WordWorks

In pursuit of textual glory

Category: web

Password

Password tips from Tufts University.

Creating Strong Passwords

Note: The following information is derived from the TCCS Training and Documentation's Local Area Network Password Creation Guidelines tip sheet. Click here to view the password tip sheet or here to view the extensive list of documentation and tip sheets available from the TCCS Training team.

  • Minimum password length is 8 characters (can contain more).
  • Password history is 24 – Your password should differ from the ones set previously.
  • Passwords must not match any portion of your user name (UTLN; ex: jsmith01)
  • Passwords must not match any portion of your full name.
  • Can not use the words password, change, temporary, or Tufts.
  • Cannot use 4 or more repeating characters – example: hhhh, 1111, AAAA, $$$
  • Passwords must contain the following:
  • At least 1 uppercase character
  • At least 1 lowercase character
  • At least 1 numeric digit
  • At least 1 special character – example : @, #, %, {, ?, +, etc.
  • In addition to these requirements, passwords should: Never be shared, written down, or e-mailed to others
  • Be easy to remember (for you, not others!) – The temptation to use loved ones names, birthdays and anniversaries is great. But "easy to remember" can also become "easy to guess." And, in a world where hackers use sophisticated software to crack passwords, an
    easy password is an open invitation. The challenge is to create something that is memorable for you but tough for others to decipher.
  • Be changed frequently – The Tufts domain requires a password change every 180 days.
  • Be altered when used for multiple applications – A common trick is to integrate the application description into a base password that does not change, such as 1!T%@p ("I love to look at paintings"). When used for database access, it might change to d1!T%@pB; used for ISP access, it might change to W1!T%@pb.

Technorati Tags: ,

Advertisements

Bug or feature

Its an age old question and I am none the wiser. I think I shall let you decide after reading my recent experience with Mail.app and Gmail.

I have recently developed an insatiable interest in encryption algorithms and have been fooling around with the excellent open source implementation i,e GPG and its accompanying plugin for Mail.app on OS X. I installed the requisite packages and created a key pair. My problem was that I did not have anybody to send encrypted email to!!, so I decided to send one to who else but myself.

I composed this email in Mail.app and sent it from my Gmail account to my ( the same ) Gmail address. Funnily enough I never got this mail. The mail was definitely sitting in my inbox when I checked using the Gmail interface. Mistaking the encryption process as the culprit I sent another email, this time unencrypted and that too was never downloaded by Mail.app. The mail did show up in my inbox however!

Intrigued, I posted this problem on the Apple discussion lists and got this reply from a very helpful person who calls himself David Gimeno Gost. I have reproduced the text of the discussion verbatim below which you can also read here.

    Me :

I have 2 Gmail addresses and have been retrieving mail from them via POP, using Mail.app for a while now. I am using OS 10.4.6

Of late I noticed a problem that I haven’t seen before. It is as such. If I send an email using Mail.app with the same “From” and “To” gmail address and later try and download that email using Mail.app, that email is never downloaded using POP, though I can see it in my inbox using the web interface. Please note that this particular condition needs to be satisfied i.e, the email needs to be sent and received to the same Gmail address. Mail.app is able to receive emails if sent from one Gmail address to the other and if sent from the web interface, even if from the same account!!

I am able to receive email sent to my gmail addresses everyday and Mail downloads them without any problem. It is only the above stated case that seems to be confusing. I have correctly configured Mail.app to receive Gmail as I am able to download may emails from various people everyday.

Any help is appreciated.

    David Gimeno Gost  :

Gmail POP access does not work as a normal POP mail server would. I’ve added another case to the explanation I usually give about how Gmail works to take your problem into account:

1. Messages downloaded by any POP mail client are marked as downloaded at the server, and no longer available to either the same or any other mail client.

2. To make already downloaded Gmail messages available for POP access again, you must log into your Gmail account with a web browser and re-enable POP downloading for all your messages, which will cause everything (and I mean everything) still there to be downloaded again.

3. Any “Remove copy from server” account settings in Mail > Preferences > Accounts > Advanced have absolutely no effect on the messages stored on the server. The reason is that, after being downloaded, those messages are no longer available to any mail client, not even to the same client that has just downloaded them, not even for deleting them or checking whether they are still there.

4. Messages created and sent using the web interface will be downloaded by your POP mail client as if they were incoming messages. You can set up a rule in Mail to automatically route those messages to the appropriate Sent mailbox (or to any other mailbox for that matter) if that’s what you want. Although this may seem weird, it’s good because it allows archiving all messages locally in Mail, regardless of how they were sent — as long as you don’t access the same Gmail account with more than one mail client, that is.

5. Messages created and sent using a POP mail client such as Mail are also treated as if they were incoming messages for POP purposes, just as in 4. What prevents them from being downloaded is that Gmail marks them as already downloaded immediately. They would, however, be downloaded if Gmail settings were changed as described in 2 above.

Your problem seems to be that Gmail doesn’t actually create a copy of your message in order to send it to yourself. Rather, it simply treats the message as any other incoming message but, since it’s already been marked as downloaded, Mail cannot see it. I believe this is an oversight on Gmail’s part (i.e. a bug). You may want to contact them and ask for them to fix the problem.

HTH.

You can imagine how thrilled I was at having found a bug in Gmail!!
I was all set to report it and was trawling through Googles Help Center, when I was absolutely shocked to find that the Google team seemed to know about this bug and have clearly documented it for people who had difficulties with POP access! The text of which is as follows;

Help Center Home > POP Access

Did you try sending a message to yourself?

When you send a message to your Gmail account from your POP client, you won’t receive a copy. However, messages you send to your Gmail address from your Gmail account will arrive in your inbox if you are the only recipient.

I am not quite sure whether I am reading too much into this, and would like to know whether this has been the experience of other Gmail users out there?

Do let me know!

Technorati Tags: , , , , , , ,

Beware the Google spam creator

It is easy to dismiss the new phenomena of Google mania as unique to geeks, the like of which could never be experienced by modern, savvy, scientifically informed denizens of our society. But I couldn’t be more wrong. Psychologically, any new Google service seems to inflict upon us, a state of mass hysteria not vastly different from that conjured by priests and alchemists of centuries past.

The cause of the present commotion is “Google Page creator”. It promises to serve up your profile and thoughts in all its CSS glory for the wide web to see. Words fail me when I see that within moments of appearance the exodus of wannabe users managed to emasculate the server!
Not very different from the likes of myspace.com, there are a few glaring differences.

  • Doesnt seem to work with Safari, not that I expected a Google service to.

  • Uses CSS but does not validate well.

  • The URL includes your Gmail login name for the wide world to see. Get the initial name and add @gmail.com and hey you have a new address to spam! Obviously the tag line to this would be ” All your spam are belong to us”.

  • Whats the deal with allowing users a page. How does this fit in with Blogger?

In our struggle to stay abreast of the next cool thing, our focus is so intensely upon the present and immediate future, that we neglect the lessons of the past. But here lies a serious error in thinking – for although technology changes rapidly, people do not. For example, throughout history there are numerous examples of large groups of people succumbing to mass panics, group delusions and popular myths used by spammers. Do not be carried away by a gimmick, one that will land your email address in the hands of the Viagra sellers.

RSS

Adopting new technologies is easy, but changing work practices is hard. Technologies are “out there” but work practices are distinctly personal. And new technologies promise immediate gratification by way of satisfying the hunger for novelty. One such glaring example is the case of RSS or really simple syndication.

The very act of browsing as practiced by the majority of the connected populace is also an exercise in killing time, a source of entertainment, akin to a walk in the park, for its ability to entice and enthrall with bits of information and the visuals. The design and layout carrying as much hubris as the information being served. In this context partial RSS feeds would serve the process of enticing the reader to visit the website, a much more enjoyable experience than the lines of text in the feed aggregator. A thought that is lost on some of us.