Monthly Archives: April 2014

Write really good passwords; avoid the collective security freakout

With the Internet collectively freaking out about the Heartbleed bug (a major Internet-wide security hole that could mean various passwords (and other information) have been nabbed off of “secure” servers) this week, I though I’d share a password system I use to have a unique password per site / account that I can easily remember:

  1. Pick a base.  This is what most people think of as their one password to use for everything.  Say mine’s “dogemanguy”.
  2. Make it better.  You should include numbers, symbols, and upper case letters in your password, and not use dictionary words.  So my “dogemanguy” password can become “D0g3M4nG0i!!” (those 0’s are zero’s, not an upper-case o’s).  This password should pretty much max out any “how good’s your password?” test.
  3. The important part — mix it up per site.  So here’s the trick I’m talking about, and why I’m personally not worried about the Heartbleed bug.  Take the name of the site you’re creating the password for, and intersperse the letters of that name into your base from step 2.  So if my step 2 base is “D0g3M4nGoi!!” and I’m making a password for “Facebook”, I would take the first letter of each, then the second letter of each, and so on, and get “DF0agc3eMb4onoGkoi!!”  Again, that’s comprised of every other letter of each, like so: “DF0agc3eMb4onoGk0i!!” and “DF0agc3eMb4onoGk0i!!”
  4. One step further: Don’t literally use the site name.  The big shortcoming of step 3 is that, if someone gets your (for example) Facebook password and notices the phrase “Facebook” sprawled throughout it, they could figure out the system and guess that you might have “Gmail” sprawled through that service’s password (especially if this method becomes more common).  One solution here is to have a system where you keep a list of matches, like “Facebook -> Mom’s maiden name,” and then you use that matched term as the phrase you’re interspersing into your base password, rather than literally “Facebook” (or whichever site name).  The big important note if you’re going to keep a master list somewhere is to never ever write down your passwords ever, or even parts of them.  The point of this whole system is that your brain is the cipher and only you should be able to untangle the mess of your new passwords.  That’s why I write “Mom’s maiden name” rather than (for example) “TheAwesome”.  So if I forgot my Facebook password, I would look at my matches list, see that Facebook is matched with mom’s maiden name, know in my brain that it’s “TheAwesome”, and end up with the final, ridiculous, and ridiculously secure password “DT0hgeeAMw4ensGo0mie!!” (“DT0hgeeAMw4ensGo0mie!!” + “DT0hgeeAMw4ensGo0mie!!”

You end up with a password that you can “easily” remember or reconstruct using these rules, looks like total gibberish, is likely completely unique in this website’s passwords database (protecting you from hacker methods like using a Rainbow Table to reverse-engineer your password if it’s based on common words), and moreover is completely unique in your password repertoire, so if somebody gets your Facebook password, they only have your Facebook password.  Much better than using one password for everything.

This solution comes down firmly (but not absurdly so) on the security side of the security-vs-convenience spectrum.  Yes, it’s a lot more complicated than just having a single easy to remember word that you use as your password for every site, but it’s also much, much more secure.  At the end of the day, especially this week, I’m very happy to be on the secure side of the spectrum.

Hired Project: Unity course curriculum

Another marathon work session last night saw me putting the finishing touches on a one-week (40-hour) course on desktop and mobile game programming and level design in Unity I’ve created for Digital Media Academy, a summer program for middle & high school students.  The course will be taught at 10 locations this summer, with me teaching at one or two of them.  This is actually an update / upgrade to a curriculum I first wrote for them last year in which, in a nutshell, students use a library of modular level pieces to design whatever sort of interior/exterior level they want, and we script a very flexible Minecraft-redstone-inspired action sender and receiver framework to stitch together all the interactivity in the levels.  I’m actually really fond of that action sender and receiver system and the method has begun to work its way into CosmoKnots and my other projects.  Last year’s version of this curriculum had a first person walker character controller, and this year I’ve added a rolling ball character controller, and students can select which they want to use in the game (or per level).  There’re still plenty of improvements that could be made (always, always), but for the time being, the project is done and I’m feeling plenty happy about it.

I’m still not sure where teaching fits into my life scheme, but I’ve enjoyed teaching programming and digital media skills to kids for at least 12 years now (I’ve totally lost count).  I’ve always wanted to do online tutorials and such, and I’m looking forward to doing more of that on the Defective devblog and elsewhere.  If I’m lucky maybe DMA will even feel like letting me publish some of my video demos and lectures from this course 🙂

New Song: Cherry Blossom Bosoms, pt. 2

Long ago, I posted just the first portion of this song, promising that I’d upload “part 2” (aka “the rest of it”) shortly.  At that time I had already finished (maybe 98%, I don’t remember exactly) this version, and just needed to get a good recording.  And then much time passed.  At long, long last, the day before moving (for a while) to Japan (more on this soon), I finally got this recording…. and that was four months ago.  Today, cleaning up some files, I came back across it.  Woops!  So, here’s that long-promised-long-misplaced recording:

I described in the first post that part 1 was written without a piano, just in Finale, which was a new and challenging approach for me.  After learning to actually play the piece on piano (the majority of the challenge of that approach), I expanded upon it in my more typical zone, just jamming around on the instrument, and the result is what you hear above.   Actually at a few small moments in working on this new version, I went back into Finale to really figure out tough passages, so I’m very happy to have added that implement to my musical toolchest, where earlier in my writing I would’ve just ended up going with something I was more comfortable playing off the bat.  All in all, I’m really happy with how this piece came out.

There might be a part 3 in the future.  The plan from the get-go was to write part 1 in Finale, learn to play it, write part 2 with the normal jam-approach, which brings us to now, and then to transcribe part 2 and expand on that, back in Finale, into part 3.  So maybe that’ll happen sometime soonish… but no promises 😉