Following up on my last post, I want to note that there is some merit to the classical argument against writing your password down. If Alice’s password is posted under her keyboard, you have an auditing problem, because you can’t be sure that Bob—who works in the office and is also a legitimate authorized user with his own network account—hasn’t logged on to Alice’s account and done things in her name. If Alice writes her password down and puts it in her wallet rather than under the keyboard, though, there’s nothing wrong with that, which is what I was getting at.
Guide: How To Securely Manage Strong Passwords
On June - 11 - 2009
Think fast: How many passwords do you have?
A lot? Surely you have many systems that you log in to, but perhaps you’ve taken to using a particular password on multiple sites, to avoid confusion and the hassles that go with forgetting a password.
Maybe you even use the same password to log into your computer, to log into YouTube, and to log into your online banking site. It’s just easier that way—I hear that sentiment loud and clear.
How strong is that password? Realize that if an attacker somewhere on the internet cracks your YouTube password, even though you may not care about YouTube they have now also gained access to your finances if you use the same password for your bank!
Unfortunately, we’re stuck with an online world in which a variety of destinations, tools, and services use only username/password authentication. As we rely more and more on these services and the risk as well as the potential damage of identity theft rise, it becomes ever more critical to have strong, unique passwords and protect them carefully. What I’d like to do here is explain my approach to password management and how you can have a set of exceptionally strong and unique passwords for everything you log into, without ever worrying about forgetting them.
Step-by-step guide after the jump!
Busted By Last.fm? Tough.
On February - 20 - 2009
UPDATE: Well, it looks like this never actually happened—Last.fm’s people are calling bullshit, claiming that TechCrunch made the whole thing up, and, in accordance with their privacy policy, do not give out personally identifiable information to third parties under any circumstance. Heartening to hear, my point still stands though. In principle I laud Last.fm’s stance on privacy, but if they were to breach it in the specific situation described below, I wouldn’t care to hear the illegal downloaders crying about it.
So there’s a new U2 album coming out. I personally couldn’t care less, but a lot of people are still into this band and are anticipating its March 3 street date. As is par for the course these days, the album has been leaked onto BitTorrent and downloaded many, many times. Naturally, the RIAA is sticking with its usual response of attacking its customers. Tired of simply hiring third parties to troll BitTorrent looking for offenders, the RIAA had a novel idea: ask Last.fm who among their members has been listening to the new tracks. Last.fm said sure, here’s the list.
And people are upset about this.
There seems to be some kind of confusion here, so allow me to clarify. Last.fm is a social networking site. The entire point and purpose is to get new music recommendations by sharing your listening habits with the universe. It’s not hard to disable the scrobbler. Hell, even if you forgot and realized later that you shouldn’t have scrobbled the tracks, you can permanently delete any track from your listening history with just a couple of clicks.
You can piss and moan about personally identifiable information which is normally hidden being handed over. You can decry the RIAA even seeking such information in the first place for a failed, destructive strategy of suing their customers. Both are valid points on their own. But when the only possible way for the new U2 album to be on your profile is if:
- you obtained it illegally; and
- you allowed it to be scrobbled,
all your arguments are completely undermined.
If you illegally downloaded No Line On The Horizon and scrobbled it to Last.fm, you deserved to get caught. Sorry.
