Password Management Today

With the growth of internet web services and mobile apps, password management has become a real issue that a user should be concerned about. This has especially become so since now we are consumers of a lot of web services where the very first step is to create an user account which hopefully no one else can log into.

The basic problem of password management can be broken down into the following questions:

  • What password should I pick for which website ?
  • How should I store/retrieve my passwords ?

There are some solutions to tackle this problem.

Solution 1:

Use the same password for every website.

Pros:

  1. Easy to remember even with growing number of websites.
  2. Use your brain only and do it efficiently (there’s just one).

Cons:

  1. Big security risk.

Solution 2:

Choose a methodology that can be easily remembered for generating password for different websites. For e.g., add 007 after the website url.

Pros:

  1. Easy to remember even with growing number of websites.
  2. No single point of security risk, the methodology needs to be discovered by someone trying to attack you.
  3. Use your brain only. Remember depending on how complicated the steps of the methodology are, efficiency of the password computation can vary.

Cons:

  1. The security risk depends on the sophistication of the methodology.
  2. The manual process of computing the password limits the methodology or else trades off with the computation time. You don’t want to sit down with a pain and paper to compute your password :-).

Solution 3 (Takeaway for this post):

Use a password manager. There are lots of them out there.

Pros:

  1. Managing passwords is not your problem.
  2. Can pick very strong passwords.
  3. No correlated passwords.

Cons:

  1. Have to trust the password manager program

A browser comes with the simplest password manager since it saves your password if you want it to. A word of caution here, always use a master password for your browser to manage your password so that no one else can view your saved passwords without entering the master password. You also want the passwords to be saved on your computer in an encrypted file so that others cannot read it which any decent password manager would do. There are lots of password management tools out there. Use them. Generate a strong password if your password manager does not support password generation. Here are some ways to do it on Linux/MacOS or Windows. A password manager can also backup your saved passwords in the cloud to save you from machine failures. Preferably choose one which does that. Never compromise on encryption. The cloud is less trusted than your computer. If you still think you do not need a password manager, read this. Now that I am done sermonizing, looking back I used to do password management by hand by saving my passwords in a file and then encrypting them using a GPG key and storing them on git server. And then I stumbled up Pass. It does the same things but better. Try it if you a power user or just want to know how the infrastructure works without doing all of it :-).

This is not smart. Get smarter !!

Almost the perfect guide

Entering grad school can be one of the most daunting steps. It’s almost like discovering that you are a Jedi but you don’t know how to become a Jedi master and you need to be trained for it. There are a lot of common questions and there is a lot of shared understanding of what goes on but it’s not well articulated. This is where I find the following blog to be invaluable

http://matt.might.net/articles/

If you are a computer science enthusiast (undergraduate,postgraduate or in grad school), you might find his writings extremely invaluable. Even if you are not a computer science enthusiast but belong to an academic setting, the articles can be invaluable.

Invaluable advice your way

 

Merger proposal of Math and Computer Science (Datalogi) departments in KU

Last Tuesday, the Dean of the Faculty of Science proposed a merger plan to merge the departments of computer science and math into one. The meeting invitation went out to the faculty and the students only a day ago in the midst of a busy teaching bloc. The merger was reported in the University Post. This has sparked a spate of opinions which all seem to point to the utter absurdity of the move especially since it was tried 2.5 years ago and failed, and nothing has changed since then other than the reasons against it. A lot of conspiracy theories are also doing the rounds. Whatever the real reasons behind the merger may be, what is clearly apparent is the fact that the move has not been thought out well by the Dean’s office and has not encapsulated the people it concerns and hence it just remains a tactless, non-visionary (contrary to the claim), damaging exercise just for the sake of it.

This probably sums it up

Stupidity in the guise of Cleverness

Of late, I am just sick and tired of “sort of inspirational” or “clever” quotes which appear on pictures of famous people. And no surprises there, Einstein leads the gang there. I am completely sure that he/any of the people claimed in the picture did not say all of them or any of them because of the following reasons:

  • They would not have had any time to become famous given the volume of stuff they had to speak.
  • They do not have IQ level zero or more realistically even negative.
  • They were mostly rational human beings.
  • They absolutely hated retards championing them.

So, it completely befuddles me to see the sort of absurd stupidity being paraded under the cloaks of perceived/established cleverness/wit. At times like this, I want to go back to the stone age where drawing pictures was the only form of communication between humans :-). And with that I end my rant.

Really !!

 

 

Emailing just got more complicated

The department of computer science has been long under the pressure of moving their email systems from diku.dk to di.ku.dk . A couple of weeks ago SCIENCE-IT finally did the migration. So the old postfix email servers were discarded for new shiny Microsoft Exchange solution. As a result I found out last week, that old solution of automatically forwarding / re-directing emails were discontinued on “legal” reasons (which as a user I have no clue of). This means my earlier solution of using another email address mailbox as a backup mailbox to archive incoming emails by forwarding all incoming emails does not work unless I use POP on another server with my passwords (which I would never dream of doing). The old solution was a mind boggling simple and flexible one. What we have currently achieved is to give up the simpler and logical solution for an inflexible and legal solution. All this just begs the question, what is the purpose of the migration ? Make the system easier for users or easier to administrate for admins ignoring the users ?

And thats what its all about

GitHub goes Educational

I was looking for a  way to host private git repositories which I could share around with other collaborators really easily. One option is to use a local git repository and then share it using Dropbox but that makes one lose some of the cool features of github. Another option is to request Github to upgrade your account for free if you are a student or an educational institution. I did that at the Github request page and got my account immediately upgraded to a micro account for free. It helps in the processing if you add an educational email and verify it before applying for the educational upgrade. Yay to Github 🙂

 

Github goes educational

A course well done

A week ago, I finished a week long course PhD course, “Introduction to University Pedagogy”. It’s a course which gives you a feeling well done and that you have learned something from it. What impressed me most about the course were:

  • Introspective nature of the course
    The course is not about transferring knowledge, its about building knowledge. It involves the participants into analyzing situations and discussing possible solutions.
  • Hands on learning
    The course comprised of teaching modules of 20 minutes where participants had to teach a topic/s so that the audience could comprehend the learning goals. Since the audience were from diverse backgrounds, that ensured the topics were quite randomized and interesting. Post the teaching session, a 40 minute feedback/discussion session was held which made the “teacher” realize the pros and cons of the teaching from the students. It was a model done right and what stood out for the course.
  • See yourself
    The teaching sessions were also video recorded which the participants could later access and then realize their strengths and weaknesses. It helped me particularly to understand the feedback better and look for critical hints in the feedback based on the teaching video.

I would definitely recommend this course to the plethora of students hoping to fill their ECTS PhD points anytime and the sooner you do it in your PhD timeline the better it is. At least it will save the pain in the picture.

Teaching not done right haunts the teacher more!

DIKU Systems seminar

A long long time ago, there were 3 people who always ended up talking to each other during coffee breaks and lunch hours and other “important” time to talk about computer systems. Then, one day a shining light appeared before Marcos and he decided to start a new reading group with Kostas and me to enlighten us and have our original discussions without turning coffee tables into a whiteboard. Today was already the first session and it stretched to 3 hours instead of the pre-planned 1.5 hours. If you want to talk systems, what are you waiting for. BTW, if you want to sponsor the lunch prior to this seminar meeting, we can put up your name on our whiteboards. Who knows what the future holds !!

System seminar (what we definitely don’t want to do)