Passwords: TWO Rings to Rule Them All :D

I’ve been thinking…
 
Some websites and organisations are more careful with security than others. Some sites, when you register with them, will allow you to set your password – but then they will email you a confirmation: one that INCLUDES YOUR PASSWORD IN CLEAR. Sites that understand the concept of security won’t do this, because they understand the (admittedly minimal) risks this exposes your information to.
 
Most emails are like letters without envelopes: anyone with access to the network can read their contents as they pass from A to B, so in theory someone could read your password. Email postmasters are generally trustworthy and usually too busy to snoop… but not everyone can be trusted.
 
What if their email system messes up and sends the email message to the wrong person? Or if your ISP messes up and bounces it back to their postmaster (who perhaps is just on his way out of the company? who knows?).
 
So, how to deal with this?
 
The ‘Advanced Version’ of the ‘One Ring to Rule Them All’
 
This involves using two – or maybe more, but let’s KISS (Keep It Simple, Stupid) and start with two – ‘strong’ passwords that you use when setting up your passwords, as described in my ‘One Ring’ article a few days ago.
 
‘Ring One’ you would use for sites you feel confident you can trust to know what they’re doing (banks and the larger, well-known, e-commerce organisations).
 
‘Ring Two’ would be for the odd places that you’re not so sure about. Those chatty forum sites for instance. If you’re not sure which ‘ring’ to use, then use Ring Two first, and perhaps switch to Ring One when you feel confident about the site and its trustworthiness. You will of course need to remember which one you’ve used: but you’ll know which sites you trust and which you don’t. And if you should find that you can’t log in somewhere – just try the other Ring 😀
 
This adds a further level of security to the system. But: it’s not something to stress out about. If you’ve been slack about your passwords up to now, the One Ring technique makes your data a whole lot more secure than it was before. 
 
I’ll freely admit that the one thing that this technique doesn’t address is the Typical Security Eggspurt’s advice to "change your passwords frequently". Let’s face it: who does that in real life? It’s one of those things we all should do (like backing up important data) but never seem to get around to. The Expert Advice here is simply posterior coverings: ‘what? your password has been stolen? Well, when did you last change it? … what’s that? You NEVER changed it? Ah well, then: it must be YOUR fault!’.
 
If you’re feeling community minded the next time you register with a website that sends your password back to you in their ‘welcome!’ message, you might send them a friendly note pointing out that you’re not impressed with their attitude to security.
 
Advertisements

About pendantry

Phlyarologist (part-time) and pendant. Campaigner for action against anthropogenic global warming (AGW) and injustice in all its forms. Humanist, atheist, notoftenpist. Wannabe poet, writer and astronaut.
This entry was posted in Computers and Internet. Bookmark the permalink.

6 Responses to Passwords: TWO Rings to Rule Them All :D

  1. Vicky says:

    Colin! How nice! And on a Friday too. I hope you are well, spam and virus free and all that and thank you for looking in on me again. As usual the advice you give with regard to  paasword security and so on is entirely sound and sensible. I trust you found the latest episodes of my story readable and will look in again soon….. x Vicky x

  2. Purple Pixee says:

    Heh – thanks for dropping by – you\’re right – resistance is futile – but it\’s nice to think that some day micro$haft won\’t rule the world – well, we are all allowed our dreams!
     
    The password advice is sound – I have so many I can never remember what I used, or if it was upper/lower case…  some of my passwords of old depended on what I was reading at the time, or what I had just eaten, or what was my fad / obsession at the time.  No good.  I locked myself out of my modem the other week and had to reset it to get back in…
     
    Have a happy monday
     
    Hugs
     
    PP
    xx

  3. Pingback: Passwords: storing passwords | Wibble

  4. Pingback: Passwords: One Ring to Rule Them All | Wibble

  5. Wadzar says:

    FYI, this kind of technique was used by the founders of Twitter, and that’s why the haking of their site a few years ago have been so disastrous.

    • pendantry says:

      Interesting. You’ll note that I have used various get-out clauses 🙂 Perhaps I should add ‘not advised for celebrities’.

      The ‘One Ring’ is not totally secure (no system is); nor is it the best solution for all situations. I’ve found it to be, simply, a good compromise.

I'd love to hear what your views are!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s