How to Make Good Passwords

by Michael in ,

Note: This is a repost from last year. At the time I was using my tumblr as a single unified blog. That got a bit out of hand. My posts there didn't really fit tumblr all that well and my informal reposting of funny or entertaining things didn't mix well with the types of longer technology and media oriented posts I've always enjoyed making, and now put here. The post isn't really any less valuable than it was when I'm posting it and I've had more than one person mention it to me in the last few days. As such, I'm reposting it in its entirety here.


Everyone uses passwords pretty extensively these days. Having passwords to an ever-growing number of accounts on various systems is a by-product of functioning in today’s society. There’s no escaping it. Unfortunately, people are very bad at making good passwords.

This doesn’t seem to be a point that anyone argues. It’s more or less commonly accepted wisdom that people mostly do not make good passwords. Whether we’re looking at a serious analysis of passwords people frequently use ( or we’re joking about passwords (1995’s hilarious, and awesomely terrible, punk-hacker film “Hackers” jokes that the most common passwords are “Love,” “Sex,” “Secret,” and “God”), we know a lot of people use the same things for passwords. It shouldn’t be very difficult to understand that if many other people use the same password you do, it’s easier to compromise.

This points to the first, and most frequent, problem with most passwords people use: they are too common. By extension, too likely to be guessed. Here I’ll start making a list of requirements for a good password. We already have points one and two.

  1. A password should be unique.
  2. A password should be difficult to guess.

There’s a reason I’ve separated those two items instead of making them the same point. After all, if I have a one-of-a-kind name (let’s pretend my parents named me “Mykul.”) and use my first name as my password, it is a unique password but not one that is difficult to guess.

So far, I’m fairly sure I’m not telling anyone anything they don’t already know or haven’t already thought of at some point. To continue, let’s talk about another thing most people (myself included, until recently) do in their handling of passwords. Once a person has decided upon one, two, or three passwords, he or she tends to stop making new ones—instead using the same passwords to cover the entirety of their digital identity. Historically this might not have been a hugely immense issue, but recent events have shown how significantly times have changed.

Three recent huge data breaches have compromised immense numbers of user accounts: Gawker media (1.25 million accounts, 500,000 e-mails, 185,000 decrypted passwords), Epsilon (unknown number of e-mail addresses for customers of Walgreens, Citigroup, Best Buy, and many more large corporations), and of course the Sony PlayStation Network and followup Sony Online Entertainment breaches (~77 million accounts compromised, including any stored e-mail addresses, potentially passwords (unknown security there), possible credit card information, and real-world addresses in the former, 12,700 non-US Credit Cards in the latter). With the Gawker and Sony breaches, passwords either WERE compromised, or have the potential to have been (it’s still unclear in the Sony debacle how the passwords were stored—standard practices should make it so the passwords themselves were never stored, but I don’t recall Sony ever leading us to think they did this correctly—while they’ve certainly made statements that imply otherwise).

What this means is that you can’t use the same passwords everywhere. If one website or account doesn’t handle password security correctly and is compromised, someone suddenly has the password you use for huge portions of your life. This gives us a new point on our list of what makes a good password:

  1. A password should be unique.
  2. A password should be difficult to guess.
  3. A password should be unique to the specific account it is for, at least for every account with sensitive information.

Uh-oh. I think you see the snag we’ve just hit. We have so many accounts on the internet, at work, at school, and even on our home computers. To have unique passwords for even a large subset (the most important) of these accounts seems to be asking far too much of our human memories. It’s one thing if we’re using the same odd password for every account. Sheer frequency of use would embed it into muscle memory. When we have to think of the password for every different account to which we connect, though, the familiarity of use is gone.

Some people try to fix this by writing down their passwords. Bad idea. A large proportion of hacking isn’t even done through hugely technical means. Much of it is simple social engineering. Are you endeavoring to make things even easier for assailants by leaving your passwords lying around? You shouldn’t ever tell a person your password, nor should you have it written down. So that gives us our fourth and final requirement for a good password.

  1. A password should be unique.
  2. A password should be difficult to guess.
  3. A password should be unique to the specific account it is for, at least for every account with sensitive information.
  4. A password should be easy for its owner to remember.

Hmm. This is a pretty clear set of requirements. It also is a set of requirements that can prove difficult to reconcile. We’re now in a position where we want to make good passwords and know what defines a good password. That doesn’t mean we know how to make one. So, what’s a person to do? That’s what I’m here for.

Here are a few basic steps for making consistently good passwords that I’ll represent by walking you through me coming up with a new hypothetical password. It’s a system I’ve used for some time, recently extending it out to account for point 3 above. I came up with it on my own in my freshman year of college, but in discussions I’ve found that others have come up with the same system (or a similar one). It’s one that works and many people have independently come up with it.

Step 1: Think of a sentence you will not forget. It should be something very specific to you, but easy to remember. Make sure it has a proper noun or two in it. For my example here, I’ll go with the following sentence:

I think Christopher Nolan is the best director ever.

Simple enough, right? It’s easy to remember for me because, well, I think Christopher Nolan is the best director ever.

Step 2: Now take the first letter, respecting capitalization, of each word and place it next to the first letter of the word before it. In my example:

I think Christopher Nolan ithe best director ever.



Now we’re getting somewhere.

You might be tempted to stop there. After all, no one is going to guess “ItCNitbde” when trying to get into your account. Still, we’re going to take this a bit further (especially because many systems require numbers or symbols in order to try to force users to make more unique passwords).

Step 3: Think of a number that has some sort of significance to you. It really doesn’t matter what it is, as long as it’s something you can remember it. For my example, I’m going to use the year Christopher Nolan’s The Dark Knight (my personal favorite of his films—though I might argue Memento is his best) was released: 2008. Break the number into two parts. In this case, 20 and 08. Now put one part before the character string we have, and one after. This gives me:


This is looking promising, isn’t it?

At this point, we’ve fulfilled a few of our requirements.

  1. A password should be unique. Check
  2. A password should be difficult to guess. Check
  3. A password should be unique to the specific account it is for, at least for every account with sensitive information.
  4. A password should be easy for its owner to remember. Check. All I have to remember is the phrase and that my favorite movie came out in 2008.

Requirement 3, though, is a problem. Let’s deal with that now.

Step 4: For every account, insert a short one/two/three character string based on the name of the account either after the first numbers or before the last ones. What this means is that my passwords for the following accounts would be:

Google: 20GooItCNitbde08

Amazon: 20AmaItCNitbde08

Apple/iTunes: 20AppItCNitbde08

Yahoo: 20YahItCNitbde08

You get the idea. What this does is give you a common password system you can use across your accounts, rather than a common password, with a simple variable to change based on the website/account itself. In this situation, a single password being compromised through a system on which you have a presence will only compromise that one password. In order for someone to figure out what part of your password you’re changing from one system to the next in order to gain access to your digital identity at large, they would need to gain access to several of your passwords OR get one password and already know what system you’re using.

(You could, of course, complicate matters by changing the “Goo” or “Ama” 3-letter string to something else based on the site’s name. For instance, you could choose to hit the keys one letter before or after the first three letters of a site’s name: “Goo” would become “Fnn” and “Ama” would become “Zlz” for instance. This is probably unnecessary extra obfuscation, but it’s an option if you want it.)

You don’t have to use my exact system. The point is to have a password system that you use that fulfills all 4 requirements. Mine is just a suggestion.

So let’s review the requirements I established before:

  1. A password should be unique. Check
  2. A password should be difficult to guess. Check
  3. A password should be unique to the specific account it is for, at least for every account with sensitive information. Check
  4. A password should be easy for its owner to remember. Check

Mission Accomplished.

Why I Don't Think I'll Get the New iPad After All

by Michael in ,

The short reason: The CPU has apparently not gotten a clock speed bump--supposedly containing the same dual-core 1GHz CPU as the iPad 2 paired with a new "quad core" GPU (which doesn't mean anything significant at all) and 1GB of RAM (instead of the iPad 2's 512MB), thereby changing the combined chip's moniker from the A5 to the A5X.

That short reason doesn't tell you the whole story, though. I don't actually care that the new iPad isn't quad core. I don't care how it compares to its competitors in terms of raw CPU power. As everyone who is concerned with actually using a device should be, I am concerned with the experience of actually using the device. Apple has done an excellent job of making its operating system run much better on its hardware than most competitors have managed. It doesn't need similarly powered hardware to drive the same level (or even a superior level) of performance in areas that drive the customer experience. The iPhone 4S contains a dual-core 800MHz processor but still manages to be the most responsive phone on the market--more so than the 1.2GHz dual-core CPU in the flagship Samsung Galaxy Nexus running Ice Cream Sandwich or the numerous higher-clocked CPUs in other Android phones.

So it's not a matter of thinking the new machine won't drive a great experience. I don't care that it's not at least certainly clock speed. I do, however, care that its CPU is the same as the iPad 2's. Having the same CPU means the new iPad will be able to provide a great experience for a smaller period of time after launch than the previous iPad could.

The simple thought process is this: The only things separating performance between the new iPad and the iPad 2 are amount of RAM and the more powerful GPU. According to Apple, the new GPU in its A5X processor is twice as powerful as the one included in the A5. This won't translate very much to better performance, but rather was a necessary jump in order to support the new display (which has 4x more pixels). The speed improvement will be negligible in apps that aren't graphically intensive while many developers of graphics instensive software will have to diminish effects used in software that previously ran smoothly on the iPad 2 if they want it to run at the new iPad's native resolution. In effect, the larger resolution makes a larger performance impact for graphics instensive applications than the gains offered by the new GPU. That means, at best, the GPU won't make this iPad feel faster but will make things prettier. The RAM increase will also likely be entirely compromised by running art assets for applications using the higher resolution.

In essence, the performance of this iPad in practice should be essentially indescernible from that of the iPad 2. I happen to think that, until the new iPad, the iPad 2 was the best tablet on the market for very nearly everyone. This iPad should feel essentially exactly the same, but with LTE for faster cell access (if you use that feature) and with remarkably prettier visuals. So that means it's the new best tablet on the market. Then what's the problem?

Simple. Contrary to what many people think, I don't always buy the newest and greatest things. I used my old iPhone 3G for nearly 3.5 years before finally updating to the 4S. I spent quite a bit of money building my PC for college, but used it until it was a husk of a machine. Ditto for the 5.5+ year old white MacBook I'm hoping to replace some time this year. I spend money to get what I want, but only if I'm confident it will be a long-lived purchase.

After the 2013 iPad comes out and new software takes advantage of its increased performance, software will start to feel slow on the 2012 iPad at roughly exactly the same time it begins to feel slow on the iPad 2. The new iPad will probably be supported with software updates for longer than its predecessor, but its "feels fast" timeline essentially has the same end-date as the iPad 2, with a year-later starting point. I'm having a very hard time talking myself into that.

So, for now, it looks like I'll just deal with my original iPad until next year. If something happens to change my mind, I'll probably update here. Certainly, though, if for some reason I have to buy a new tablet this year (right...), the new iPad is the one to buy. It is definitely worth the $100 premium over the iPad 2's price. It will feel the same but look significantly nicer. Anyone in the market for their first tablet can't really do better than the new iPad. The longevity issue also doesn't matter as criticism for anyone who purchases the newest model every year. Those users aren't going to be using this year's model for long after the next one is out and won't deal with software not optimized for it.

The thing is, I have an iPad. It's nowhere near as nice, and is already losing support on some of the software out there, but it's already paid for. I also have no compulsion to buy the newest model of any yearly gadgets. So I don't feel like putting down $829 for a new product that gives me effectively 1 year less value than if I had spent that money last year. (Besides, the new one still tops out at 64GB, which has been frustratingly limiting on my original model.)

So there you have it. I still think the new one is a great product, but for someone who already has one and doesn't need the latest and greatest, it's currently a pass.

Here's to next year, which I will almost certainly pull the trigger on.

Footnote: At the end of this year, though, I will have neither the newest iPad nor the newest iPhone. But hey! A new computer and Wii U can take up the slack.

On Comment Moderation

by Michael in ,

After reading my recent post on enabling comments a friend wrote me to ask about my thoughts on comment moderation mentioning that some have had success improving drastically the quality of discussion on a given site while acknowledging a high level of effort involved.

Moderation can be a pretty touchy subject, largely because people feel the right to free speech entitles them to say whatever they want to say whenever and wherever they want.

My favorite discussion of moderation came up on Ars Technica (which seems to come up frequently to me as close to the very model of how to conduct a civil online community) this past September. If you're interested in specifics, read Editor-in-Chief Ken Fisher's announcement post.

The gist is that Ars had an ever increasing flow of low-quality, immature, and asinine commenting over the course of the previous years or so (still in my opinion much higher quality than any other major site that covers similar subjects) and wanted to fix the problem. They annonuced a few hard line rules to give offenders ("trolls"--which they defined) a 24 timeout without warning on first infringements with automatic deletions of infringing posts if especially egregious or made by a brand new account (meaning chances are high the comment was made by a person joining for the sake of irritating others). The discussion they invited members to join in on was huge, hitting 929 comments on the story (I participated heavily and the discussion got me to finally become a paid member of the site), and let the staff gauge whether this was something the community wanted or not. The end result has been an Ars where I feel all the intelligent conversation has been left intact, including plenty of heated dissent, while spam posts and ad hominem attacks have been effectively reduced to nothing.

With all that in mind, my view is that good moderation is absolutely essential if you're going to foster civil discussion. Remove normal internet "FIRST" posts. Remove posts that attack a person instead of their argument. Remove negative comments that add nothing except negativity, but do not ever remove critical posts that justify their criticism. That last point is the most difficult one. It's the line that, when crossed, means you've gone from keeping things civil to quieting criticism. The point here is that a website which wants to become a community in and of itself has the responsibility to foster that community. At Ars that has been a major point of the website since it began. If you believe your own site is one that should be a community, you must make sure the comments on your site encourage quality discussion--and quality discussion generally includes quality criticism.

Moderation of a site's comments is essential when the comments are in any substantial volume unless you want to devolve into the types of worthless or offensive nonsense you get on YouTube (reading comments on 5 or 6 popular YouTube videos is an experiment you only need to try once--you'll never forget it). If you want your site to BE a community rather than to just take part in one, though, you have to tread carefully and make sure you're not crippling the quality of that community by discouraging those with founded dissent, even if it's a bit heated, from staying.

Why I Don't Enable Comments

by Michael in ,

People who don't read the same circles of the so-called "blogosphere" I do probably have no idea there's been a raging debate of late between bloggers who enable comments on their sites and those who don't. I'm a bit late to the subject, but it's still not dead and heck--this is my website--I can write about what I want to write.

If you want a thorough run-down from a few days ago you should read Matt Gemmell's "Comments Commentary". He's the blogger who, as far as I can tell, started the whole debate in these circles and I think does a pretty fair job of representing the internet-wide conversation.

Before I get to my own additions, here are what it looks to me have been the primary arguments so far (there are more--I recommend Gemmel's post if you want to be thorough):

Pro Comments

  1. Promote discussion on your post's merits or deficiencies--many of your readers have thoughtful things to say on the subjects you post about.
  2. Not allowing comments is akin to restricting others' speech--if you don't allow them you're just standing on a soap box. Responding in their own channels doesn't give their voice a fair shake at reaching the numbers of people your post did.
  3. Some topics simply don't engender much negative commentary.
  4. Comments enable a community to arise around your blog.

Anti Comments

  1. Far too many comments don't add much. They quickly agree or vehemently disagree without much thoughtfulness or contribution to the conversation. People don't feel responsibility for things said anonymously and often end up venomous, poorly thought-out, or posted with a sense of self-righteous fury that would be calmed if the comment were to be attached to them. Even if you do, most people don't scroll down to read comments, so the conversation isn't even seen by most readers (who are your blog's customer aftter all) after the fact.
  2. You have a right to free speech, but it's not a blogger's responsibility to give you a podium on their property from which to exercise that right. As Marco Arment and Dan Benjamin put it on the latest episode of Marco's podcast (Build and Analyze #59: Premium Products), you have a right to free speech--not to an audience. Earn your audience. If you have things to say, starting your own blog is easy (I have two!) and can be done for free. Most bloggers also allow you to e-mail them or @ reply to them on twitter with your own feedback or links to your replies on your blog. Many of them will even link to thought-out responses on your own blog if they like it (but they haven't wronged you in any way if they don't).
  3. It's true that some topics don't inspire great negative emotion. If inflammatory comments aren't an issue with your topic you don't have to deal with a huge negative issue people disable comments for. For topics that engender strong opinions though--technology, computers, industries with entrenched competitiors, politics, etc. (essentially anything where people pick sides)--this is a very serious issue.
  4. If you engage people on twitter, via e-mail, and by posting to other people's blogs and adding your own comments, you're already part of a community.

There is also another "Anti" argument I've heard from John Gruber about his site, Daring Fireball: he wants to own every pixel of his site.

If I've missed anything, feel free to let me know via @Auhim on twitter, via my Contact page, or via Facebook if you know me personally. As you can easily tell from glancing at the bottom of this post, my blog is on the side of not having comments. I do completely understand that unless (let's be optimistic and say until) my blog has a large following I won't have the issue of large quantities of inane and negative comments, so that argument isn't all that significant to my site yet. Otherwise, I'm easy to get a hold of on twitter. Pretty simple.

Gemmell's post addresses most of the issue quite thoroughly. The discussion about community is where I feel I actually have something to add to this discussion. It's certainly true that community can be built at your site and your site can be better for it. That said, you can't have a community on every blog--or even most of them--on the internet. The logistics just don't work.If you bear with me for a bit, I'll explain why. I'm going to start by stating an assumption that, if false (or rather if you disagree), invalidates my entire logic train: I believe an ideal discussion community is one that encourages discussion made up of thought out arguments and responses as well as continued conversation on a subject. If you disagree on that point, you almost certainly won't believe my conclusions to be valid.

Assuming you hold stock in my aforementioned assumption, let's see where that takes us. If you feel I've made an unfair logical leap, please let me know, but I feel each step in this thought process is safe and reasonable:

  • Thoughtful discussion generally comes from those people who are interested in providing it, not from people who just want to say something for the sake of doing so.
  • Most people who want to provide thoughtful discussion want to get feedback on their own thoughts and continue the conversation.
  • Many people who are especially interested in a subject check multiple (possibly even a multitude of) blogs and websites discussing the topic.
  • For someone who takes a subject seriously and follows many different sources of discussion on that subject, putting a thorough and thoughtful post up on every, most of, or even a significant portion of the sites is discouragingly time-consuming and impractical.
  • For that person to then follow up on every thread of conversation to which he or she has contributed is even more time-consuming and impractical--even impossible in most cases.
  • When a person realizes this, consciously or unconsciously, he or she will do one of a few things:
    1. Not post comments anywhere. In this case the voice is not getting heard and is not contributing to the discussion at all.
    2. Post on several of the sites in a scattershot manner by either putting up impulse posts or copying the same argument to multiple locations without ever doing any real followup--thereby not really contributing anything meaningful to the conversation.
    3. Post on one site's (or possibly two sites') comments and participate actively there, enjoying a thorough and detailed conversation. This is the best possible outcome of these three but leads to a situation where, if you have enough blogs and sites of similar content pushing for equivalent levels of discussion, everyone who could contribute to one another's conversation is effectively segregated by site of choice--whether there is a distinct reason (personality of website and membership, for example) or not. This still limits the audience and breadth of serious discussion to discussion pools or silos.
    4. Some other behavior that is a variation of one of the three and still doesn't really contribute to the internet-wide discussion of a topic.

This can be easily illustrated by my own example of internet habits which I'm sure are similar to many others':

  • I have numerous orphaned accounts on websites for commenting (probably upwards of 50 or more over the course of the last decade and a half) which have been used only a handful of times.
  • Most of the comments I've historically made on most of the sites I have accounts on have never been followed up on by me, so I don't know if someone made a fair argument against me (or supporting me) or not. I've gotten no more educated on the matter than if I had simply read the comments I did before I threw in my own two cents.
  • A few years ago I decided to focus exclusively on commenting on Ars Technica for the things that get posted both there and elsewhere. As a result I've ended up a part of many long and thorough conversations there and frequently check the "My Threads" link in their forum to see if any thread I've commented on has been discussed further since the last time I visited.
  • I decided to choose Ars Technica as the community as my primary online community due to the personality of the coverage and the general civility of the commenters on the website: a community Ars has fostered since 90s and is a major feature of the site.
  • My feedback on Ars Technica posts is only ever read by people interested in feedback on Ars Technica posts.
  • My involvement at Ars means I don't contribute (and can't usefully) on posts on the same subjects at other sites.
  • Everything people contribute in comments on the same topics at other sites is lost to me, even if I read the other sites' articles--and even if I do read comments elsewhere and have a reasonable comment in response I'm not going to spread myself thin by having the same discussion in the comments of 3 or 4 separate articles. That would diminish my ability to give my arguments and those of others the thought they require.

While in my case I chose Ars to discuss things at, I don't discuss every subject that is posted there (though I read very nearly every article). I comment if I think I can truly contribute something to the conversation or, if the article itself merits it, I can post something lighthearted. Still, I post at Ars mostly because I enjoy the community there and can only do so as long as it is the primary internet community I participate in. My contribution would be diminished if I were to start attempting the same elsewhere. Each of these individual bloggers in the blogosphere (what a ridiculous term) probably has substantially fewer dedicated readers than a large catch-all site like Ars Technica.

If Marco Arment and John Gruber, who I assume have quite a few overlapping readers, both had comments enabled and wanted to engage community on their respective blogs--and then posted on the same subject (or even on each other's posts, which happens)--readers would participate in one or the other and many of the arguments would never bubble out of those communities. Because there would be "discussion" on each site, there would then be little reason for either blogger to then address comments in another post on the site. There are many other blogs which overlap with both of them and the argument dispersion issue increases the more blogs are shared by overlapping readers. If, instead, you view The Internet as your community and respond to your blogger of choice via twitter, e-mail, telepathically, or tin cans and string, eventually the most significant arguments float to the top--either because the bloggers to which you are responding find your well-put and well thought out argument worth presenting, because someone else does, or because you get your own sizable audience.

So I conclude: Comments as a source of community can be great if you truly want to turn your website into a place differentiated from other sites such that a sizable number of people go to it as their primary place of discussion on a particular subject (or set of subjects). If your blog or site is just one of many places that people most invested in a subject (and most likely to want to discuss it at length) will read thoughts on that subject your enabling comments doesn't truly promote quality discussion. The internet can't sustain an effectively infinite number of productive thoughtful communities with largely overlapping interests; enabling siloed comment pools on every site and blog on a given subject actually discourages well-thought out discussion and diminishes the quality of the conversation at large.

I started this blog about a week ago. I get that only a handful of people are likely to read this, and that's ok. In time I will hopefully have a sizable readership but until or unless that happens I'm writing things like this here because it's the best way to put my thoughts in one place--and there's nothing stopping me from getting feedback via The Internet.

→ Fanboy Theory

by Michael in

Fanboy Theory

Marco Arment:

If you publicly express an opinion that any particular platform is best for a significant portion of buyers, you’re effectively saying that the people who chose differently were wrong. Most people don’t like to be wrong.

And because it’s such a massive and divided market, any stated opinion will cause this reaction from a lot of people. If, for example, you say Android is best for any common set of goals, a lot of people might get upset:

Not seeing this implication requires more open-mindedness, empathy, and attentive reading ability than many people have. So no matter how much you wrap it in qualifiers or try to be constructive, a lot of people are going to be insulted if you say something good about the thing they didn’t choose — and it’ll be even worse if you say something negative about the thing they did choose.

Spot on. Thinking something is better doesn't make you a fanboy. If you can articulate well the points on which your opinion is based and can acknowledge what positive points other products have, you can still reasonably come to the conclusion that other products are inferior as a whole.