Personal Password Audit

In my quest for better online security, I have been working on a personal password audit. I have been going through all of my accounts and changing the passwords. In the process, I am insuring that each account has a unique password. How will I remember all those passwords? How will I make sure I do not repeat myself? I have used a password manager for years. It makes it a lot simpler to use strong passwords and not have to remember them all.

My password manager of choice is LastPass. I chose it initially because of the free version, support for two-factor authentication, and the approach used to secure their customer data. Now that LastPass has actually been hacked and had their customer data stolen, I am even more confident. Even though the encrypted data got into the wild, the good practices LastPass uses to protect customer data has prevented anyone from actually compromising that data.

LastPass lets you access your passwords on virtually any device, as well as store secure notes. The convenience of having my passwords available to me on any computer, phone, or tablet is amazing. I am a huge fan of the sharing ability that is built into LastPass. I can securely share account credentials with my wife without having to worry about letting her know every time update the password. LastPass syncs the shared account information to her LastPass account whenever I make a change. She cannot actually view the password, unless I authorize it when I share the password with her.

Another great feature of LastPass is the ability to evaluate your passwords for security. It will let you know if you are using a duplicate or weak password. It is always good to have something keeping you on your toes when it comes to security.

Although I have a history of using strong passwords, I am starting to use the LastPass password generation feature more frequently. Since I no longer need to remember the password, it makes a lot of sense to use a string of 30 or more randomly generated characters and numbers.

Yes, I said 30 or more. Length is the best defense against password cracking attacks. The longer the password, the harder it is to figure out, even if the password is using plain text words. It strictly has to do with the number of possible combinations that are created. I try to vary the length I use to make it even more challenging for someone to crack my other passwords based on a single compromised password.

If you do not want randomly generated passwords, and really want something that you can remember, you can use a technique called haystacking. Essentially you pick some words to use for your password and add some padding characters and numbers. Make it a pattern you can remember. This will help you create a long meaningful password that you can remember, which is important for your master password for a service like LastPass. If you really want to geek on the math of it all or learn more about haystacking, you can get started with this Gibson Research Corporation article on haystacking and complexity.

Do not use information in a password that you share with anyone or is public record. Just like Google can make some good guesses about what you like based on your browsing habits, it is not terribly difficult to scrape together data from your social media and public records to generate a list of probable passwords. If you make up a password that is just a combination of things like your child’s birthdate, favorite sports team, and your favorite color, you have made it fairly easy for a password cracker to narrow the possibilities.

In my opinion, the best thing to do is take some time to install and use a password manager so you have no reason not use long, complex passwords. For your master password, take a few minutes to learn about haystacking and create something unique to keep all your passwords secure. Please do not use the same password for every site. Take some time to do a personal password audit to make it harder for someone to compromise your online security.

Online Citizen

I have been an online citizen since the days of dial-up bulletin board systems (BBS) circa 1983. I found my way to the internet a few years later. I decided fairly early on that being online was really like being in any other public place, much like going to a park, mall, or theater.

I believe there is a certain amount of privacy surrendered by putting myself in a public place. My appearance and activities in a public place are visible to others that may be present. I do not believe that appearing in a public place grants permission for people to inspect every aspect of my life.

I have become increasingly dismayed about the amount of surveillance that is done on the internet by both private and government organizations. I am quite comfortable with the idea that what I post on my public blog, Facebook, and Twitter are entirely in the public eye. I am not comfortable with my every communication and activity being inspected by organizations or persons that are not directly involved.

Net neutrality is also an issue that has concerned me for quite sometime. I believe that the internet should show no preference to traffic. Data packets are data packets. They should not be judged by who sent them or where they are going. The companies that route the traffic through the internet should not be able to give special treatment to certain types of traffic.

Given the current political climate in the United States and the growth of efforts to overturn net neutrality, I decided it is time to start being more cognizant of my online security. Over the last couple of months, I have started to take some steps to better secure my online presence and communications. I am certain that my efforts are not perfect, but I plan to share my experiences so that others may benefit.

 

AWS re:invent 2016

I spent last week at AWS re:Invent in Las Vegas. It was an amazing week of learning, new experiences, and sensory overload. The logistics of 32,000 IT folks descending on the Venetian, the Mirage, and the Encore were simply staggering. Overall, the week went very smoothly, and I was very impressed with how easy it was to participate.

Over the next weeks and months, I have a lot to explore and write about from just this one week. From the amazing hackathon to the deep dive sessions to new things announced, the volume of information imparted was incredible. It was great that many sessions were recorded.

I am somewhat daunted by the task ahead of trying to dive in and document so many amazing things. On the other hand, I am excited by all of the powerful tools and techniques that I am going to attempt to explore and understand. Hopefully, I will document my journey and experience in a way that will be useful to others.

Autism, the Workplace, and Me

Wired has posted a great article about autism spectrum people and the workplace. This article gives some excellent insight on why accepting and encouraging autistic people in the workplace is not only important, but may help accelerate solving some very hard problems. It also has helped me spur me to tell a little more of my story.

As a person on the autism spectrum, I can tell you that I struggled for years in the workplace trying to fit in and trying to figure out all the “rules.” I am fortunate that I am working a great place like SparkPost that embraces people for their passion and ability rather than a snappy suit and winning smile.

 
Learning to cope with social situations and rules where all I can see is getting something done and doing it well was really hard. I was fortunate to work with a really great psychologist that helped me develop better coping mechanisms and improve my self-care.
 
I am by no means “fixed” and I do not want to be. I do not want or need to be “cured.” I have embraced who I am, and I understand now that there are things that I can do very easily that others cannot. I have focused on sharing my experience and knowledge. My coworkers are generally receptive of whatever I can do to help them. Communicating is hard, but the practice is good for me and gives me great satisfaction to help someone else.
 
I still have hard days and challenging moments. I still have meltdowns occasionally. I have become fairly good at containing them or channeling them in other ways. I have also developed a trusted network of coworkers that I can vent to privately without fear.
 

Most importantly, I have a great partner in, Irina, who has worked very hard to understand me and support me. She gets it when sometimes I just can no longer cope with outside input, and she will let me go turtle up and lose myself in a video game or whatever else soothes me. Conversely, she won’t let me quit or just check out permanently. She is always there to help me push through.

 

It was very helpful to see this article today, as I prepare to head off to AWS re:invent tomorrow. I know it will be a sea of over stimulation and challenging situations, but I have prepared myself and thought through how I will cope with the challenges. Although I am anxious, I am excited to be going with my coworkers to interact with lots of other people with similar interests. I could never have done something like this five years ago. I did not have the coping mechanisms and the support systems that I have today.

If you know someone who is a bit socially awkward, has trouble coping with social situations, seems to have very narrow interests, does not talk or communicate much with others, or seems to be easily frustrated by dealing with other people, I would encourage you to take the time to reach out to that person. Start simply with a greeting or ask about something that person appears to be interested in.

 

Be prepared to have to do this several times over days or weeks before you may get much response. Be prepared to listen. Often times when we do come out of our shell, then it is an explosion of information, especially if it is something that we love. You will very probably find a very interesting person who although may be socially awkard, has tons of interesting things to share and talk about when he or she feels safe.

 

I hope everyone gets the opportunity to meet and work with someone on the autism spectrum. Just remember, that once you have met one person on the autism spectrum, you have met one person on the autism spectrum. We are all unique and varied individuals. Please take some time and get to know as many of us as you can.

Beginning Again

It is time for me to begin blogging again. There are many changes that have transpired in my life over the last couple of years since I have blogged regularly. Well, honestly, I have never really blogged regularly.

Regardless, it is time for me to become better at blogging on a regular basis. There is a lot of stuff in my head on a variety of subjects. Writing helps me cope with all chatter occupying my mind while producing something.  That is probably the most salient thing that I have realized over the last few years.

I will be spending less effort on trying to maintain a narrow focus in blogging to allow more stream of consciousness subjects. It should help me better process the things that are moving around inside my brain while simultaneously producing more content. I do not really know if the things that I ponder are useful to anyone else, but I do know that it is theraputic for me to express what is in my head.

The topics I will touch on, circle, deep dive, and meat grinder will be diverse. There really is nothing that is out of bounds, uninteresting, or impossible for me to talk about. The desire to understand the universe around me is what makes it tick.

I possess no illusions about the limits of my knowledge and experience. I am hopeful that by publicly spilling what is in my brain I can benefit from the comments, insights, and feedback provided by those that take time to sift through my ramblings.

Getting past my anxiety about sharing the things I write instead of simply stashing them or trashing them is a very big hurdle. Although the hurdle is still there, I must look beyond the immediate and focus on the long term.

Here goes.