Personal Password Management Survey

My next computer security video will cover personal password management. In anticipation of that I decided to do an anonymous survey to see how folks manage their passwords. I don't claim that it's statistically accurate or that it reveals anything conclusive. It's a sampling of people from Facebook, Twitter, and work.

49 people from all over the place took the survey.

When asked to rate themselves on their management of passwords:
6% said less than OK
49% said OK
45% said better than OK

When asked about their approach to using passwords:
57% said they use a different password for each class of service (one for commerce, one for banking, one for social services, etc.).
24% said they use a unique password for each service.
19% said they use the same password for everything.

Checkwashing Countermeasure... A Pen!

I less than four minutes a crook can steal your check, selectively erase your writing, and make the check out to himself for any amount. That's checkwashing and it's preventable.

Most pens use dye, not pigmented ink. The uni-ball® 207™ uses ink with certain color pigments that bond with the paper fibers in checks making it very hard to "wash" the ink off. This pen, and others like it, could be a simple defense against the threat of checkwashing, which is simple and fast to do. The use of a pen like this, combined with the habit of properly filling in all the blanks on each check, and routine audits of bank statements will help you defend against checkwashing.

E-petitions Don't Work

Imagine being frustrated about a new tax and going into the basement to scream. Great, you've had a little therapeutic outlet but unless the people who levied the tax are in your basement it will not change anything.

I'm just as irritated as the next guy when it looks like an injustice might be perpetrated through the passage of a new bill or some court ruling. I want to do something and I want to be efficient when I do it.

At first blush the e-petition seems like a great way to influence the powers that be. Get thousands of people who agree with you and have them all sign it, but there are a number of problems with it.

Greylisting for your telephone

Greylisting is "method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again and the email is accepted. If the mail is from a spammer it will probably not be retried since a spammer goes through thousands of email addresses and can not afford the time delay to retry."

Why not apply a similar technique to your telephone? It could be done without much effort in this day of caller-id. Imagine if you had a device that, when plugged into your telephone line, would allow you to automatically answer the phone for unknown numbers and give the caller a message. The message could be generic or it could be instructions to do something specific. You could be program the device with a list of white listed (allowed) telephone numbers as well as blacklisted (denied) numbers. The device could give a different message based on whether the number is in the blacklist or simply unknown. If the calling number is on the white list the device does nothing, allowing standard telephonic devices to continue operating.