trendpreneur

Passwords.

Don’t we love them?

I’m always low on inspiration when trying to think of one-time passwords for random sites. I don’t want to use the same password everywhere, but I want to be able to remember – or find – the disposable password I have chosen for a particular site.

Email is obvious but (fortunately) not that many sites actually email cleartext passwords. I generally have three choices: email myself the password, save it in firefox and hope I never reinstall, or write it down somewhere. None are perfect.

A system I started using about a year ago was to generate a one-time password based on the site itself. For obvious reasons I won’t give the exact formula I used, but a similar approach would be to take the first, third and fifth letters of the site’s name, add a meaningful number, and then capitalise the first three letters of your username there. So, Bob’s Twitter password – he’s a huge fan of the Hitch-hiker’s Guide, of course – might be tit42BOB.

However, yesterday I saw a pretty cool ruby gem that generates passwords that are way more secure than Bob’s, combining dictionary words with symbols and numbers. It’s called Haddock by Stephen Celis.

I’ve also recently started using Dropbox to sync files between the two machines I use most often, and it works like a charm. Spotted where this is going?

The horribly insecure one-off password storage hack consists of three simple steps:

• Install haddock and Dropbox
• Use haddock to generate a password for a specific site
• Store it in your Dropbox so you can access it from anywhere

The way I’ve set it up (and it’s impossible to stress how insecure this is, so who knows if I’ll actually use it!) is to have a subdirectory in my Dropbox called fish, and then a textfile which is simply named after the site in question, with the contents being the password. Thus when I revisit the site, I just need to cat the file to find my password.

Doing this involved installing Dropbox on a headless Debian box (which in turn meant upgrading to lenny, an extremely painless process that takes two lines of text despite the community’s attempts to overcomplicate things). Surprisingly this was fine, with help from the ‘Almost Text Based’ guide – Filip L’s python script worked like a charm. I fumbled about a bit, installing GNOME, and used ssh with X forwarding from my local Ubuntu install – so no need to faff about with VNC.

The Dropbox step is mostly a precaution. Because I’m hosting the fish directory on a remote server, and usually have a screen session open to it wherever I’m logged in, viewing the password files is easy enough. However, the last thing you need is to lose a pile of automatically generated passwords you haven’t a cat’s chance of remembering, so there we go. The big woolly insecurity here is, of course, how easily someone could eavesdrop the Dropbox data…

I’m not sure how to improve security here, beyond obvious things like obfuscating names and file contents, encrypting etc – all things which defeat the point of the sheer simplicity of the setup. I’d also like to store usernames, too, as that’s definitely something I rely on firefox and email for, often cycling through every username I’ve ever had on the Internet only to find that the site required a specific length and format so I made up a one-off variation.

An idea that comes to mind is storing them in a secure database (is such a thing possible) and asking a variety of questions about one’s life in order to retrieve information, though that might get old fast. For now, we have one-site passwords that are retrievable, memorable (so you don’t have to store them), and secure in and of themselves (what’s worse; a secure password in a file that might get sniffed, or a dictionary word?).

Rails always annoys me. For something that’s the Web 2.0 poster-child, highly lauded as Awesome(TM), the solution to world hunger, etc, it’s a right bloody pain in the arse to get going with. Opinion, of course, entirely my own.

It seems that, as with so many other things, once you understand what’s going on and press the right buttons, everything falls into place. You transition from ‘noob’ to part of the inner sanctum, and you forget how you got there.

I’m still in that transition. In fact I’d place myself definitely at the start of the journey. I’m cool with Ruby. Ruby’s pretty nice. It takes me a while to switch gears from Perl and Python, but I get it. It’s just Rails that makes me want to hurt things.

[...]

I’ve recently seen some good ol’ time-management (and self-management) lifehacks flowing across the wires – what is it with spring that makes people want to tighten up their personal productivity? Whatever the reason for it, I thought I’d share some time management hacks that work for me, much in the same vein as The Simple Dollar did. Everyone’s different, after all.

1. Clear your head and keep it clear

This is a GTD hack. (If you haven’t read David Allen’s book, do so.)

It’s amazing how clearly you can operate when all the fluff that’s been piling up in corners of your mind has been thoroughly cleaned out and dealt with. However, more important is stopping it from piling up again. You do not need to remember everything. Get a decent calendar system – a desk diary, Moleskine, iCal, Google Calendar, whatever – and use it. [...]

It’s Ada Lovelace Day, and along with many others, I signed a pledge to blog about a personal technology heroine today.

Picking someone to blog about was a lot harder than I had expected. I didn’t want to look at historical women who, inspiring though they are, haven’t really made an impact on my choice of career. In fact, by their gender being notable, they perpetuate the image that it’s unusual to be a woman in the technology world. They are remembered less for their deeds than their chromosomes.

[...]