always remember is the password to the password database. ;) No yellow stickies here.

    Lymaree

    18 Feb 12 at 2:58 pm

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 222 access attempts in the last 7 days.