Category: Information Technology

Categories
Computers Information Security Information Technology Social Networking

Repost (and Edited): Creating Good Passwords

This is originally a post I did back in 2008, which I have edited to tweak some of my original recommendations. This has become especially more important as sites like Facebook, Twitter, and online emails are becoming more the focus of online attacks.

Most companies and universities have password policies in place that enforce complexity requirements. But do you have a good policy you use for your personal accounts? You should create good strong passwords for any accounts you access – your email, Facebook, Twitter, eBay, online merchants, your personal finance file on your system, etc.

When creating your password, it should:

  • Be at least 10 characters long, but be easy to remember (more on this in a second).
  • Contain at least one capital letter, a digit, and a special character along with the lower case letters. Some web sites may not allow special characters (shame on them!!), so be creative with more digits (preferably) or capital letters.
  • Not be built from a dictionary word or any name – including character substitution!! For example, password is obviously a BAD password, but P@ssw0rd is also a bad password. Another example here would be something like Und3rd0g! or T0m&J3rry (guess I’m in cartoon mode here). Hacking utilities would have these figured out in very little time.
  • Not contain sequences, patterns, or repeated characters, for example 123, 111, qwerty, etc.

So I mentioned making your password at least 10 characters. I used to like to make them 8 characters exactly. Perhaps this is because of my past experience using UNIX systems, where the first 8 characters only were significant (standard UNIX at the time would ignore anything after 8 characters), but I also thought 8 characters would be easier for most to remember, although now I think 10 would be fairly easy, with time, to commit to memory. Once you get used to your new password, it will become second nature. What you don’t want is to have to write the password down and stick it to your monitor; it should be something you can commit to memory. If you must write it down initially, keep it in your wallet or someplace safe and not viewable, but DON’T write your username or what site or service it is for. Even then, only keep it long enough until you memorize, then shred it.

So given the rules, how to actually create a good password? Think of a phrase nine or ten words long, and then use the beginning of each word to make into your password, mixing up the capitals, symbols, and digits. If you use nine words, you can use punctuation as the last character. If you can easily remember a longer phrase and the password you create from it, certainly go for it. Some examples (don’t use these for yourself, though):

Phrase: I really found the Science Attic very useful today!
Password: Irft5@VuT!

Phrase: My new golden retriever Fido is the best dog ever
Password: MngrF1tBde

Phrase: Firefox and Chrome are great internet browsers everyone can use
Password: F&C@giB3cu

So you get the idea. And you can get really creative with this, so have a little fun with it. 🙂

There are password creators/managers, although I haven’t really evaluated any of them and I personally think the best password manager is the one between your ears. The idea is the same though – keeping your accounts that much more secure.

Categories
Computers Information Technology Linux

Disabling User List in GDM Login Screen – Ubuntu 9.10 / Linux Mint 8

I’ve been playing around with both Ubuntu 9.10 and Linux Mint 8 (just released and based on Ubuntu 9.10). One of the differences that’s noticed right away is the change in the GDM login screen. By default, it lists the users to choose from, then enter the password. This may be OK for some, i.e. perhaps a home system, but what if you wanted to not use the list of users. If you wanted to require users to type in their username to make it more secure, you can no longer just adjust this setting within the login screen settings. The login screen settings now contain just a couple of options around allowing autologin. It would be nice to have the other setting back, but here is a method that someone can use now:

  1. Logout so you are at the login screen.
  2. Ctrl-Alt-F1 to enter the CLI.
  3. Login to CLI using the normal credentials.
  4. Type: export DISPLAY=:0.0
  5. Type: sudo -u gdm gconf-editor
  6. Alt-F7 to return to the GUI. Gconf-editor should be visible.
  7. Drill down to apps –> gdm –> simple-greeter.
  8. Check box for disable_user_list. Close gconf-editor.
  9. Reboot, GDM should now show a button to login, and prompt for both username then password.
Categories
Computers Information Technology Linux

Notes on Ubuntu 9.04 (Jaunty Jackalope)

ubuntu-logo-jackalopeI went and installed Ubuntu 9.04 (Jaunty Jackalope) onto my test system as a dual boot with Windows 7 Release Candidate, and so far so good.  This was the same system I had installed OpenSUSE 11 on before and I went back and reviewed how I tweaked my desktop there and did very similar setup for the Ubuntu setup.

I installed Cairo-Dock, and included launchers for Firefox, Thunderbird, Terminal, BitTorrent, and OpenOffice Word Processor.  As part of installing Cairo-Dock, I eliminated the botton toolbar and merged its contents to the top toolbar. I also played around some with Gimp (v2.6 comes with this version of Ubuntu) – the Jackalope pic with the Ubuntu logo merged into it was the result.  I also installed Screenlets and setup clock, calendar, slideshow, weather, and system info screenlets to launch upon login.  As expected, Thunderbird was just as easy to setup for imap to my gmail account as it was in Windows.

So those are my first notes for this version of Ubuntu.  As I play with it more and find things noteworthy, I’ll post those.

Screenshot of my Ubuntu Desktop.

Ubuntu_904_SS

Categories
Computers Information Technology Linux

OpenSUSE 11 First Impressions

I decided to give OpenSUSE 11 a try on my dedicated Linux box. Since I’ve only installed it and made some adjustments within Gnome, I thought I would give what I can really only call some first impressions of it.  I’m writing this post from the OpenSUSE box.  The system I installed it on is my few years old Gateway GX7022E – a Pentium D processor (3.0Ghz) with 3GB RAM.

I took the defaults during installation, choosing Gnome as the WM.  I did briefly try both KDE 3.5 and 4.0 within VMs, but I am a bit more used to Gnome and tend to favor a more simple look (with some small creature comforts).  I would definitely say that installation time is much shorter over my experience in the past installing OpenSUSE 10 and 10.1 (both were installed a while back on this same box).  Call me old fashioned, but I also chose the more “traditional approach” of UNIX/Linux by not allowing automatic logins, or allowing the first user account created to be the administrator account (which does things using sudo in the background  – in the same way Ubuntu does).  This basically means that for any software I need to install, system changes, etc., I need to provide the root password (as opposed to my own, even though I am already logged into the system).

So now I’ve logged into Gnome and I’ve began my tweaks.  OpenSUSE 11 comes with the “Main Menu”, aka SLAB 0.9.10, which is a one button menu.  I ended up removing this in favor of the more typical menu bar (Applications, Places, System).  Perhaps I will give SLAB another chance at some point, but for me anyway, having to click on “More Application” and having it open up a window with the apps to click seemed a little bit too much “Windows 3.1/NT 3.51” to me.  I also changed themes to one I found on gnome-look.org, Ubex2; and the desktop background to one of Boston from the Charles River that I found on Interfacelift.com.  Both these sites are great for Gnome tweaks and backgrounds.

I installed Screenlets as a desktop widget/sidebar app, and Cairo-dock as an app launcher similar to Objectdock (by Stardock) for Windows, or the Mac OS launcher.  (As an aside, I’ve also been experimenting with setting my Windows system up similarly with the taskbar on top, and Objectdock on the bottom.)  I also adjusted the font resolution to 96 dots per inch, and set for LCD, and medium hinting.  This allows better font rendering in my opinion.

So first impressions are – fairly quick and easy install, but also an install that allows for more traditional approach to account logins, as well as some other options.  I hope Ubuntu – another great distro – includes that option, for those that want it, in a future release.  Then with some pretty easy customizations, I have a nice Gnome based environment to do my stuff in.  The first screenshot is the default OpenSUSE, found on opensuse.org, and the second is mine, customized as I mentioned above.  If you’re looking to try a different Linux distro, give this one a shot to see if it works for you.

Default OpenSUSE 11 Gnome Screenshot

My Customized OpenSUSE 11 Screenshot

Categories
Computers Information Technology Technology

Logitech VX Nano Mouse

I know I’ve been very lax about science or tech posts of late, but as I’ve picked up a wireless mouse for my work laptop recently for use at home, I thought I would share some impressions of it.  This is the Logitech VX Nano mouse.  When it comes to mice, I tend to like them fairly simple – not the “buttons all over the place” types (i.e. like gaming mice).

What I like about this mouse is that while it is marketed as a notebook mouse, it is not too small.  It is only slightly smaller than a standard mouse.  Its shape and size still make for a comfortable mouse for me at least.  The shape should also allow for left handed users to be comfortable with it as well I think.  Larger hands may find it a tad small – my hands are more medium sized with longer fingers.  The USB transceiver is really nice in that it is small enough to plug into the laptop USB port and can leave in there without much worry of breaking it.  The portion that sticks out is just a hair under 1/4″, and the mouse itself fits into an included pouch which helps protect in in a bag.  It also has an on/off switch underneath to help save battery life when not in use.  Again while I don’t do much with the extra buttons, this mouse includes web browsing “forward” and “back” buttons next to the left mouse button.  There is also a button behind the scroll wheel that sort of acts as a replacement for Alt-Tab in Windows, giving a menu to select any open window.  Of course, these button functions are customizable through the Logitech software.  The scroll wheel has both horizontal and standard vertical scrolls.  One of the nicest features, for my use at least, is the that the scroll wheel has two vertical scroll modes.  One is the standard scroll of 3 or so lines at a time with some tactile feedback.  If you click the wheel as a button though, it goes into what I call “free wheelin’ ” mode.  This mode freely scrolls many lines. It’s very useful in a long web page, large spreadsheet, or in what I find really handy, while at work I have the ability to scroll through about 20,000-30,000 lines of text in large log files.  I find the section I am concentrating on, for instance an error dump section, then one flick brings me to the most recent events at the bottom of the section.

So, if you’re in the market for a nice cordless mouse for your system, check out the VX Nano from Logitech.  I like it enough that I now keep it in my bag and use it at work as well as when working from home.

Categories
Information Technology Thoughts

The New Gig

I’ve just finished my first week at a new job. After almost 11 years at my previous employer, their cutbacks affected my position and I was laid off in early April. I interviewed with a few places pretty quickly, and luckily, I had my verbal offer for this job within two weeks of being out. I then only had to wait for the normal process stuff – background check, drug test, etc. So once I knew I had the job, I tried in the meantime to enjoy the downtime (as my good friend points out here): hang out and do things with the family, get some stuff done around the house, and keeping the brain technically engaged – passing the CCNA that I let expire last year.

In the end, I know this is one of those “things that happened for a reason”. I will be working in new area of IT I have not been deeply involved in thus far – SAN (Storage Area Network) technologies. Coming from an IP based networking background (and before that Wintel server & messaging and Desktop support), the plethora of training my new company provides is really a great thing. I’ve enjoyed opportunities to learn new areas of technologies in IT, and the brain is now definitely “reawakened”.

Categories
Computers Information Security Information Technology

Creating Good Passwords

Most companies and universities have password policies in place that enforce complexity requirements. But do you have a good policy you use for your personal accounts? You should create good strong passwords for any accounts you access – your email, eBay, online merchants, your personal finance file on your system, etc.

When creating your password, it should:

  • Be at least 8 characters long, but be easy to remember (more on this in a second).
  • Contain at least one capital letter, a digit, and a special character along with the lower case letters. Some web sites may not allow special characters (shame on them!!), so be creative with more digits (preferably) or capital letters.
  • Not be built from a dictionary word or any name – including character substitution!! For example, password is obviously a BAD password, but P@ssw0rd is also a bad password. Hacking utilities would have this figured out in very little time.
  • Not contain sequences, patterns, or repeated characters, for example 123, 111, qwerty, etc.

So I mentioned making your password at least 8 characters. I tend to like to make them 8 characters exactly. Perhaps this is because of my past experience using UNIX systems, where the first 8 characters only were significant (standard UNIX would ignore anything after 8 characters), but I also think 8 characters would be easier for most to remember. What you don’t want is to have to write the password down; it should be something you can commit to memory.

So given the rules, how to actually create a good password? Think of a phrase seven to eight words long, and then use the beginning of each word to make into your password, mixing up the capitals, symbols, and digits. If you use seven words, you can use punctuation as the last character. If you can easily remember a longer phrase and the password you create from it, certainly go for it. Some examples (don’t use these for yourself, though):

Phrase: I found the Science Attic really useful today
Password: Ift5@ruT

Phrase: My dog Fido is the best dog!
Password: MdF1tBd!

Phrase: Firefox is a great internet browser to use
Password: F1@giB2u

So you get the idea. And you can get really creative with this. 🙂 So have a little fun with it, while keeping your accounts that much more secure.