There are some nice tips in here, even for those of us who've read and/or written dozens of similar posts.
Could Google Quick Search Replace Quicksilver?
Nicholas Jitkoff, who created one of my most used Mac utilities, Quicksilver, now works for Google, which has just released Google Quick Search. I and many other devoted users lamented Nick’s decision to stop development on his popular app. Now we know why he took that step and more importantly have hope that something better than Quicksilver is on the horizon. Lifehacker has provided a nice writeup of the current capabilities, but if you’re in the mood to just grab it and give it a whirl, you can download it on Google Code.
Google Quick Search already contains a lot of the QS functionality, but uses Spotlight for its indexing, which should provide a significant increase in search speed while reducing the processor requirements. Hopefully, by offloading the search indexing to Spotlight, privacy advocates don’t need to worry about Google synchronizing the index of every file to their servers, but I haven’t seen word one way or the other as of yet.
Google Quick Search is young, but promising, and I truly hope it will pick up the Quicksilver banner and advance it.
Creating and Remembering Complex Passwords
My buddy Christian recently asked me about my personal password creation algorithm, which is something I’ve mentioned a few times (including once or twice at a Refresh Austin meeting). After doing a quick walk through with Christian over IM, it seemed appropriate for me to write it up in a more legible format so others can benefit.
It all comes down to this: you want a memorable, but complex password to use on the Web. Ideally it isn’t the same on every site you access to ensure that one compromised Web site doesn’t leave every one of your other accounts open to nefarious evildoers.
Short & Sweet
This post is longer than I anticipated, so here’s the bit-sized version.
- Start with a memorable phrase.
- Strip spaces, substitute a few characters (‘e’ becomes 3) and play with letter case. You will use this base to create the same foundation for each site’s password.
- Use part of the domain to modify the base, creating a unique password. This example uses the first and last letter from www.amazon.com. Ignore subdomains (‘www’) altogether. Every site will use this same pattern (first and last letter, no subdomain) to fill out it’s password.
- Add some complexity. In this case we add a number (’22’) and a dash at the beginning and a question mark at the end. This becomes a part of the base for all passwords, just like the initial phrase.
- Examples from different domains: www.microsoft.com, www.facebook.com and store.apple.com.
I recommend you read the full post as I give other examples and provide a couple of usage tips throughout.
There are a few simple steps to achieve these goals.
Start With a Phrase
For this first example, we’ll use the title of a seminal jazz album, Miles Davis’ “Kind of Blue“.
Formatting and Substitutions
Let’s begin by removing the the spaces as most login systems won’t accept them in your passwords. We now have
KindofBlue. Next, we’ll do some simple substitutions of numbers for letters (the capital “O” in “of” becomes a zero and the ‘e’ in “Blue” becomes a three) and play with capitalization, which results in
kind0fBlu3. This isn’t that complex, and the number-for-letter substitutions is easily recognized (and broken), but it should be easy for you to remember.
Making it Unique per Site
This is where it gets more interesting and more secure – we’re going to take a bit of the Web site to use in our password. In this example, let’s take the first letter and last letters of the domain and insert ’em at the beginning and the end of our password. So for www.amazon.com the password is
akind0fBlu3n. For the Apple Store (http://store.apple.com/us) it is
akind0fBlu3e. You’ll notice that while they are similar (the only difference is the last letter), they are different, so if someone learns your Amazon password, they can’t get into your Apple account unless they deduce the overall pattern.
You should only use the main part of the URL (amazon.com, apple.com). Ignore subdomains (“www.”, “store.”) as you will likely only have one account on a domain, but the domain may have several subdomains. This keeps life much more simple for you.
Rounding it Off
I like to add a couple of extra touches to make my password a bit more complex and to make it more difficult for someone to recognize that there could be a human-readable pattern. Continuing with our example, we’ll add a number (22) and a dash at the beginning and a question mark at the end, which generates
22-akind0fBlu3n? for Amazon. These latest additions don’t change from domain to domain, so you don’t need to memorize a bunch of different patterns. For example, the password for Microsoft’s site would be
A note: Some login systems don’t allow punctuation, so it’s handy to stick it at the end or at a specific spot. For a domain that won’t let me use the dash or question mark, I know to delete the third character and the last character of my normal pattern resulting in
22akind0fBlu3n for Amazon.
The sample I used above is pretty simple, and easy to recognize as a word or phrase. A better pattern would be to use a sentence or phrase and take the first few letters of each word as your base and/or shortening words. Sticking to our musical theme, here are a couple of ideas:
“Dance Me to the End of Love” by Leonard Cohen
We could take the first two letters of each word:
dametothenoflo which with some substitution and additions becomes
9+adam3tothenofl0n! for Amazon and
9+mdam3tothenofl0t! for Microsoft.
“Little Red Corvette” by Prince
We can get a bit more creative here and substitute “Lil” for “Little” and only use the first three letters of “Corvette”:
LilRedCor. As before, finishing out the pattern could result in
00=aLilredcorn! for Amazon.
Of course you don’t have to choose the first and last letters from the domain, you could choose the second and third (assuming the domain is longer than two letters) or you could take the first letter and put it at the end and take the last letter and put it at the beginning.
A Couple of Notes
I didn’t come up with the idea, and I no longer recall where I first learned of it, so while I have adopted it wholeheartedly, someone smarter than me deserves credit for it.
This is not foolproof and I am not a security expert. Following this pattern means your password is not truly random and someone who has access to your account on one system and is clever enough, could determine how it works and get into other systems. That said, it is at least more secure than not using a system like this.
I recommend creating and using a few of these patterns to reduce the risk that breaking one will allow somebody to access every account you have on the Web. For truly important sites (your bank account, anywhere that stores your credit card numbers), you should go with a random password generator paired with a secure password manager, like my personal favorite 1Password (Mac only, I’m afraid).
So, how can we improve this practice and how do we ensure that this is something that non-technical people can use to be a bit safer online?
Quick « » in OS X
I accidentally inserted a double left angle quote («) this morning, which lead me to discover that OS X provides a handy way to insert it and of course it’s match, the double right angle quote (»). This may not sound like much, but given how often I use these characters (especially ») in my wire frames and other docs, these shortcuts will noticeably improve my efficiency.
Here are the keyboard shortcuts to use in OS X:
Double Left Angle Quote («) –
ALT \ (hold the
ALT key and press the backward slash key)
Double Right Angle Quote (») –
ALT SHIFT \ (hold the
SHIFT keys, then press the backward slash key)
Note 1: this doesn’t insert the HTML equivalent of either character (
» respectively), it inserts the actual character as if you were to cut and paste it from the character palette.
Note 2: the
OPTION keys are equivalent. so if you don’t have an
ALT key, use