Wednesday, September 04, 2013

Protecting Usernames and Passwords Sir Richard Style

        A while back on a visit to New York City, a buddy of mine, one Sir Richard, sadly relayed to me how his laptop/tablet/phone had just been stolen and through that slight the bandit(s) were able to walk away with all his usernames and passwords for nearly everything in his life, in effect stealing his identity and more than their fair share of his money and other assets. It was a fairly traumatic experience for the old boy as it would be for anyone. Like many I too kept a running list of my own usernames and passwords in my various devices. How can we not in this day and age?

        That evening, unable to sleep, I decided that I needed to take some preventative action in order to prevent the same from happening to me and mine. First I used an encryption app to mask all the data; but I also needed to change the name of the file I keep that data in. But what should I NAME this new file? Certainly "Passwords" wasn't the smartest idea. So many people I know have a file or a Note in this phone called "Passwords"; just as poor Sir Richard once did. Probably not the smartest move. But as with all things negative in life, everyone is SURE that "that'll never happen to ME". Until it does. That's life. Funny how that works.

         Nope. The name of this file needs to be something that no one would ever be the slightest bit interested in if my device were ever lost or stolen. In days gone by when wanting to hide certain personal or confidential communications from the wandering eyes of overly curious busy-bodies in college, I would name the documents something like to dat.bin.cache01901 or some other meticulously boring and random name. This is a particularly brilliant idea that I highly recommend to anyone who has something/anything that they would prefer to keep private... It might be personal diary entries, or it might be the key to unlocking the secrets of the universe that you've been saving for just the right occasion. The file name should be something that sounds as if it's just a system file; that usually does the trick. Hell, I don't even want to click on files with those types of names.

        But what of this new file name for all my usernames and passwords? It too should be cryptic random and boring and NOT contain the words "username" or "password" in it even once. But it also had to be something I myself would remember... In the end, I decided on renaming this file RichardElliot, HIS name. No stranger is going to click on some random name if they find someone's laptop or phone... And best of all if I ever forgot the name of the file where I keep my usernames and passwords I figured, I would still be compelled to click on that Note now and then just to see why the hell I had created a Note called RichardElliot in the first place, in which case I would then be reminded what it was and where all my usernames and passwords were.

        A few minutes ago, after creating yet another new online account necessitating a username and password, this time on Basecamp (an excellent app if you aren't yet familiar with it), I opened up my RichardElliot file to make a note of this new username and password and was reminded why nearly ten years later I am still typing data into a Note with the old boy's name on it. It's funny how one minor event in one person's life can lead to another in someone else's so haphazardly. And what an odd thing it is now, these words; to him they are one of the most personal things a person can be associated with, besides a body one guesses, his name. To me, those words have transcended nameness entirely. Without thought, they're boldly etched in my mind now, solidly demarking a file I access on a a nearly daily basis, sometimes several times per day, ingrained in my consciousness as deeply as my own social security number or birth date. Yet in reality this is someone's name. A living breathing individual 5000 miles away....

        An added bonus is that I don't believe a day has gone by in the last ten years that I have not thought at least once about Sir Richard. In a way it might be construed as "cheating" a bit I suppose. When Sir Richard receives a seemingly random call text or Facebook message from me asking how he's doing, he expresses feeling "pleasantly surprised" and thanks me for "always thinking of him." Little does he know from whence the thought came... He might end up being that one friend on earth I stay in contact with the longest in my life simply due to this strange twist. But hey I can think of much worse things people could do with our name. So in the bigger picture it's probably not such a bad thing. And if in the end it saves me from suffering the same fate as he all those years ago God love him, then I shall certainly be forever in his debt.

No comments:

Post a Comment

Thank you for your comment. You rock for taking the time to share your ideas and opinions with others.