How a password ruined my life

Recently, I read this article on the Internet: How a Password Changed My Life.
If you don’t want to read it, let me resume it for you: essentially this guy is tired of changing (and of remembering) his password every 30 days (he has to do so for his work), so he decides to use meaningful passwords (like Quit@smoking4ever) with the idea in mind that not only they will be easier to remember, but that typing them over and over each day will help him achieving the goal they represent. Apparently, this stuff works, and I congratulate the author for his personal accomplishments, I’m happy for him.


Using passwords like the ones suggested in the post is a hell of a bad idea.
If you look at the password of the article, you will notice that:

1) – They contain only letters, single digits (rarely in groups of two), and the symbol ‘@’ (only once we have ‘!’)
2) – The words always have meaning: either they are straight (simple!) English words, or they have substitution like ’4′ instead of ‘A’, ’4′ instead of “for”, and so on.
3) – They are embarassingly short, i.e. they are made only of a few tokens (a token being one of the components described above).

Knowing these rules, an attacker could easily write a program to guess a password that followed them; he would only need an English dictionary (not even a full one, only the most used words apparently) and some rules for replacements like “to” to ’2′ (no pun intended).
This means that the password strenght is low compared to an optimal choice. In some cases it might still cause trouble to an attacker, and I’m not going to analyze that here, but the point is that it could be (much) better, and that there really is no reason to take this kind of risk.

Sure, if the password protects an online service it may still be hard to carry such an attack in short time without alerting firewalls, but if it is used to restrict access to a local resource, well… it simply wouldn’t fully serve its purpose. Since someone seems to have forgotten what that is, let me remind it:

Passwords are meant to be used for protecting secrets, not for reminding important stuff you have to do in your life.

So, to wrap it up, my advice is to use passwords that are truly hard to guess. Google will tell you lots of tips for generating them and storing them safely.
Please, do not follow the author’s post literally. If you really have to use a password to change your life, make sure that

- your substitutions are more clever than his
- you use longer passwords than “Get@c4t!”
- keep in mind that there are other “special characters” besides ‘@’

Yet another NO: a machine did not pass the Turing test

So, here I am with my first article. I’m late and many other blogs have written about the sensational news of Eugene Goostman passing the Turing test, yet I’d like to pass on the story told the right way: the Turing test has not been passed by a machine (yet).

I’m not going to try and explain the issue from the beginning and do what others already did (that is, debunk a myth that has been created by poorly informed journalism, and exploited for advertising a not-so-special chatbot). I’m going to give you this reference to an article on TechDirt that I hope will clarify your doubts, and focus on an issue of which this event is only an example:

How can hoaxes like this propagate the way they do?

The answer is trivial: not everyone is an expert in computer science, but there’s plenty of non-experts who want to write about it.
Additionally, bloggers that write crappy articles often get a (un)fair amount of views, even more than serious ones, et voilĂ : repost, like, share… bullshit is spread.

It is too early for me as a blogger to adventure on long explanations about this phenomena, and also there is a chance that from your point of view the stuff I write is complete nonsense, so I’ll end it here for this time, but not without an invite for everyone who reads:

try and use blogs and the Internet in general to spread good, reliable information, and do not repost seemingly breaking news that you haven’t verified.

I’m talking about computers and technology, but I try to use the same behaviour in every field of knowledge, specially when reading things I know nothing about. If I didn’t even know what the Turing test was, I wouldn’t risk sharing that it has been passed without at least get informed on what it actually is (i.e. read somewhere else than the blog spreading the possible hoax).
Well, apparently a lot of people would happily take that risk.

A new blog

Welcome to my new blog: return 0;

As you can see from the name, I will try to write about technology here. I say try, as I’m sure I’ll eventually contradict myself and post about my personal (and questionable) ideas, as every blogger eventually does.