Category Archives: Tools

Make your passwords memorable but secure

This is apparently National ID Fraud Prevention Week, so my name is Bill Bartmann and welcome to my blog.

This is timely.  The recent publication of email passwords online has set many people busily changing passwords. But how often do we create passwords like October09 or BenWarsop1 even though we know we shouldn’t? And we compound the problem by using the same password everywhere, leaving all our accounts wide open whenever a website emails us a forgotten password in plain text with the subject line ‘password’.

I’ve been mulling over how to create passwords which you, but only you, can reverse engineer. The suggestions here aren’t best practice (I am not sure what is, these days) and an additonal option is to use a password manager. But you might find some of these approaches easy to use and more secure than what you are doing now.

We all know that passwords should be in a mix of upper and lower case with numbers and special characters, but too many people just tag a number on the end. A slightly more sophisticated alternative is to type in Leet. Leet (pronounced ‘elite’) looks like txtspk but 1s 1n f@ct ju5t sw@pp1ng letter5 with num6er5 in @ w@y th@t m0re or le55 keep5 th1ng5 legi6le. UK personal number plates tend to be in Leet.

But the challenge is more about mnemonics – devising an approach which you can remember but which is hard for others to predict. I have been playing with systems based on the name of the site or service. An example of such a system would be to assign the numbers 1-12 to the months of the year, and then count the number of letters in the site’s name. WordPress has 9 letters in it so the password would be September. There are several ways to write that in Leet, such as S3ptember. Better not to put the capital at the beginning: s3ptemBer. But what to do if the name has more than 12 letters in it? Simply do the numerologist’s trick and add the digits together so 14 becomes 5, or May.

If you don’t like months (and I don’t because I’ve just blogged about it) then other months are available. Counting rhymes are a good source of number systems. The 12 days of Christmas give us gives us nine ladies dancing, so WordPress would be ladies, or l@dIes if you write it in leet and capitalise the 3rd letter from the end. There are any number of counting rhymes like ‘One for Sorrow‘ or ‘Yan Tan Tetherer‘. There are other options: Use the 1966 England squad if you know it by heart. It’s all a matter of what you can remember without looking up.  But try to make the group not very obviously a group, which is why it is better to avoid things like the  signs of the zodiac. It is harder to spot the pattern in earnest and serve than it is to spot it in earth and saturn, so better to use one of the mnemonics for the planets and not the planets themseves.

Ten or twelve passwords isn’t that many, working with the letters in the site name gives you 26 potential passwords, for example by using the international call-sign alphabet. If you choose the first letter, WordPress would be Whisky or wh1Sky. But that’s a little obvious; if I know your WordPress password is wh1Sky it would be easy enough to guess your Yahoo one was y@nKee. It would be better to consistently choose a letter that’s not the first letter, say the third one, rendering WordPress as roM3o.

It is poor practice to have just one word in your password, so it’s better to combine the two approaches: r0M3os2ptemBer. Of course, some site somewhere will be n0vemBern0vemBer but hey.

As you can guess, I am not a fan of using the international call sign alphabet because it is so recognisable. If you have any other alphabets in your head, from reading books to your children perhaps, then better to go with them:

  • A was an apple pie
  • B bit it
  • C cut it
  • D dealt it
  • E eat (ate) it
  • F fought for it
  • G got it
  • H had it
  • I inspected it
  • J jumped for it
  • K kept it
  • L longed for it
  • M mourned for it
  • N nodded at it
  • O opened it
  • P peeped in it
  • Q quartered it
  • R ran for it
  • S stole it
  • T took it
  • U upset it
  • V viewed it
  • W wanted it
  • X, Y, Z, and ampersand
  • All wished for a piece in hand

Combining this with the 12 days of Christmas would give me ranladies for WordPress, or r@nl@dIes in leet with an internal capital.

Again, other alphabets are available.  For example, the cockney alphabet which goes ‘A fer ‘orses, B fer lamb, C for th’ighlanders’. It doesn’t need to be an alphabet, any long list will do if you count A for the first place, B for the second and so on. Are you a chemist? Use the periodic table. Do you know the Modern Major General off by heart? Or the Shipping Forecast? If you struggle mnemonics for letters then Derren Brown describes several mnemonics for letters and numbers.

The thing is to devise an approach and stick to it, so that the letter that you match is always the third letter of the site’s name, you always use the international call-signs. Or whatever. Then you can reverse engineer your password any time you need to.

The problem with this is that you should change your passwords frequently, but I am rather stumped for an approach to that. You could of course just retire the 12 days of Christmas at the end of the year and replace it with Green Grow the Rushes-O or anything else that is stuck in your mind and won’t go away.


Like this post? Click to share:

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

Handling the feed that bites you

These feeds that feed feeds that feed feeds are a dratted nuisance when you type something into one by mistake.

In one of the screen layouts you get with Plaxo, the update status field looks just like a search tool.  Ok, it says ‘update’ on the button, but who reads buttons?

Plaxo Screenshot

Plaxo Screenshot

The other morning I entered the acronym of a company name to find people I know who’ve worked there, and within a minute or so it updated Twitter, and from there it updated this blog and FaceBook where it picked up 4 comments in 5 minutes.

Now the thing is, that I know you cannot ever actually delete anything you tweet, and that Facebook keeps your 1s and 0s forever and beyond. I know how my feed-chain works because I set it up.  I’m doing my dissertation on the use of professional and social networking tools in the corporate environment and I am reading and thinking a lot about the the Mastercard style venn diagram which is the overlap between most people’s public and private spaces …

… and I STILL did it.

Lessons learned?

  1. Don’t click anything before the first cup of tea of the day
  2. FaceBook friends like surreal and cryptic posts

Salvadore Dali summed it up best I think, when he said:

Fish.

When you have a hammer, everything looks like a nail

To what extent do the tools we use shape how we think? If we habitually use a certain set of tools, do they prevent us thinking outside their very own box? For example, if I use PowerPoint or Word in Outline mode I can really only think in bullet points. So if I want to move concepts around and see how they relate to each other, then I need Visio or the drawing options in PowerPoint, or even post-its and a whiteboard.

Anyone who is paid to think should worry that the tools they use impose boundaries and blindspots on how they think.

Recently I’ve been using SharePoint a lot, and one of the features is the ability to create categories or assign property to your information. You probably use properties instinctively already. For example, if you want to find an email from a specific person you click on the top of the ‘From’ column and the senders’ names show in alphabetical order. Know it came last week? Date is another property: sort by date. SharePoint lets you do the same thing, but you can create your own columns (categories, properties … whatever).

I use SharePoint a lot and I help people define columns a lot. It’s got to the point where I spot categorised columns in places where SharePoint has never been:

Meat / Sauce / Carbs

Meat / Sauce / Carbs

Categorising information in this orderly way is now a habit. It is also something I am good at, since I am blessed with the ability to spot a category error at 60 feet.

Coffee Flats Cottages

I'll have a tall skinny loft apartment with roses above the door

But what worries me is whether this habit of defining top level categories imposes its own blind-spots. If everything I eat is “Meat / Sauce / Carbs” then how can I have ice-cream for desert?

These blind-spots don’t matter as much if you can get enough eyes to look at the problem. But you know and I know that you can spend all day in a workshop and come out with nothing but a biscuit-rush and a headache.

A good, nit-picking, sceptical colleague who’ll give your final documents a really good going-over is invaluable.

We also underestimate the value of sleeping on it: model it visually on Friday and then on Monday write it up in words.

Now I’ve written this post, and now that you are reading it, this all seems rather obvious. But when you’re under pressure to deliver it’s quicker to do the same-old same-old than it is to think outside the toolbox. And that’s ok if fast really is more important than right, which sometimes it is. But sometimes it isn’t.

So when was the last time you used a different tool and looked at a problem in a slightly different way?

Wiki vs Word

I had a colleague who banged on and on and ON about wiki-documentation. His point, and it’s a valid one, was that all IT systems documents should be wiki and anyone entitled to read a systems document should be entitled to update it.

He’s right of course, culture and software permitting:  it wasn’t revolutionary when he propounded it 4 years ago and it’s even more obvious now.

In fact we did this for years without the need for Web 2.0 platforms. Almost all corporate documentation is multi-authored and multi-layered.  Click File>Properties on any word document from your corporate intranet (the expenses claim form, the new starter’s induction pack, whatever), and you’ll find out when and where it was first written.  These documents are are like DNA code, with sentences left over from the Paleocene switched off and invisible but still tucked away in Track Changes, and with other bits added in fresh and shiny and new today.  I use a timesheet first put together in 1998, it’s fit for purpose, so it’s survived.

Two recent examples brought this into focus for me:

I’ve been working on help files which have been through three incarnations that I know of since they were written in 2006, and some of them were copied and pasted from elsewhere before we got hold of them. A phrase here from 2006, some bullets added in 2008, a shiny new screenshot now, and here you go.

Likewise the training material I’ve been reviewing today has edits from numerous other people and the properties file shows it originated outside both the company I work for and the company we bought it from, and a lot of the wording reads like sales brochures for the product in question – not hard to work out why.   (I should say here that I know the purchasing path, and this material has been re-used and changed entirely legally).

So the benefit of Wiki software is not that it allows us to steal and plagiarise (I mean ‘allows us to re-use existing intellectual capital’ of course).  We do that already without special tools.

No, the benefit of Wiki software is that it lets us track who’s added what.  It is certainly a benefit: it would be nice to know what fool messed up the formatting and lost me 5 hours of my life sorting it out.  But to some extent that’s just prurience: I’m as interested as anyone in checking back through the Wikipedia articles I’ve edited to see how they’ve developed since.  (You mean you don’t do that? You should!  It’s fascinating, in a bin-searching stalkery kind of way.)

Once the prurience is over, the only real benefits of actual wiki software are the ability to revert to a previous version at the touch of a button, and to hold people to account. Don’t get me wrong, I’ve served enough time in governance and business controls functions to know that these are real benefits.  But people have been stealing each others’ stuff – er – working collaboratively over time – for years already without Web 2.0 tools to help them.

A meme on modelling

Craig Brown of Better Projects has launched a modelling meme for BAs and PMs.

He asks us to 

Recall the first and last analysis model you used at work. 

An interesting question for a BA.  

My first diagrams were probably Wide Area Networking diagrams from back in the day. Admittedly my job title wasn’t “Business Analyst” but it was still all about balancing requirements, technology and budget.  

For a while after that they’d have been web page designs, and then the branch and workarea diagrams for Interwoven TeamSite installations.  Since then I’ve done every sort of process diagram, dataflow diagrams and influence diagrams, soft systems diagrams and of course a shed-load of UML.  

It’s been a while since I’ve done any modelling at work though I was messing around with Visio and a process flow today.

My two most recent models haven’t been done on my employer’s time.  One is a model of investigative questions, and directly relates to The Business Analyst’s Guide to Questions, which is a series of posts I am publishing over the next few months.  

 

Question grid based on Kipling's honest serving men

Question grid based on Kipling's honest serving men

The other hasn’t been drawn yet, but will plot quantative research vs qualitative research in a 2×2.  This is something I’m thinking about as a result of my MSc.  These two research methodologies are normally  considered to be opposing poles of the same scale, but I wonder if there’s something useful to uncover if we model them as two different dimensions which sit at right angles to each other.   Surely collecting statistics about how pople feel is BOTH quantative and qualitative and sits out there in the middle of a 2×2.  I’ve not done the analysis yet, so we shall see.

Include me out

It’s not always obvious how our tools can distort our methods.  

A colleague who was co-ordinating a social event recently sent out an email asking us to say what kind of food we’d prefer by using the voting buttons in our reply.  The choices were Indian, Chinese, Italian, No Preference.   “Cool use of the tool” I thought.  

It was only a few days later that another colleague said how disappointed she was that the most popular option was Indian, because she really doesn’t like Indian food.  (How can anyone not like Indian food? – But that’s another bemusement for another day).

It was then that I realised that what was needed was not voting for buttons, but vetoing buttons, with the option for vetoing more than one choice. 

I’d have made the same mistake, and it’s an interesting one.

Organising Knowledge – Book Review

Organising KnowledgeI thought I had put more book reviews up here than I have.  Here’s one of the ones I thought I’d posted.  At the moment I’m doing a lot on Knowledge Management  so here is high praise for Organizing Knowledge: Taxonomies, Knowledge and Organization Effectiveness by Patrick Lambe.  

Lambe is that rare mix, both a theoretician and a practitioner.  The book is solidly based in theory and well-proven by practice.  In the first half, Lambe takes you on a readable tour of how people have organised knowledge in the past and compare different approaches (hierarchies vs facets, for examples) and some of the implementations (the Dewey decimal system, and so on). While the second half gives you tools and strategies for defining and introducing taxonomies to an organisation. He doesn’t pretend it is easy, but the tactical tools and the methodological framework are workable. He’s clearly refined them by using them and some of the pain he has felt on the way comes through between the lines.  I sympathise with him almost as much as I admire him.

The book has the benefit of being fairly short.   I’ve noticed this with other books on the subject – perhaps books about online technologies need to get out so fast there’s no time to add padding, or else people dealing with knowledge management think too clearly to waffle.  Either way, it’s pricey per page but benefits from its brevity.

I cannot recommend this book highly enough if you are working in this area or are responsible for information architecture, knowledge management, or pulling sense out of corporate folksonomies.

If you want more from Lambe, he blogs at Green Chameleon.

Keeping up with the Killer App

I’m finally feeling overwhelmed by everything you can do on the internet.

I was always aware of online innovations early and I was often the first person I knew socially who took them up, even if I didn’t take them up immediately.  This was true for email, the browser, forums, social computing, online-shopping, online maps, user-created content, professional networking, instant messaging – loads of stuff.  

As online apps diversified, I had to dabble rather than embrace.  Either I would decide not to join in (I don’t have an account on Second Life because my first life is pretty demanding, I don’t podcast because my perfectionism would drive me mad), or else I would join in rather late (I’ve only just signed up to Twitter because interesting things – like the Israeli “people’s press conference” – are now being done with the tweets). 

But now, for the first time, I’m not even aware of the new online apps.   Every week, it seems, I find new ones. This is a real head-shift for me.  I feel like someone born just after Sir Francis Bacon died.  Bacon, apparently, was the last person who read all the books.  Not all the books on a particular subject.  All the books.  We are so used to the number of books published (5,500 daily in the UK, though “only” 4,700 in the USA) that it never occurs to us that we could get our head around all of them.  I never did expect to get my head around everything the web says, but now I am struggling to keep up with everything the web DOES.  

It’s kinda exciting.  Like 1995 all over again, but this time it’s real.

Here are some examples:

Zeitgeist sites:

These are basically feeds of user generated content – photos, tweets, questions.  They are oddly soothing to watch for a while.  It’s a bit like watching clouds.

Flickrvision
Twittervision
The 118118 question feed

 

Flikrvision

Flikrvision

 

 

Access:

This one’s so interesting it deserves a post of its own, though I may not manage it.  This is

The Isreal Consulate’s “Citizen’s Press Conference” on Twitter

“David Saranga, Consul of Media and Public Affairs in New York, will answer your questions about the situation in Israel and Gaza in a “Citizens’ Press Conference.”  You can submit your question by directing it to our Twitter account. We will do our best to answer through Twitter.  If an answer requires more than the 140 character limit, we will respond on Twitter with a link to an answer posted in this blog.”

Scraping:

Which of course is what the government is proposing to do with out emails and phone calls:

Employee Scrape at IBM:

“Call records and e-mails define the social networks of each consultant. Whom do they copy on their e-mails? Do they send blind copies to certain people? These hidden messages could point to the growth of informal networks within the company…”

Twitter Scrape

” 2.7M users (and slowing, meaning I’m starting to find the edge), 10M tweets, 58M edges, with pretty-near complete edge data for users with more than a dozen followers.”

Animated data flows:

Presenting dynamic data dynamically,  such as the location and duration of phone calls, location and duration of taxi journeys, (ok these aren’t online apps, but they are still remarkably cool)

Mobile phone calls during the European World Championship in Spain 
Telephone exchange activity in Britain
London cab journeys (very few South of the River, at this time of night? Give us a break!)

Vodpod videos no longer available.

 

I do owe a massive thank you to Flowing Data for keeping up with the Netgeist so I don’t have to.

A psychologist, a geneticist and a neurologist walk into a bookshop

Irrationality - Stuart Sutherland

I am currently reading “Irrationality” – an excellent book in which Stuart Sutherland describes the mechanisms by which we leap to conclusions, confuse and deceive ourselves.

I am deeply amused by the publisher’s cynical use of the techniques that Sutherland describes to promote the book.  Sutherland discusses the halo effect (when we assume a person’s good or bad characteristics apply more widely than they do), and they way we give more credence to authority figures than perhaps we should.  It’s a book about cognitivie processes, right?  So you’d have to be a psychologist to give authorative recommendations, right?  Now, Richard Dawkins is a hero in his own field and Oliver Sacks is another, but how come a geneticist and a neurologist suddenly have expertise in psychology?  It can only be the halo effect and that pesky deference to authority.

These ironies aside, it’s an excellent book and if you think, evaluate evidence or make recommendations for a living then it will keep you awake at night.

In a good way.

Found for words

I’m always fascinated by word clouds.  When you run somone’s blog through one it’ll show the words they use not the tags they choose.  Word clouds are a reality check, an insight into an individual’s subconscious folksonomy.  

Here’s what I got when I ran this blog through Wordle.net

Ben's Wordle

Ben

I don’t remember saying Chichester or agriculture but I must have done.  And I’d no idea that I was so interested in time.