Tuesday, September 20, 2005
(timesuck) gone are the days when security required only a blue blanket
("weblog" is rated as a Good password)
If you use gmail, you can go to the page on Google Accounts used to set your password, and it has this feature where it will rate the strength of your password as you enter it. Start experimenting with this and you will learn things like: "jeremy" is rated Fair, whereas "jeremyfreese" is rated Strong. "gmailpasswor" is rated Strong, but "gmailpassword" is Fair. "123456" is Weak, but "123456abc" is Good, and "123456abcdef" is Strong. Meanwhile, days go by.
On the general topic of security, I still don't realy get why somebody who steals my debit Mastercard can spend up to $3000 by forging my signature--which of course is right there on the back for them to see--but can only spend/withdraw $1000 if they know my 4-digit PIN. Beyond that, however, is my discovery that Harvard takes their voicemail sufficiently seriously that your PIN has to be at least 7 digits rather than just 4. (As for the Harvard computer system, none of the abovementioned Strong passwords are good enough for them, as I believe their passwords require you to use both letters and numbers AND uppercase and lowercase characters.)