Is Your Site Password-Worthy?

I hate passwords. I just read an article on Yahoo about how to make your password more secure. I think this is the wrong message. Passwords should be abolished altogether. It seems that almost every site on the web, in order to see the interesting stuff, has you enter a user name and password.. Let me tell you, most of these sites are not password-worthy. First you have to set up an account name. Since these have to be unique (it’s a computer thang), probably one name won’t cover all sites. I have a nice yahoo name, but since I got it 15 years ago it was available. That same name is not available on pretty much any other site so I have to add letters and numbers and whatever to get an account name that works. Who can remember these?

On the issue of user names, why not just use your email address?  I try to do this when I can but lots of sites don’t allow the @ or . symbol (in which case I drop it) or don’t allow long names. Also this method reveals your email address, because often your account name is something that is public. Why not eliminate user names altogether, base log-in on email address and allow an arbitrary public name which doesn’t have to be unique. A computer is smart enough to figure out how to deal with non-unique user names (the technique is called capabilities). Right now, for non-password-worthy sites, I use a free yahoo mail address – as a side benefit all the spam goes into that email, which I haven’t looked at in years.

Once you create an account name you have to pick a password, which inevitably is even more difficult than picking a user name because no two sites have the same rules for passwords. Some allow special characters, some don’t, and some require them. Some have length limits. some force a certain minimum length. Some allow you to use any password you want, some judge the “strength” of your password and don’t allow what they consider to be “weak” ones. One site I signed up with recently (comcast) forces your password to be between 8 and 16 characters contain a lower case, an upper case a number and a special character. I guess their biggest fear is that someone hacks into my account and cancels HBO. My bank forces me to change my password after a month of inactivity, and doesn’t let me change my password to any password I’ve used it in the last 5 months. They also make me answer 3 questions every time I log in from a different computer and now they call my cell phone and I have to punch in a verification code, all this to log in. Next I expect they will send a phlebotomist over to check my DNA. I have resorted a simple method of picking passwords: I write how I feel when I’m using their site. It seems to be the easiest to remember.

Next, most (if not all) sites now have a way to obtain your user name and your password if you have forgotten them. This is what I usually do. Almost all of these lookups are based on email address and then maybe ask a question like “Who is your favorite hot actress?”, something you answered 5 years ago when you were into girls with short hair and big boobs. I digress. Then you get a link in your email box that acts as a password, maybe for an hour of so, during which time they expect you to enter yet another password that you will never remember.  This is the technique that some cracker used to steal Sarah Palin’s emails.

I’m sure there is some site out there that just collects passwords and then tries to break into people’s accounts using deviations from these baselines. I use the same password for most sites, who cares if someone breaks in, I don’t store anything important on 99% of the password protected sites anyway.

At this point in the development of the internet one has to ask, “why do we still use passwords?” Hasn’t someone come up with something better?

One suggestion (from by brother) is to allows users to select a question and answer as a password. That way you can use lots of different passwords and be reminded of what password you used for that site, without anyone else understanding the hint.

Another suggestion is maybe it is time to use cell phones to do authentication (authentication is a technical term for figuring out if you are you). Most people have them and sending a message every time you log in is probably not that expensive. For those people who don’t have or want to use a cell phone, you email server could act as an authentication agent.

Of all the sites I go to these days, maybe three are password-worthy. The rest I either use so rarely that having a password is impossible, or are so unimportant that I don’t really know why they bother. Therefore, I hereby establish “The committee to abolish passwords”. Membership is free, no usernames or passwords are required. Just reply to this posting. (Does wordpress require a username & password?)

Advertisement

Flash vs. Java vs. Javascript

I’ve been looking at implementing a new user interface for a sensor system that my company builds, so I started to investigate possible platforms. I can’t use a client/server approach because access to a central server is not available. A few years ago I ported my Pin Hockey game to flash so I kind of know flash. The current UI is built in Java. A third possibility is Javascript, the engine of choice for HTML5. So then I thought, what are the real differences among these language? Flash (really Flex because I only develop on free platforms) seems to be more user interface oriented, Java more general a language but clumsy for interfaces, and Javascript very browser oriented and bit free-wheeling (i.e. no type checking– yet). But after more thought it occurred to me that all of these languages are basically the same. They all depending on a complex “interpretter” that uses byte-code instructions generated from the high-level language. They are all object oriented, single inheritance, interface based with built-in garbage collection. Beyond the basic language and interpreter are various libraries that do vary quite a bit from platform to platform, and that is one area where flash really shines. The underlying flash library is very rich and pretty.

With the Apple (Jobs) / Adobe war going on now we have Javascript (which Jobs calls HTML5) versus Flash/Flex with Java not even a close third. Everyone knows that Javascript as a big development environment is just not workable, although many of people are trying. So my suggestion is to eliminate this pettiness and just come up with a single underlying engine that can implement all three languages. An byte-code based engine that allows the source code to be developed in any language, that allows for a variety of libraries but preferably one good built-in one, and provides for maximum flexibility in interoperability. In fact, an underlying byte-code engine should be able to run all existing Flash, Java, and Javascript programs as is, eliminating the Apple/Adobe war altogether. The ultimate goal would be an open-source engine implementation, perhaps based on the current open source Java engine. But I’m dreaming.

The more predicable end to this story will be that Apple buys Adobe, war over, and presto Flash becomes remains the defacto standard of the UI. I’m expecting an announcement in a few months.

Flash PinHockey

You can now play Pin Hockey on any Flash platform (like a PC or a Mac). The flash port supports most of the features of the DS version including single player and two player modes. Currently dual screen play is not supported. Check the OPTIONS screen for selecting options and keyboard mappings. Slammer play requires a mouse.

Here is the link: http://www.relavak.com/downloads/PinHockey.swf

First Project

What was Relavak Labs first project???

A hardware based game called the Flashwand. The Flashwand displays text when waived in the air. It also can display a variety of colors and patterns from a crystal ball on its end. The programming contains an adventure (RPG) game that uses the display and the single pushbutton. As you play you earn more functions for the wand until you get all of the wand’s powers, and the ability to put program the wand to say whatever phrase you wish.

I used this project as my first foray into sub $100 development systems. A PIC processor, a 64kbit EEPROM, 10 LEDs, a pushbutton switch, a tilt switch, and a resistor is pretty much the entire hardware. The most difficult part was designing the hardware to fit in a very skinny aluminum tube. I built about 10 of them (have parts for 100) but can only find one or two.

This project lead to the creation of Sensys Networks (http://www.sensysnetworks.com).