White Collar Handyman
In-Home and In-Office Technology Concierge Services
Lessons & Tutoring • Repair • Troubleshooting • Upgrades & Installation
Fast Response • Reasonable Rates • In Your Home or Office • Same Day Service Available
(781) 989-2373
Hey! We've moved to a new URL to better reflect who we are and what we do! Please visit Rob Falk Technology Concierge Services at http://robfalk.net and update your bookmarks.

Wednesday, April 30, 2014

An Open Letter to Web Sites Where I have a User Account (All 162 of You)

Dear Webmasters:

Congratulations on your new certificates. I'm very excited to change my passwords and all my security questions at each of your sites in the next few days… and to keep changing them every few months for the rest of all of eternity.

I know this "Heartbleed" thing has been a real drag for everyone, but in its wake can I ask for a few simple things moving forward? I think it's a pretty reasonable list:

1. I'd like to be able to use more than 9 characters in a password. I'm looking at you Discover. Is space on your server so dear that an extra dozen characters or so would kill you?

2. I'd like all special characters to be OK. Really, if I can type it on a computer keyboard, you ought to be able to deal with it. It's 2014. Do you realize that if I can use symbols and special characters, my password can be shorter and just as secure? An 11 character password made up of all available characters has the same 80-bit security as a 14 character password made up of only case sensitive alphanumeric characters.

3. I'd like to know up front what your particular parameters for acceptable password length and composition are. In other words, when you tell me "At least 7 characters/1 Number" it's of no use at all when I enter 30 characters, and then you tell me that's too many. And then I enter 24 characters and again you tell me that's too many. How about just telling me "at least 7 and no more than 20?" And whether or not "special characters" are OK. Thanks CVS. Changing my password with you was almost as much fun as playing Candy Crush, and just as challenging.

4. If I want to say that my mother's maiden name was "0(jK1bBn," what's it to you? To me, it's better security than posting all kinds of personal information to be stolen by hackers the next time you leave the hen house open. Just like having a different password at every site, I kind of like too have different security question answers as well.

Finally, maybe think about not hiding the "sign out" button in a different place on every single site. If I want to play "Where's Waldo," there's an app for that.

Sincerely yours,

Rob Falk

No comments:

Post a Comment