Info Security Basics: Complex Passwords

I will soon be teaching a bunch of “Information Security Basics” courses at work, and that gave me the idea for a few blog posts.

So children, today we will learn about Complex Passwords!

Passwords – they are everywhere!Love ’em or hate ‘em, you probably use them often, if not daily. Passwords are one of the most basic types of authentication used – your basic Who You Are (user id) combined with What You Know (password).

Do your best to NOT use the same password for everything – your online banking password should not be the same as your Facebook login password. Ideally every password you use should be unique, but realistically that would be a nightmare to maintain – but do the best you can. I tend to group in terms of importance/risk:

1) High (e.g. banking) – unique, very complex passwords
2) Medium (e.g. Facebook, Twitter) – unique-ish, complex passwords
3) Low (e.g. web forums) – I have a few passwords I tend to use

Also, don’t use common words or proper names of people/pets. Common words are easily guessed using a dictionary attack, and proper names are easily guessed by doing a bit of research on people.

Most websites give you a “forgot your password?” link if you are having problems. Be careful of the standard security questions they use – the answers tend to be common things that are easily guessed or researched. You know those online quizzes and Facebook “25 things you didn’t know about me” type things? Did you know the name of my first pet was Snowball? Oddly enough that’s also one of the common security questions used when you forget your password!

Basic Rules for Complex Passwords:

• Minimum of 8 characters
• Use both upper (A to Z) and lower case (a to z) letters
• Use numbers (0 to 9)
• Use at least ONE symbol (e.g. , ! $ & % #)

One of the most common complaints about complex passwords is that they are hard to remember. A good suggestion is to use the first letters from an 8 word (or more) sentence or catch phrase, replacing some letters with numbers or symbols:

We work hard so you don’t have to” becomes WwH$ydh2

Oh, and one other thing: please don't write your password on the under side of your keyboard, or on a sticky note by your monitor, etc! That sort of thing really makes that vein in my forehead throb....

It's Like Christmas in August!

August 28th 2009 will be like Christmas...only in August... and not cold and raining...

Anyway, 2 great things happen on August 28th that I feel compelled to share with you:

1) Snow Leopard will be released, and the world will be a better place. And the best part? The OS upgrade is only $35 for a single user licence (in Canada). That is cool. I am about to phone my local Apple Reseller and pre-order a copy so I can pick it up on the way home from work on Friday.

2) The newest D&D Penny Arcade podcast begins on the 28th, and the world will be a happier place. If you haven't listened to the previous sessions, you really should. No really, go listen.

Also:
Season 3 of The Guild will be released on August 26th! You don't have to be an MMO player to enjoy The Guild, so go watch seasons 1 and 2! I command you!

Ahh, Snow Leopard, D&D PA podcast, and The Guild all in one week... all is well in my world!

I Had A Cunning Plan

But was it cunning enough to put a tail on it and call it a weasel? I think not. For you see, my plan has failed, and here is where I need your help.

The Background:
I recently canceled my cable TV subscription, I just torrent the few TV shows I like to watch. I have the media files on a USB external hard drive attached to my PC. I have a wireless home network, with the PC, PS3, XBox 360, and a MacBook laptop.

The Current Situation:
Using Windows Media Player I stream the video to both my PS3 and my XBox 360 so I can watch on my HD TV and make use of the surround sound system. This is working well. However, I had to go and want more. Why? 'Cause that's just how I roll.

What I Want:
I want many things, but to keep on topic: I would like to also stream the video to my MacBook, and attach the laptop to the TV in my bedroom. It seemed like a simple desire.

The Setup:
I stopped by my local Apple reseller Simply Computing to get a Mini-DVI to Video connector. Why didn't I go to an official Apple store you ask? Because I live in a city without one. Confession time: I have NEVER been to an Apple store. This makes me sad. But I feel closer to you all now that I have that out in the open. Thanks.
Anyway, then I went to Monoprice.com to get a couple of cables. I bought a 6 foot m/m s-video cable and a 6 foot 3.5mm stereo to RCA audio cable. I really recommend Monoprice if you need any cables - their prices are great, shipping to Canada is reasonable, and they fill the orders quickly.

The Test:
It was like Christmas. The cables arrived, I brought everything into the bedroom and set it all up. It worked! I had video and audio from the laptop through the TV. The resolution isn't spectacular, but workable. I played a DVD, laying in bed controlling the playback with the apple remote. I was ecstatic. For about an hour. I know, typical woman!

The Issue:
I can't find any software to run on the MacBook that will receive the wireless stream from my PC. I don't want to copy the files to the MacBook, I want to stream them. Quicktime doesn't seem to do it. MPlayer doesn't seem to do it. I installed Windows Medial Player for Mac, but that didn't seem to do it. And I felt dirty putting Windows software on my Mac. Sorry MacBook.
I installed TVersity on the PC and tried streaming that way. The user interface for receiving on the Mac was ugly and awkward, and when I tried testing a stream in Firefox it would open the page but won't play. I Am Sad.

So: does anyone have any suggestions / solutions? Please send help.

An email for my nephew :-)

Well Alex, you are 18 months old now and I am sure you will soon be learning to ride a bike. I have some words of wisdom for you: you will fall at least once, but do your best NOT to wipe out during morning rush hour. Drivers get annoyed at you if you lay on the road whimpering - I recommend you do as I did this morning: spring to your feet and pull your bike onto the sidewalk, and THEN realize how much the fall hurt. For drivers are in a hurry and think they are Important and will say Bad Words to you for slowing them down.

Make sure you have at least 1 friend whom you can call and wake up at 8:15am who will come and rescue you, but perhaps remind them that while you really appreciate them saving you and giving you bandages for you owies, beer will also make you feel better. I'm just saying.

Also, make sure your Mom is near enough to give you sympathy, and perhaps laugh at your stupidity for falling down - it's amazing the power moms have to make you feel better.

Love,
Auntie Bonnie

Microsoft Project Natal & Sony Motion Control

So this year at E3 both Microsoft and Sony announced full body motion controllers for their game systems. Microsoft demoed Project Natal, and Sony demoed the cleverly named Sony Motion Controller. I know, wish I had thought of that name.... Both of these systems are trying to take the Wii controller style to the next level (ick, did I really just write "to the next level"? Shoot me now...)

Let's start with Project Natal. It promises to bring hands free control to a variety of game types (eg racing, sports, etc). It gives a 1-to-1 avatar control system, so whatever movement you make, your avatar will reflect that on screen. While there is no announced release date, Microsoft has stated that Project Natal will work with all versions of the Xbox 360 (but no info on price either!)

Here is Microsoft's Project Natal commercial (from my favourite site Joystiq):

My initial thought was that this was a cleverly arranged tech demo, and at this stage would never really work as shown at E3. While I am still not entirely convinced, I have read a number of reports from people who had a chance to try the system, and they seem impressed...

Sony went in a slightly different direction with their new system - it's a controller wand you hold that works in conjunction with the PlayStation Eye camera. The wand is replaced on screen with whatever weapon or tool is appropriate. This system seems to be the middle ground between the Wii controller and Microsoft's Project Natal. The Sony system is due to be released in spring 2010.

Here is Sony's Motion Controller demo:

Both of these systems can detect 3D motion (so forwards/backwards as well as left/right). While I don't think these systems will replace traditional controllers for every game, I think they will have their place. Imagine flipping through the dashboard on your Xbox 360 by just waving your hand - shades of the interactive user interface in Minority Report!

Oh, and FYI, "demoed" just looks wrong....