Tag Password

opensesame

Michael 3 Comments

I had to change a password on one of the many password protected sites we access what seems hourly! I didn’t have to change it because it was that time whether that time is every month, every 6 months, or any time like the site feels like messing with you. I didn’t have to change it because I forgot my password. I had to change it because I kept mis-typing it. I am the king of typos! I’m lucky I can get through an entire sentence when I can actually see the letters taking shape on the screen in front of me. Hid everything behind ******************** and it’s a crapshoot if I got +#^ or +@&. Even if I see them I may not be able to tell if I have it right. But that’s a story for later – later in this post.

When I entered the “select your password” phase of reestablishing my password, the site provided me with their rules. Oddly, not all sites do that. This site, in addition to the upper and lower case letters, numbers, and special characters (why do they call them special, aren’t they the same symbols that have appeared on keyboards since the time keyboards were attached to typewriters? Can’t we just call them “symbols” or is that too symbolic?), this set of rules featured – for the first time ever, live on our stage! (sorry I got carried away – this set of rules included the querulous instruction to not end with a number. Naturally I can’t take an instruction like that and not dig deeper so I dug deeper.

Yes, it appears somebody who studies these sorts of things has determined that passwords ending in numbers are more likely to be hacked. I think maybe it has to do with something about some people’s predilection to serializing their passwords so like maybe they don’t forget them. You may have done it, or perhaps are doing it yourself. OpenSesame1, OpenSesame2, OpenSesame3, etc.  I also discovered that once very popular, opensesame has fallen way down the list of people’s password choices. Now this brings up a couple of questions. First of all, if passwords are supposed to be such closely guarded secrets, often under penalty of on-line death if revealed, how does anyone know what once was and what is no longer popular. (Many of the same sources even noted people are still out there using “password” for their passwords. -Same question fellas!) The other question I have about opensesame is why didn’t I ever think about that? What a great password! And so versatile. The user who selects opensesame or one of its variants (perhaps OpenSesame1, OpenSesame2, OpenSesame3, etc) might be an Antoine Galland fan, a lover of the Three Stooges, or trapped in the seventies singing their way to internet access with Kool and the Gang. Opportunity lost.

Anyway, back to the point of this post (yes, yes, go ahead and smirk), I can live with the odd rules, making my passwords at least 8 characters and not more than 20, using upper and lower cases, tossing in a few numbers as long as one isn’t at the end, even the inclusion of “special characters,” but can I at least see what I’m typing? It appears that the two most common methods of breaking the password code are guessing and “entry intercept” whereby a program, bug, virus, or some malevolent genie captures the keystrokes made to enter the password characters (special and otherwise) and shares them with the head virus writer, bug-programmer, or Ali Baba. So, while we’re struggling with trying to accurately enter jkwp9y%Roa&&fmMqrs!! the virus may see what we’re typing, but all we see is   ********************.

Now I ask you, is that fair?

Blog Art

Truthfully?

Michael 2 Comments
A tossed in, not given a second thought aside in my post from a couple posts ago provided the inspiration for this post with a little encouragement from Christi at Feeding On Folly, confirmed by a comment from WD Fyfe – do, or how regularly do, or why don’t people do lie on the security questions that accompanied passwords in “password controlled” sites? You know the ones, first pet’s name, first car, paternal great grandmother’s shoe size. All the things anybody with a little observation prowess can deduce from your Facebook profile.
 
My actual thought was “By the way, those security questions – does anybody lie about them? Wouldn’t that make more sense? I mean if they are the last line of defense and somebody has already cracked your 23 character upper and lower case, number and special character containing password that you change every 4 days, surely they know what street you grew up on. But I digress.” Well, the time has come to, um, er, do the opposite of digress.
 
It does seem silly when you think about it. These are the questions they ask if you have to confirm who you are if you’ve mis-entered or forgotten your password or the super secure second level site protection. Password requirements get more complex – 8 to 20 characters long, cannot be your user name, cannot be your email, cannot have been used for the last six passwords, include upper and lower case alpha characters, 2 numbers, and a special character or two, and must be changed every 60 days. But if you forget that password they will let you in if you can correctly answer the name of the city your high school is located. 
 
Christi (you remember her from the opening paragraph) suggested it would be fun making up answers and WD (he’s in that same paragraph if you’re wondering) intimated he had lied on them, so I (you remember me from, well, from here) thought, “Let’s do this!” Let’s consider the most common of these questions, Grandma’s shoe size not among them.
 
City where you were born: Obviously I can’t use the city where I was actually born. To begin with it’s too pedestrian. There are some good ritzy cities out in the world, Tokyo, Abu Dhabi, Manhattan (never New York), but the fictional ones are better. Would I want to have grown up in Emerald City? What kind of childhood would Port Charles provide? Oh, I know the perfect city to be born and raised in. Bedrock!
 
First pet: Considering I spent my childhood in Bedrock my first pet could have been Dino but he seemed loyal to Fred and Wilma and I couldn’t deprive them of that. Unless Fred and Wilma were my parents. That would be a whole different story. Pebbles could have been an older sister and I came along much later. Or perhaps she was the much younger one and I was already out of the house and/or cave by the time was playing Frisbee Rock with Bam Bam Rubble. Either would clear the way for Dino to be my first pet except that seems just too obvious. If I am to stick with Bedrock as home and the long lost child of Fred and Wilma a more secure pet answer would be the other animal living at Cobblestone Way, Baby Puss
 
Maternal grandmother’s name: This is taking over the spot formerly held by mother’s maiden name I guess because that was too easy to figure out. But because everybody knows Wilma’s mother is Pearl Slaghoople (you did know that, didn’t you?) I think it’s time to fast forward from prehistory. Think of all the famous women that have graced the world. So many choices. But there is only one that is the most secure. Anna. More specifically Anna McNeill. Most specifically Anna McNeill Whistler famously appearing in Arrangement in Grey and Black, No. 1.
 
First car: if we’re going to be making things up we might as well make one up with flair. Perhaps my first car would be a Bugatti or Alfa Romeo, a Corvette split window coupe, or maybe a Mustang like the 1968 390 GT Steve McQueen drove to fame in Bullitt. This might be my weak link, the one somebody might be able to puzzle out, the 1964 Aston Martin DB5. If they ask about a chauffeur it would have to be Bo…. But I digress. Again.
 
There are so many other questions and they keep changing them just ever so slightly but well take a stab at one more. High School Mascot: This could be the easiest answer for a hacker to hack. It wouldn’t take much personal history delving to uncover a connection to the Merry Mountainmen or the Fighting Firefighters.  So we have to be particularly suspect in our choice, one no hacker could imagine. Clearly it must be the Hapless Hackers.
 
So these are my “truthful” answers to some of the more common security questions. What would yours be?  And please, please, don’t go blabbing my answers around!
.
20200817_202633

When A Door Closes

Michael 3 Comments

This past weekend I was getting out of the car when I realized car doors don’t close right, the kind of light bulbs that last ten years don’t last ten years, and computers ask questions they have no intention of doing anything with about. I also realized these are all first world problems but, well frankly, those are the kinds of problem I most encounter.

Let’s look at those cars doors. Every other door in the (first) world either opens or closes. Most exterior and interior house doors have latches or knobs and you push them open and they stay open or fasten them closed and then stay closed. Some even have pneumatic or motorized closers that close them for you, and thus a name that has nothing to do with baseball. Refrigerator doors have those magnetic strips that run the complete inner rim of the door with the expressed purpose of making certain the door, when not opened, is indeed closed. An entire industry has been created around the process of opening and closing garage doors. The point is that most all doors in most all buildings are mostly always open or always closed unless you take steps to leave them partially opened (or, for the half empty types, partially closed).

Car doors are a different breed. Yes car doors have a latching mechanism that ensures the door remains in the closed position until you take steps to open it (a perfectly reasonable expectation of a car door when travelling down the highway at 15 miles over the posted speed limit), but only the car door has taken pains to provide the user with a position not open yet not quite closed (and a quite unreasonable position on that same highway). So often are these doors in this position that car manufacturers have taken steps to alert the driver that a door is not completely closed by means of a warning light on the dash panel. Would it not be a more reasonable resolution to take steps to make a door that closes completely? Perhaps the car makers should get together with the refrigerator makers.

Now, speaking of lights, I have this pole lamp in the corner of my living that has graced the corner of this living room, the previous living room, a family room, and a room that once had aspirations of being a den but became a nursery instead. As you can see, it’s a versatile and, at least in my opinion, an attractive light. I bought it about 15 years ago. I almost didn’t buy it. It was pricey for the time and for its type and that, I was told, was due to the light’s lamp. Lamp’s light? It has (had) a most usual bulb that looks like a miniature fluorescent tube that had the added bonus of a built in dimming mechanism. I questioned this arrangement, not to mention the price, before making the purchase. I was assured that the dimmer worked as well in the home as in the showroom, that indeed it was expensive and when it comes time to replace the bulb it too will be expensive, but that its bulb would last at least 10 years if not longer.

Well indeed it was expensive but it worked as advertised and its bulb lasted more than the claimed 10 years. I use the past tense here because after those ten and half again more years the bulb has given its all. I never found out if the replacement bulb is expensive because when I went to buy said replacement bulb I was told that “they haven’t made those for at least ten years now, but, who knows, maybe you can find something on the Internet.”

So to home I went, in my car with the now fully closed doors, fired up the old desktop computer and thought I’d check my email before beginning my what would probably be fruitless search for a miniature, dimmable, fluorescent light bulb. A message from my doctor’s hospital organization was there telling me I had a message on their server. (If they can send me a message that says I have a message why can’t they just send me the message? That may be Thursday’s post.) So I signed on to their server with my user name and super secret password and was immediately presented with a pop up window asking me if I want my browser to remember my super secret password. I suppose so I was not confused by this question I was presented with multiple choice answers. — Yes — Not Now — Never —  And as I do every time I am asked that same question entering that same site I select “Never.”

And then I wonder…we can’t even make doors that close all the way and I expect a computer to understand the concept of never.

 

Technical Resistance

Michael 8 Comments

I try to take responsibility for myself as much as I can in all aspects that I can reach. As long as I can reach them comfortably. Including my health. So when the good folks that bring me my delightful dialysis sessions announced an opportunity to “take control of your kidney health and experience better outcomes” I jumped at the chance. Who couldn’t resist better outcomes in anything you take on? Then they started throwing around words like “empowered” and “easy” in the same paragraph even. And they got me with, “Start managing your kidney care with your Portal today and gain more time to do the things you love. Register today and Thrive On” (Emphasis not even added. They’re good.) How can I not want to take advantage of gaining more time to do the things I love? I was hooked.

You just know this is going to go wrong somewhere, don’t you? Hmm.

Looking forward to actively participating in my care, I carefully filled out the many screens of information that they requested, chose my password, and awaited the confirmation email which would contain the additional instructions for completing the registration process. In just a few seconds it came, and in just a few minutes I did what I was supposed to do. In seconds again I received another email congratulating me on successfully registering for the patient portal and was presented with a link to “log in and start actively participating in your care!” (OK, that time I added the exclamation point, but I wasn’t excited about this. Wouldn’t you be?)

I clicked, eagerly awaiting the chance to participate in my care, and attempted my first official login. In went my email address, then went in my password, then the email address and password went in to wherever they go and the little circle thing started spinning and then, low and behold (words you just don’t hear much anymore) across the screen I was presented with the message “username or password invalid.” Oh, poo! No problem. In my excitedness I probably hit a wrong key so I re-entered the username which is my email address so I know that was correct, and then, this time more carefully, my password. Almost always when denied access it’s because I incorrectly enter the password which makes sense since they never show you your password (unless it happens to be ******* and you just have to remember how many *s). But no, again that didn’t work so I gave one more try and one more time I got the same frustrating message.

I selected the link on the page for technical support and sent them an email detailing my inability to log into the patient portal (and thus my unfortunate delay in participating in my care!) and sat back to await their response. A few minutes later I saw the little envelope icon pop up at the top of the screen and I anxiously opened my email to just as anxiously read their reply, get back on track, and start participating in my care. Well imagine my disappointment when I scrolled the inbox items and saw, “Undeliverable.” Instead of the anxiously awaited reply I had a message wherein the little emailman politely explained to me that my desperate plea for help could not be sent because the addressee “wasn’t found or doesn’t exist at the destination server” and I should check to make sure I entered the address correctly, contact the intended recipient by phone, or several other options that involved things like checking licenses and permissions and other things that normal non-computer savvy people (and probably some of them, too) have no idea what any of that means. Disappointment does not begin to describe what I was feeling. “ARRRGH!” OF COURSE THE DAMN ADDRESS EXISTS. ALL I DID WAS PUSH THEIR DANM BUTTON ON THEIR DAMN WEBSITE! DAMN MORONS!” I said to myself. Calmly.

Maybe it’s just a password problem and I actually mistyped when I was selecting it. It’s possible. If I can incorrectly enter a password when trying to log onto a site I can certainly mistyped the letters, characters, numbers, and case control when first selecting the password. Of course that would mean that I would have had to make the same mistake twice since, once on the first selection entry and once on the confirmation entry, but hey, it could happen. Yeah, right.

So I attempted to log on again, knowing it would reject the login information but also knowing I would be presented with the inevitable “Forgot your password?” link. So I did. And I was. And I clicked. And in a few seconds I received another email with another link to reenter my password. So I clicked. And I reentered. Carefully. Both times. The screen blanked taking all my information again to wherever the little electrons go when they discuss these things and in less than a second I got another email! This is getting exciting. Again anxiously (though not quite as anxiously as I had been earlier), I opened the email and read the message congratulating me on successfully changing my password with a new link to log on and “start participating in my care.” (No emphasis added. By this time I was getting emphatically worn out.) Again I clicked. And again I entered username AKA email address and password AKA, uhh, password. And again I got…”username or password invalid.”

Oy.

(If you read Monday’s post and are wondering if this was what I couldn’t remember…..well, the answer to that is no. But this one is such a great story I couldn’t wait to share it. That and if I did wait I knew I would have forgotten about it. But don’t worry. I still have the sticky note stuck right there on the monitor (see?) and I’ll be writing all about it next time. Unless something else comes up between now and then. But it’s OK. There’s lots of sticky on that note. It’s not going anywhere.)

(Oh and, do you think I use too many parentheses?)

 

Open Sesame

Michael Leave a comment

We’re not even certain how we got onto the discussion of passwords but sometime, somewhere over the past week we ended up asking ourselves did Ali Baba really say “Open Sesame?”

It would certainly be an easier phrase to remember than some of the strange concoctions we’ve concocted to satisfy our computer password requirements.  At He of We’s workplace, passwords must be at least 8 characters, no longer than 26 characters (really, 26) must contain at least two upper case characters, two lower case characters, one number and one symbol, must not contain any 4 letter portion of his user name or any 4 letter portion of his real name, must not have been used in the last 36 months, and must not spell out the company name.

Sometime last week somebody published some list somewhere about passwords.  Yes, we can be more specific but we don’t want to.  Partly because we aren’t sure who these people are.  They are so and so research, such and such consultants, or somebody or other institute.  They have to stay somewhat cloaked if not daggered because passwords are supposed to be secret.  How does one publish an opinion of others’ secret information? 

But we digress.  This list included the worst passwords you could use and the number one worst password of them all, Password.  Apologies to Allen Ludden.  Other bad choices include 12345 etc, iloveyou, and letmein.  Our favorite of the worst is letmein (let me in) because it sounds so plaintive and assumes computers have all the power.

Another point in favor of letmein is its historical significance.  Literarily speaking that is.  When Ali Baba followed the forty thieves to their lair he heard the leader say Open Sesame to open the door to their cave.  Open Sesame did not make it on to the list of bad passwords so either nobody is using it or it’s not such a bad password.  Maybe it’s ok because nobody understands it any better than He of We’s workplace password rules.  Why sesame?  Why not caraway? Or poppy seed?  What about basil or parsley?

One explanation is that Sesame dialectically translates with different pronunciations to differentiate friend from foe and etymologically grew up to become the Hebrew word sisma, meaning password. (Or so we’re told.  On a good day we can be confused with proper English used grammatically correct.)  And everybody knows from the mysterious institute that the last word you want to use for a password is password.

Soon you’ll be able to use a picture for your password.  Imagine those rules.  No smirking, left profile only, colors present in nature during spring in Scandinavia.  Come on now.  Are we really hiding secrets that important in our files anyway?  Open Oregano!

Now, that’s what we think. Really. How ‘bout you?