Tuesday, October 18, 2011

How to create secure, easy to remember, passwords

You know you should be using secure passwords to protect your online accounts. But the rules for what constitutes a secure password makes it sound like creating and remembering one is a Herculean task that only the brainiest among us with near photographic memories could ever hope to master. But I'd like to introduce you to a fast, simple, and reliable way to create secure passwords that guarantee passwords that are almost completely unbreakable but easy to remember.

First, let's discuss what the general guidelines for a secure password are:

1. Don't use anything under 8 characters
2. Don't use the names of friends, pets, spouses, etc
3. Use a combination of numbers, special characters, and a mix of upper and lower case letters.

Following these three guidelines, you would think that the password Xcv234**%hnjdf-f433438(* is about as secure as a password can get. Surprisingly, though, I consider this password weak in a sense. While it's technically a strong password, it's not too easy to remember, is it? That means that you're likely to write it down, store it somewhere that's easy to get to, or choose a weaker password like 'fluffy35' pretty soon. So, in reality, while the password is indeed hard to break, you are the inherent weakness in its security and, thus, it's not a good password.

Now, let's look at my rules for generating a secure password and see how they compare:

1. Choose three related words that mean something to you.
2. Choose two dates that mean something to you.
2. Choose two 'special characters' that make sense to you

Now, let's see how we can construct a secure but easy to remember password using those three rules:

Three related words that mean something to you: I'm going to choose three cities where I've lived in my lifetime: Odessa, Ottawa, Lake Charles.

Two dates that mean something to you: I'll choose my year of birth and the year I moved to Ottawa: 1974, 1998.

Two special characters that make sense to me: I like the ^ character and the . so I'll use those.

Now, let's put that all together to make a secure password:


As you can see, it's long enough to be safe, isn't a dictionary word, and contains all of the required mix to make it unguessable by human or machine. For most intents, this is a very secure password and it's incredibly easy to remember.

So that's my quick tip on how to easily create a secure password. Using this formula you can mix and match any kind of meaningful information in ways that only make sense to you. The best part is it's easy to remember but impossible to guess or brute force.

What are your favorite ways to generate strong passwords?

Thursday, October 13, 2011

Being paranoid: imagining a grand encryption conspiracy

There are times when we all need to communicate securely. There are other times when that communication needs to be safe from even the most determined interloper and it's in those times that we turn to encryption. Using the right algorithm with the right passphrase and the right security measures, it's generally accepted that good encryption would take on the order of thousands to billions of centuries to break and, in some cases, trillions of centuries. Against those odds, how would any attacker ever hope to decipher secret communication?

Most experts agree that trying to find someones encryption passphrase through ordered guessing is useless. The search space is simply too massive and even our most impressive computing resources aren't generally believed to be able to process such massive amounts of data in a timely way. That's why those who are dedicated to the cause of codebreaking often use some sort of cryptanalysis where, instead of attacking the passphrase the user chose, they attack the encryption algorithm itself hoping to find flaws that would short curciut or completely eliminate the need to find the users passphrase.

But cryptographers are clever and they've developed all sorts of tricks to stop many attacks on crypto and there are a few algorithms out there that are widely considered currently unbreakable. This, of course, presents all sorts of problems for entities like governments who've dealt with strong crypto in various ways. Some have outright banned its use, some have made it a crime not to reveal your passphrase during an investigation, and others, like Sweden, have basically ignored it.

But I believe some governments may be taking a much darker approach; one that quickly makes us understand why the spy world lives by the motto "trust no one".

Imagine this scenario for a moment:

Most people, even those who are highly paranoid, have trouble with coming up with truly random, long, passphrases. The human brain simply doesn't do well with randomness and works much better in order and meaning. That's why many people use websites and programs that either generate or generate and store secure passwords for them and this is where the problem comes in.

Imagine a government dedicated to spying on its citizens faced with a large and growing subset of those citizens who use cryptography to protect their communications. They aren't doing anything 'wrong' or illegal, they just don't want to be snooped on by the government (or anyone else, for that matter). So the government goes to work, as it has many times in the past, creating a series of 'trusted identities'. These trusted identities are people on the Internet who become trustworthy. They are knowledgeable of cryptography, join and contribute to communities, rail against the 'surveillance state' that they see developing, and maybe even work on protecting privacy by creating some really good crypto software or algorithm. They become a legend in the crypto community; someone who's name is the first to come to mind when the subject comes up.

Over time, they become trusted; trusted to the point where it is almost considered sacrilegious to speak ill of them or question their intentions. WHY would they betray the community, after all? They've, by now, helped build it!

Now this person puts up a website because he knows people don't like to download and set up software and it's just easier to go to a site and get stuff done. This site generates incredibly secure passwords, does not track or identify you in any way, and even analyzes your password and gives you an idea of just how strong it is. The site is amazing, safe, and used pretty widely by the community.

At this point, most people would deem this site safe to use. But what if that site were saving a copy of every single password it generated and then sharing that with codebreakers in government or law enforcement? "Well", some would say, "that doesn't matter because they aren't tracking who the passwords are assigned to! I'm safe."


What this site has done is greatly reduce the search space for attacks. Now, anyone armed with the list of passwords the site's generated will first run through this list before resorting to brute force guessing. If the site is widely enough used, there's a fairly decent chance that the users password was generated from this site and, thus, will be on the list. The attacker doesn't need to know which password was assigned to you; it just needs to be contained in the list.

At this point 120 character long random passwords that contain numbers and letters which would normally take trillions of years to determine, can be broken in minutes or seconds. The more widely used the site is, the more likely it is that a password will be in the list.

I know some of you may think I'm being paranoid and you're right. But I have a reason behind my paranoia. History is littered with examples of government integrating itself info communities specifically to disrupt them or gain an upper hand in intelligence gathering operations. While there's no reason to suspect any current member of the cryptography community of doing this kind of action right now, there's also no reason not to suspect every single member of doing it. The truth is, we can never know and that's the constant dance those of us who want or need to protect our information constantly go through.

I believe that, as crypto gets better, we're going to see much more infiltration type attacks than we will brute force or cryptanalytic ones. Even with computing resources becoming cheaper and faster, it's also getting harder and harder to break good crypto so those who want to do it will need to find other, more efficient, ways to do it. I believe the scenerio I described above is one of those ways that will be used in the very near future if it's not already being used now.

Of course, this doesn't just apply to password generation. Fake sites around trusted identities (and keep in mind these 'identities' don't need to just be individuals, they could be organizations too) are fairly easy to set up and administer. There's little stopping a dedicated attacker from spreading their wings wide and performing a multi-pronged attack against the community and no one would ever know.

So what's the answer and how do we fix it? A first step would be to adopt the spy motto I mentioned earlier. Place no one above suspicion. Make friends, have fun, but if you have information that really needs protection, always be suspicious.

Next, stop using online password generators and storage vaults. They're ripe for abuse and you'd never know they were compromised. Instead, learn the open source tools that are available to help you protect information and use them on your own computer. Tools like GnuPG, KeepassX, TrueCrypt, LUKS, and their brethren, can go a long way in making sure that your information isn't being leaked into the wrong hands.

Last, and this has been security advice for a long time, don't use the same password anywhere. Assume every site is collecting and sharing your password with someone and that data could be used to attack you. What if you use the same long, random, passphrase for your Gmail account that you do for your cryptographic key? Wouldn't you think that your Gmail password might be one of the first passwords an attacker might try everywhere else, including your key?

Could I be completely insane? Sure. Perhaps I've been reading too many Robert Ludlum novels. But what if I'm right? What if that last email you just sent isn't protected at all even though it's encrypted?

What if?

Wednesday, October 12, 2011

Secret code could kill you

Karen Sandler knows the importance of open source software. That's why, when she was told she needed an implantable defibrillator to save her life in 2009, she immediately thought to ask 'what software runs on it and can I examine the code?"  You might think that would be a no-brainer. Why would companies prevent people who are going to put something that might kill them in their bodies, from seeing the software that controls those devices? But that's exactly the situation Sandler found herself in when she began calling defibrillator manufacturers and asking them to 'show her the code'.

The situation is not uncommon at all. No implantable medical device (IMD) manufacturers anywhere in the world make the code that runs their devices available for public view. They cite a number of reasons for that behavior from 'trade secrets' to 'liability' but it all ends up the same: you have to trust that a device that could kill you was programmed perfectly.

Of course, we know that no software is perfect and there are no perfect programmers. In fact, IMD's have killed people in the past by doing things like delivering excessive shocks to people who were not in need of them or not delivering shocks or other functions when they were.  The Software Freedom Law Center (Sandlers ex employer) even has a report about the issue and how big of a problem proprietary software on IMD's really poses.

The bottom line is this: if you are to put something in your body, do you have a right to know everything about it? Is it reasonable for manufacturers to put your life up for grabs with their flippant 'trust us, we've tested it' mentality or should you expect, and demand, more? Karen Sandler believes she knows the answers to those questions and, by the end of this video, I believe you will to.

Thursday, October 6, 2011

Creating Beauty

I've been thinking a lot over the last 24 hours about the lessons I've learned from Steve Jobs. While I didn't know him personally, my life was touched by him in the same way he touched the lives of millions of people worldwide. I didn't know Steve, but I learned valuable lessons from him and how he ran Apple. One of those lessons, and perhaps one of the most important in regards to my work, is the beauty of technology.

From the very beginning, creating technology was not enough for Steve Jobs. He didn't want average, ordinary, run of the mill hardware and software. He wanted art. He believed in the experience of technology as strongly as he believed in the functionality of it. In Jobs' world, each product released by Apple was a new painting, filled with nuances, subtleties, and things that were often there for no other reason than to delight the user. Steve was a businessman, sure, but he was also an artist who used the bits and bytes, the wires and circuit boards of his products as the canvas on which he painted his most glorious masterpieces.

As technologists, we often forget that technology can and should be 'sexy'.  Whether we operate a full-fledged company or are just some guy or girl writing code in their basement, each product we release has the potential to be our own personal Mona Lisa.

Too many times, we focus intensely on getting functionality right but completely miss the experience. 'Beautiful' is not a term you often hear in the technology space. "Innovative', 'cutting edge', ' forward thinking' are the main selling points of most new products and there's a good reason for that: the technology industry has lost the lust for beauty it once had and, to a large degree, Steve Jobs fought a 30 year battle to get that lust back.

People often complain that Apple's products are overpriced for what you get. Those people are only looking at the functionality. Apple users don't pay a premium because it's the best, most functional technology. They pay a premium because of the experience that comes with owning an Apple product. The success of Apple shows that experience matters to consumers and they're willing to pay more to be part of something special.

To a large degree, I've been like most people in the industry: I've focused on functionality and said 'who cares if it's sexy'?  But looking back on the lessons that Steve Jobs taught us, I have to admit that a lot of people care. I want to make sexy software. I want to use my brush to create beautiful, vibrant, multi-layered works of art. Anyone can create software, but an artist creates beauty.

How do you create beauty in your work?

Wednesday, October 5, 2011

Goodbye to Steve Jobs

I am not an Apple fan. I don't own a single piece of Apple hardware, have never even really seriously considered buying one, and often find some of Apple's business practices as distasteful as those of Microsoft.

No, I wasn't an Apple fan. But I was a Steve Jobs fan.

When the historians look back on our time in history, they will signal out a few people as relevant, game changers, revolutionaries, and visionaries. Steve Jobs will be one of those people. Arguably, Jobs was one of the most forward thinking and visionary CEO's in all of tech. He could make or break a new product by uttering one word:


If Jobs said your product was sexy, you knew you had a hit on your hands. You knew hoards of Apple fans would soon be lining up at your doorstep to buy from you and you knew that you had a really good product because Steve Jobs didn't utter that word unless he really believed it. He was a harsh critic but he was usually right.

I remember last year when Apple bought a music service I really liked then closed it, I emailed Steve to express my disgust. To my surprise, he emailed back. We exchanged about 10 emails before he finally said 'sorry then, don't use iTunes'.  I was pissed off but I felt good at the same time. Out of all of the people I didn't expect to respond to a customer complaint, Steve Jobs was at the top of my list. But he cared about Apple and its customers. He didn't want to see customers unhappy but he also had an acute sense of business reality and he wasn't afraid to express that.

Steve led Apple through some very tough years, saved their ass on occasion, and pushed things to incredible popularity in a way that no other corporate leader could ever have done. Even poorly designed products from Apple had a huge cult following because, largely, the Cult of Apple was really the Cult of Steve Jobs.

Today, Steve died after a brave and long battle with pancreatic cancer. It wasn't totally unexpected but it still was shocking. Though I am not a friend, family, or even associated with him as a customer, I feel as though the world - not just the tech world, has lost someone we can never replace. My heart wells up as I think of where we'd be without Steve's brash, brazen, leadership and how far we've come because of it. He will be missed. But his influence will be felt for many years to come: through the company he built to the lives he's influenced, and through the dreams he's nourished.

Steve Jobs, my hat goes off to you sir. Tonight, the only words I can think to say to you are 'thank you'. You have shown us all what 'sexy' really meant.