Any misspelled words or grammatical errors on this site are provided only for effect. Views expressed here are strictly those of the author, as opposed to being from his pet iguana. We reserve the right to add new letters to the alphabet or alter the time-space continuum as we see fit. Your presence at this site is a complicit agreement to these conditions.

Saturday, August 28, 2010

Of Passwords and That's All

The objective of a password is to keep a person from getting into their own account, I mean a hacker from getting into that account. The password generally needs to be six or eight characters, mixing in numbers, symbols, capital letters, and assorted cooking implements — in order to thwart the dastardly perpetrator (starring Hugh Beaumont). This highly intricate process keeps the good people out, I mean the bad people out, and then provides a backup means of verification should any of the good people decide to go over to the bad side.

Alas, the password keeper’s dilemma: Make a password that is memorable enough to retain within the brain while also having it be discreet enough to be unpredictable and thereby unhackable, but still not too similar to other passwords they have on other accounts, which then makes it harder to commit them all to memory, so then they have to write them down somewhere, so then if someone finds their list of passwords, they have found a goldmine.

When one enters a password, the password field cleverly hides what you’re typing by replacing the characters with black dots. ••••••• They’re kind of like Braille, but you can’t feel them. So we have our black dots displaying on screen. That way, if somebody’s watching over your shoulder as you enter your password, they won’t see what it is, although if you can’t trust a person looking over your shoulder, then who can you trust? Ah, therein lies the problem.

And yet they could just watch your keystrokes if they’re quick enough, or if you’re slow enough by typing with one finger, or if they’re videotaping it, or if they take seven pictures of it, or if you say everything you type out loud, or if your password is the same letter eight times, or if you do your password telepathically. Actually that last one hasn’t been verified by the Food & Drug Administration for any claims made. Or if you’re real dumb and accidentally type your password up in the user name field for all to see… well, then all bets are off. If you happen to be one who shares passwords across accounts, then you may have just revealed 30% of your portfolio, and now it’s a race to see if you can change the passwords in all of them before they can be logged into by the hacker’s army. Ready, go!

We wonder how identity theft works. The credit card companies tell us they’re helping protect us from the bad identity thieves, and for a minimal fee, the credit card company will gladly become the thief instead. And then when we become too complacent, they mysteriously turn a blind eye and let some inadvertently go through, and then they gallantly come to our rescue and say even though someone used your card to purchase the Taj Mahal, they’re willing to waive it and offer us a great deal on increased protection. Our heroes! They saved us from certain doom, snatching us from the jaws of a would-be IdentiTheft Protection subversive in a single bound. We should throw more money at them for giving us such a false sense of security. They let somebody get through… sure I’ll pay you more after that. Where do I sign?

But here’s the thing… Do we really need those black dots for passwords? Why have them at all? It helps you to see how many characters you’ve typed. That’s something the Atari people would’ve gotten excited about. But does that do much good in the world of non-make believe? Not really, because you still don’t know if the characters you’ve typed are correct. You might be looking at seven black dots thinking you’re golden and all you need left is a capital Z. So you type the capital Z, and then press Enter, but it comes up wrong. So you have to re-type the whole thing anyway. Or maybe you accidentally typed everything on one hand a key to the right (O jate wjem tjat ja[[ems). So you could easily waste a good 6 seconds typing along without realizing that you have already blown it. Meanwhile, the keyboard is trying to communicate with you: “You sure about that? I mean I’ll type them if you really want me to, but I don’t see the point. Hey, you! Wake up, you typing fool!”

In essence, the dots are quite often providing a false sense of hope, making you believe that you’re only 1 or 2 keystrokes away from completing the required password, only to have your hopes dashed to smithereens. If the dots really wanted to help, they’d give you a character-by-character analysis. “Good, yes, another good one, keep going, almost there, nice, good job, you’re smokin’ now, and… ehhhhhh! I’m sorry, thank you for playing… Please try again. Are you on drugs? Don’t you know what the Caps Lock is? Do you have pea soup for brains? Is it really that hard to push seven or eight buttons without getting disoriented? You’re the advanced species, right? Oh, does Mr. Typer need a little remedial typing there? Ah, so sad. Or maybe… maybe you actually did type the keys you meant to, but that memory of yours is so messed up from all the chemicals running around in your skull that you have trouble spelling your own name even when being spotted the first two letters. All right, we’ll give you maybe one more chance, and possibly two on good behavior, before we exile you to Mesopotamia, where you will undergo lab experiments on Pavlovian responses based on typing the wrong keys, you plebeian ball of ear wax. And the electrical shock adds a level of excitement to the proceedings. Then we’ll see how well you concentrate when the chips are really down, and one false move can mean the difference between success and having your adenoids put on a skewer.” Unquote. I don’t know… maybe your dots don’t talk to you. Maybe that only comes with Vista, who knows. At any rate, a little pressure never caused any damage. Being trained in keyboard espionage to type under intense scrutiny can only help you in the long run.  

The truth is we all secretly want to have progress bars associated with our personas, to monitor what we’ve supposedly accomplished, and this is what the black dots serve to do, filling an at once vital psychological albeit empty need. When we see black dots as we’re typing, it gives us a grand sense of fulfillment, like our keystrokes have not gone for naught. They’re getting validated right there on the screen in real time. n8G%1y9Q has meaning, dang it. Oh, rats. Now I’m going to have to redo all my online financial accounts. That was rather poorly planned.

And here’s the rub.* With the black dots showing up on the screen, that would seem to help hackers when they’re attempting to crack a password, giving them a greater degree of precision. We don’t want the hackers to achieve any type of fulfillment. The trade-off on benefit and downside of having the black dots seems null.

(*-Everything has a rub. They should just put the rub part at the beginning and get it over with.)

Password fields should likewise be encrypted. And when a hacking program tries to decipher the true password, it should encrypt the attempt. Randomly arrange the characters and replace two of them with crossbones just to mix things up. Oh, I’m sorry, we don’t have a match there. Would you like to play a game?

Sociologically speaking, the need for passwords is a rather sad commentary on society. We can’t respect each other’s property enough, and so the idea of a reasonable level of civility within our world must be reserved to “How ya doin’?” (or in some parts of Missouri, “Whatcha doin’?”) when we run into somebody in public, but otherwise a generous portion of them would steal you blind when given the chance. Any notion of safety only comes from building bigger safeguards than the hackers and thieves can build. It’s a carnivorous world out there, and passwords provide a wondrous microcosm for this delightful phenomenon.

And that is why we must eradicate the black dots for passwords. After all, who knows what’s really inside of them? Whatever it is, they’re a tool of the hackers for aiding their cause. In the meantime, I’d recommend having passwords that are at least 28 characters long so that the hackers can’t see all of them at once, and it complicates the whole counting process.

Wait, now I’m giving away my secrets to the hackers. But I did that on purpose, knowing you hackers would think I was telling you the real techniques. However, if I did that, then I wouldn’t have needed to explain that I did it, so maybe I’m just trying to obfuscate, in which case you have no reason to believe that’s what I’m doing. Remember on Dallas when the whole season was just a dream? Me either, but the idea is that you thought this happened but it really didn’t. These were just a bunch of black dots you were reading, devoid of any meaning or content. Move along now.

1 comment:

Jeff Crandall said...

How weird that n8G%1y9Q is my password too. Here is my problem with passwords: requirements. Some say letters, some say letters and numbers, some say numbers only, some say mixed case, some say mixed case and special characters, some say no special characters, some say love, it is a river. The point is I have to come up with variations of my password to accommodate their demands. This makes me have many, many passwords - none of which I remember. So, I set a convention. If it asks for letters, it gets this one, and if it asks for letters and numbers it gets that one. The problem is when they present you with the de-identified black dot field in which to type your password they do NOT remind you which set of criteria they placed on you when choosing your password. You have to remember it in context. And by the way, what's the point of writing them down or sticking them to your computer. I thought the whole ideas was security. There, I've sufficiently and unexpectedly ranted about something I have little or no opinion about - on second thought, there isn't anything I don't have an opinion about or at lease have the ability to feign an opinion about. I can get riled up about just about anything. You are the man, Rusty! Thanks for the fun read.

Dance Like Nobody's Watching

Philosophy Soccer