Password Tips

Password security is becoming increasingly important as individuals move more and more of their personal data into online services. In her Microsoft Small Business center article 5 tips for top-notch password security, Kim Komando offers some password best practices:

  1. Don’t be complacent: Attacks can and do happen.
  2. Know what makes for a bad password.
  3. Get proficient at creating good passwords.
  4. By all means, safeguard your password(s).
  5. Change your password(s) often-as in several times a year.

Of these, it seems many people struggle with number two, knowing what makes for a bad password. Ashlee Vance of the New York Times wrote in January 2010 about the popularity of simple passwords:

According to analysis by security firm Imperva, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

The weakest passwords are those that are short, use only letters and numbers, and are easily memorable or associated with a person’s identity. What goes into a strong password? Some tips include avoiding words found in the dictionary, replacing letters with numbers (think zero instead of the letter “o”), utilizing special characters like “!”, “$”, and “*”, and making passwords longer in order to provide protection from brute force attacks. How long is long enough? In another NYT article this past June, Randall Stross wrote:

Here’s a little quiz: Which is the stronger password? “PrXyc.N54” or “D0g!!!!!!!”?

The first one, with nine characters, is a beaut. Steve Gibson’s page says that it would take a hacker 2.43 months to go through every nine-character combination offline, at the rate of a hundred billion guesses a second. The second one, however, is 10 characters. That one extra character makes it much, much stronger: it would take 19.24 years at the hundred-billion-guesses-a-second rate. (Security researchers have established the feasibility of achieving these speeds with fairly inexpensive hardware.)

Another important consideration is how often passwords should be changed. Ms. Komando recommends changing passwords as often as every 30 days. Also, users should consider using different passwords for different services. Many times hackers are able to access a single user’s entire digital presence because they use the same username and password for all their services. Lastly, none of these measures matter if the password is known by another person!

Cloudy weather: where to store your stuff in the cloud?

My Twitter feed was abuzz (atweet?) not long ago with the new Terms of Service put forth by Dropbox, a service many of us use to store documents in the cloud (i.e., on a remote server where you can access them from any web-enabled device). Dropbox clarified their terms via a blog post, but when you are using a commercial service like this, it never hurts to look around every so often and see what your alternatives are this week – there are always new services and changes to existing ones!

So what are your options for storing your “stuff” so that you can get at it anywhere? I’m still using Dropbox, but Lifehacker has a nice review of similar services, some of which I was not familiar with: Windows Live Mesh, SpiderOak, SugarSync, and Wuala.

Two other services that I’ve been using for a while are good old Google Documents (particularly useful for collaborative work) and Amazon’s cloud drive (which will accept all sorts of files but is optimized for storing music, with its own web-based player; it works seamlessly if you purchase digital music from Amazon, though I’ve found that it is painfully slow to upload music you already own).  I have an invite for Google Music, which is still in beta, but haven’t gotten around to setting up my account yet.

All of these services are currently free at the basic level, though most of them have paid versions that offer more storage space and sometimes additional features.

Do you store files in the cloud – whether as a backup or so you can access them on-the-go? If so, what service(s) do you use, and how do you like them? Let us know in the comments!

UPDATE, 8/12/2011: Gizmodo has published a very nice review of their favorite cloud storage services. There’s lots of great information here. Read it at

Students and Tablets

The Pearson Foundation recently came out with a report that highlights the changing landscape of tablet usage among students, in both high school and college settings. The study was done to “gauge college students’ and college-bound high school seniors’ opinions about digital device ownership and purchase intent; perceptions towards tablets; tablet usage and features of interest; and preferences between digital or print formats when reading, studying and doing other school-related activities.”  The outcomes are particularly interesting for a number of reasons-while ownership of devices is still low (only 7% of the almost 1100 college students  and 4% of the 200 high school students surveyed owned tablet devices), the interest in tablets is booming. Nine out of ten of those who own tablets said the device helped them study more effectively and efficiently, and three quarters of those surveyed said they thought tablets helped students perform better in class. One of the biggest shifts, researchers note, is the way that this interest in and acceptance of mobile technology affects the use of digital textbooks. Check out the entire report!


404 Pages

404 pages are the worst. As a user, you don’t know why you can’t find what you need; as a designer, you hate that users can’t find what they need. On the IU Libraries website, there is a chat box on all 404 pages, providing the user the opportunity to immediately connect with a librarian, who can then point them in the right direction and provide further research help. However, not all 404 pages are the same-check out a collection of some of the best 404 pages (some of which include cats and Storm Troopers!).