Checking our Bearings
Our grand quest for Password Prowess continues. Let’s check our bearings.
These are the stops we were to make on our journey.
- The Problem of Passwords
- The Purpose of Passwords
- The Authentication Process
- Password Recovery
- Anatomy of a Password
- Foolproof Password Storage
- Related Security Issues
- Password Nirvana
We have vanquished realm one and two. We are now entering our third realm, the authentication process. As I have warned you, this is a longer, more challenging realm. Tangler trees, weeds and vines are common trip points and I shall point them out as we traverse. Stay close.
Back On Point
Presently, we face the Black Knight who defies our attempts to advance, demanding two things, our User Name and our Password.
Now, what was that he said? Did he say our “User Name” was wrong? Did he say our “Password” was wrong? Or, did he say our “User Name and/or Password” were wrong? Our first trip point! But, our nemesis has dropped a tiny clue! Perhaps only one of our entries is wrong! This may be very helpful. We carefully examine our two entries. Our name is correct but the password is just a series of dots. This feels hopeless!
Lots of Dots
Dealing with dots in the password field means we very carefully retype our password or grab that small gnome that often lurks nearby, a small checkbox that reads, “Show password.” This small check box, when checked, turns the obfuscation dots into the actual characters we have been typing—another huge help. Those dot are there for our protection. They prevent prying eyes from seeing what we type, in case someone happens to be standing behind us.
Another little known secret about these obfuscation dots is that they often morph! Once you establish a password, don’t count the dots when you revisit an authentication dialog box. They most likely have changed in number. This is a device to confuse an intruder from using that “count of the dots” to guess your password. This is another built in protection.
Now, where were we? Ahh, we are still staring into the closed mask of the Black Knight.
We have entered our credentials with perfection but our attempts are still in vain. Now what?
As the King, you are the one who created the password! You know what it is. You wrote it down and double checked your notes. The “Caps Lock” key, another potential tangler, is not on and you have carefully typed your password at least six times! What gives!!!?
Anger begins to boil within your heart. You once again begin to feel old emotions of inadequacy. Take a deep breath and pause… remember what your wizard said, “It will require some delicate self examination and patient endurance.”
The Beast Within
Is it not curious that silicone, metal, bits and bytes hail such emotions? How many times can we be challenged before we start taking it personally? This is a very personal test!
Allow no impatience to enter your heart. Resist the temptation to hunt for the sledgehammer. Here again is that emotional component we face as we pass through this Password Purgatory. We need wisdom. Pause. Think.
In the Employ of the All Mighty
“None shall pass!” The Knight growled.
“But, I’m the King!” We retort.
The Black Knight is unmoved. Nothing happens. It matters not. I am the King! Why is he not responding to me? I’m the boss… or am I? Then we get a fresh idea! Yes. Yes. Now we remember!
“Who summoned you?” We demand.
He does not answer but we remember, the Black Knight works for God! The priests crafted him as an icon and he reports directly to God!
“Which god!” You gasp, incredulously.
You know, the one who lives in your computer!
The god of your computer is an invisible user named “Root.” He controls everything that happens in the system, everything! In essence, even though you paid for that computer, you do not own it… in a digital sense. In fact, compared to “Root,” your “Administrator” privileges pale.
This topic is a completely separate journey, one I hope to take with you one day. It travels through the realm of “Permissions.” This is a fascinating world full of amazements and power, but I digress.
While it is true that this all powerful “Root” commands the Black Knight, our Black Knight may be summoned by a variety of entities, human and otherwise!
Who Summoned You?
“Who summoned you?” We call again.
“iTunes.” Comes the reply.
“Who, from the land of iTunes, has made this request?” We parry.
“The iTunes store.” Comes the reply.
Armed with this new information, we realize that the User Name and Password combination to access the iTunes store is a different song from that of the computer access tune we learned earlier. Our computer level authentications will not work here. “Who summoned you?” is a revealing question.
Into the Soul
“Who summoned you?” opens the mask of the Black Knight and allows us to pier through his face and begin to see his soul. Knowing the answer to the question, “Who summoned you?” allows us to unlock a good bit of the mystery that surrounds this, so called, Black Knight.
Many entities possess the ability to summon the Black Knight. For example: we, as humans, can summon the Black Knight’s dialog box by attempting access something on our computer such as “Software Update.” These are local events. In most cases, they will require our normal computer login name and password.
We are now getting pretty comfortable with the computer itself requesting our credentials permitting changes to the operating system or updating some application. Applications themselves sometimes ask for permission to access things on our computer such as our contacts, or perform actions on our behalf. We use our regular credentials here too.
As we look into the heart and soul of this Knight, we begin to understand his intent is for our protection.
Trust No One
I must interject a dire warning before we proceed. There is one entity with whom we must deal most shrewdly when our credentials are requested.
“Who?” You ask.
“Another human being!”
Never, never, never give your User Name or Passwords to anyone! When you provide this information, you essentially allow them to become you. They now have all the powers, authority and persona of the King. Are you sure you want to do that? There are times it becomes necessary, this is true. Just make sure that you have provided these credentials to a very trusted ambassador. If it ever becomes necessary, you can always change passwords if trust is lost.
Finally, there is one other entity to discuss. When a website or foreign server requests credentials, things change.
When we ask our computer to contact other kingdoms, anything outside our home or office, our computer will eventually encounter the sentinels of those kingdoms. For example, we attempt to negotiate with the King of MyBank or the popular King of Amazon, their knights ask for User Names and Password combinations too.
Let’s be very clear. These foreign gatekeepers have absolutely no interest in our local credentials. They are only interested in the credentials you established during your original visit to their kingdoms. If this is your first visit, their systems will ask you to create your own credentials, which may be of vastly different character, than those of our own realm.
The face of the distant knight most certainly looks different too. It may not be a dialog box. He may show up as some lines of text on a web page and, don’t think of trying to invoke the name of “Root” there either, they have their own gods. Dealing with other kingdoms is easy, if we respect and accept the laws.
Laws and Languages
The laws of other kingdoms may require that we augment our native language as we craft passwords by using additional symbols such as * or ^ or %. Their laws may require upper case, lower case, symbols, numbers… any manner or combination of the above! When we travel abroad, we must know the language and the laws. More importantly, we must conform, despite any feelings of inconvenience. As your friend and wizard, I feel compelled to remind you that protests do no good and only provide fertilizer for more tangles. We must keep our heads.
The iTunes Store is a fine illustration. While you can use just about anything you want for your local computer password, including nothing at all, this is not the case in the Land of Apple. The iTunes store imposes strict conventions on password creation. It must be at least eight characters in length. It must have at least one capital letter. It must have at least one number. It must have some other character, etc.
Patiently developing our communication skills with other kingdoms brings some of the richest rewards of owning a computer. It opens amazing opportunities for entertainment, education, enlightenment and enjoyment. This is where many people spend a vast majority of their time. I want to encourage you to explore the depths of these riches. There was a time when we needed great sailing ships to visit the library of Alexandria, now it and a million other kingdoms with massive libraries offer portals to their lands, right on your desktop!
Through the Woods, Into Root’s Domain!
Well, we are now at the end of this forrest! In discussing the soul of the Black Knight, we now see how truly loyal he is to us. He may not be as powerful as we originally thought but he is every bit as obstinate. Crafted by the priests to do Root’s bidding and for our protection, we are almost beginning to appreciate the once formidable fellow.
In the next realm, you are to stay close by my side! It is a realm of great magic, incantations and power. Deadly mistakes can be made. The Black Knight, who seems to be quickly becoming our friend, will not be there. What we are about to do is something few dare try. We will be speaking face to face with Root and even borrowing his powers! We must use caution.