MonthAugust 2017

NIST updating password recommendations

The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!

(Full story is behind the Wall Street Journal’s pay wall.)

You’ve used P@ssw0rds like this for years. It’s what NIST recommended for the Federal Government in 2003 and major corporations and universities picked up the guidance and set their password requirements to match.

Mr. Burr, who once programmed Army mainframe computers during the Vietnam War, had wanted to base his advice on real-world password data. But back in 2003, there just wasn’t much to find, and he said he was under pressure to publish guidance quickly.

He looked for some real-world data to see what people were doing.

He asked the computer administrators at NIST if they would let him have a look at the actual passwords on their network. They refused to share them, he said, citing privacy concerns.

Given there wasn’t much research into the field of password security and no real-world password stockpiles to pull from, he did the best he could.

With no empirical data on computer-password security to be found, Mr. Burr leaned heavily on a white paper written in the mid-1980s—long before consumers bought DVDs and cat food online.

Now there is better password data available. Have I been Pwned currently lists 3,999,249,352 accounts from 228 websites. My own data has been breached over a dozen times including by our own government

The truth about passwords is we’re bad at passwords. I am terrible at passwords. That’s why I’ve used 1Password to keep my passwords secure. I don’t know most of my passwords because they are nonsense and very long. I know a single master password.

Given this new data, NIST is updating its recommendations which will slowly be adopted by the government and companies as it did originally.

Long, easy-to-remember phrases now get the nod over crazy characters, and users should be forced to change passwords only if there is a sign they may have been stolen, says NIST, the federal agency that helps set industrial standards in the U.S.

Academics who have studied passwords say using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers.

This XKCD comic explains the math behind cracking these types of passwords. I look forward to leaving the P@ssw0rd days behind and welcome the correct horse battery staple.

Password requirement comic from XKCD.

Fortress of Habit

The death of reading is threatening the soul

“Once I was a scuba diver in the sea of words. Now I zip along the surface like a guy on a Jet Ski.”


When asked about his secret to success, Warren Buffett pointed to a stack of books and said, “Read 500 pages like this every day. That’s how knowledge works. It builds up, like compound interest. All of you can do it, but I guarantee not many of you will…”


Modern culture presents formidable obstacles to the nurture of both spirituality and creativity. As a writer of faith in the age of social media, I host a Facebook page and a website and write an occasional blog. Thirty years ago I got a lot of letters from readers, and they did not expect an answer for a week or more. Now I get emails, and if they don’t hear back in two days they write again, “Did you get my email?” The tyranny of the urgent crowds in around me.


I’m still working on that fortress of habit, trying to resurrect the rich nourishment that reading has long provided for me. If only I can resist clicking on the link 30 Amish Facts That’ll Make Your Skin Crawl…

Fortress of Habit is a wonderful turn of phrase.

William Gibson Talks ‘Archangel,’ Apocalypses, and Dystopias

Much of the planet’s human population, today, lives in conditions that many inhabitants of North America would regard as dystopian. Quite a few citizens of the United States live under conditions that many people would regard as dystopian. Dystopia is not very evenly distributed. Fantasy is fun, but naturalism is the necessary balance — realism, to be less precise. Naturalistic fiction written today is necessarily fairly pessimistic — otherwise, it wouldn’t be a realistic depiction of the present. If you were, say, a tiger, and you knew what’s about to happen to your species (extinction, almost certainly), wouldn’t it be realistic to have a pessimistic view of things? I think it’s realistic, as a human, to have a pessimistic view of a world minus tigers.


Q: How do you maintain hope in these dark times?
A: One day at a time, and treasuring those who retain an active sense of humor.

Knocking Down your Creative Blocks – 99U

In time, my office looked like it had been hit by a blizzard of 20-pound bond. There were piles of paper on every flat surface, and on the floor around me, all of them tagged with colorful Post-it Notes, some of the piles reaching several feet in height—a miniature cityscape at my feet: Transcribed interviews, notes, court documents and legal transcripts of testimony and deposition hearings, newspaper clippings, non-fiction books and research papers on the subjects of AIDS and the Reagan Administration’s war on pornography (a period during which porn consumption by the public rose exponentially, I would learn). Not to mention my collection of VHS films—black plastic rectangles, clad in colorful cardboard slip covers, stacked in rickety piles like so many skyscrapers populating my urban jungle of research materials.

The blizzard of 20-pound bond is a beautiful bit of writing. Reading that line made my old soul smile. I can also relate to being surrounded by paper and Post-It Notes.

Most Women You Know Are Angry — and That’s All Right | Teen Vogue

As I’ve grown up, I’ve stayed angry — but my anger has grown up, too. It has boiled down and condensed into something strong and subtle, something that I can control. Writing out my rage is cathartic — and useful, too. I’m lucky that my coping mechanism is also my career. Plenty of women are angry, and why wouldn’t they be? It’s bad enough that women and girls are still being attacked and undermined, as individuals and as a group — when our basic rights to health care are stripped away, when we are blamed for the violence that is done to us and shamed for our sexuality, when we have to get up every day and deal with racism and homophobia and class prejudice. It’s bad enough that we still have to fight to be treated as full, equal human beings without also being shamed and silenced if the whole situation makes us furious. Yes, we’re angry. Why shouldn’t we be? Why aren’t you?

Every woman is The Incredible Hulk. Their secret is their always angry and that anger needs some place to go.
You anger is a gift.