Unusual Password Limitation

Today I came across a limitation on my complex password.

I have a 14-character password with upper, lower, numeric and spacial characters that I attempted to use in a program this morning.  This program is essentially a GUI for another program which takes an XML file as input.

The underlying application attempted to interpret my password, which was enclosed in “double quotes”.  See, my password has the special character % followed by a lower case letter (which I am representing by the character _ in this post).  So, the program determined that the %_ must be a variable and would not proceed because I didn’t provide a value for the variable!!

So, from this, I have a new lesson: Understand the limitations of the application(s) using your password.

Before going to change my password, I determined how big an impact both keeping and changing the password would be.

  • There are three systematically different front-ends which operate over the same back-end in slightly different ways.
  • Only one of these has the deficiency/limitation
  • Only a subset of the limited application is impacted
  • I can use the other front-end tools to minimize the impact of the limitation

I therefore concluded that I can keep my current password without severely impacting the job at hand.

This post was written to explain that as great as a password may appear, there is always the potential for it to not work as anticipated in all situations.  Take time when creating your passwords and evaluate the need to change them when you come to a road-block!


Mobile blog post!

Today I decided to walk away from my desk with nothing but my sunglasses and my Motorola Cliq XT. So, what can I do remotely?
Well, I can blog because I downloaded the wordpress app for Android and setup “Jaime’s Online Password Security Blog”. I elected to save my WordPress credentials on my phone because I have other security measures in place to prevent unauthorized use. I also am using 3G not a public wifi hotspot, so my vulnerability level is no different on WordPress than it would be on anything else I choose to do on my phone.
Along with security we must also balance risk… I am also willing to have my twitter profiles @ssjaime and @OnlinePwordSec on my phone. I use those accounts often enough to feel comfortable putting them out there on the 3G network.
This blog post was a bit of an experiment too… I wanted to see how it would be received!

Hope you enjoyed and please comment.

Plaintext Passwords

What’s worse than forgetting your password?

I say it is resetting your password with a nice strong complex one using one of those Forgot Password” tools on the website and then receiving an email confirmation that contains your password in plaintext!

Here are my recommendations on how to avoid this problem:

  1. Don’t forget your passwords! (but if that’s going to happen, perhaps the other ideas below will suit you better)
  2. Use a password manager, so you always have your passwords available.  There are many different programs/apps/websites available to facilitate this.  I will delve into the different kinds in an upcoming post 🙂
  3. Read the rest of this entry »

Anagram Your Passwords!

Remember those puzzles that require you to rearrange letters to make words and phrases?  They take a sequence of letters like alarepirctl and you manipulate them to become the word caterpillar.  Why not take that game, give yourself a few rules and create your passwords in the same way?

How to do it:

  1. Take an 8-character minimum word or phrase as your seed word
  2. Use a numeric replacement (such as those listed under common replacements) or add a number
  3. Use a special character replacement or add a special character
  4. Read the rest of this entry »

Expiring Passwords

Can you answer with “in the last 3 months” to any of these?

When was the last time you changed your password for …

  1. your primary email account?
  2. your bank account?
  3. Facebook?
  4. eBay?
  5. iTunes?
  6. WordPress?

If the answer is: Read the rest of this entry »

Password Tip #4 – Self-imposed limitations

I was going to make this a video blog, unfortunately I do not have any sponsors yet and cannot afford to buy the ad-on to allow for video!  If you or anyone else you know is interested in sponsoring this blog, please leave me a comment and I’ll start the process!

I had my 13-month old daughter on my lap the other day as I was trying to enter a password  and realized that I had to do the whole thing with my left hand!  I hold her in my right arm and am not able to reach the keyboard with my right hand otherwise, she presses keys on the keyboard!

Imposing limitations decreases the overall complexity of a password by reducing the available pool of characters used.  It is therefore highly recommended to add length to your password!  My rule of thumb is to increase password length by one character every 4 elements removed from the available pool.

How to create your password:

  1. Identify your limitation
  2. Read the rest of this entry »

Machine-generated passwords

There are many websites and programs that can generate a password of any length and complexity.  Here are some of the pros and cons for adopting these passwords for day-to-day use.