On Security

You know the kind of stupid stuff you do when you’re 16? And they suddenly appear again many years later to haunt you? You know, like having kids, smoking crack cocaine, burying corpses on your backyard… or even, on those moments of utter carelessness, sharing root passwords?

Some may have noticed this website was compromised yesterday and asked me what happened, so here goes a little advice: don’t use the same “low-security” password you’ve been using for the past 7 years out of sheer laziness on a public website that gets syndicated. In fact, don’t use it anywhere, dammit.

In this particular case, I had a few friends from high school days who happened to know this password, as we shared a few local user accounts on each other’s machines, and sometimes needed to get root access to help fix things. Being the idiot I am, I ended up using this same password for many other things, some of them not as low security as I’d think, and completely forgot about the fact that one of these friends has his moments low self-esteem, and needs to draw attention to himself every so often. But instead of getting a nicer or more expensive car, computer, cellphone or girlfriend, like everyone else who was beaten up as a child would, he goes around annoying people. Sad.

So, I’m changing all my passwords to 50-character passphrases. With alphanumerics, l33t-sp33k, spaces, non-ASCII characters and whatever else I can think of. Sure, it takes me about a minute to log in to my daily stuff, and it’s a pain in the ass, but it saves me from the trouble of thinking about all those different torture methods. Well, sort of, there’s still a lot of spam…