Wait, first I find out that ______ is _______, and now I find out that Becks isn't really named Becks?
If I find out that Ogged isn't a real name in Parsi, I'm going to freak out.
Hey, it isn't that ______ is _______, is it? I thought ________ was _____.
I can't quite believe that people born in 1985 are having lives and jobs and identity theft concerns and such.
I realize this simply means that I'm getting old, but damn.
What do you all think of this new Facebook URL thing that's rolling out?
'Myspace has a feature we lack. Shit! Think like Disney! Think like Disney! No! Microsoft!'
I was going to use the real-name variation that I usually use online but then I realized that's an identity theft disaster.
Bexster? Bexstone? (No, it makes no sense. Point.)
then run through his likes and dislikes until you figure out his password is Redskins?
That's why the FBOHs like the passwords with !@%$^ and numbers and crap. Nonetheless, people will do it, and it won't be a big problem, because they'll have some odd number in there.
max
['And besides, they black hats will be too busy cleaning out accounts filched with phishing spam to waste much time on hard things, like thought.']
Can I just use the number that already identifies my page?
Wait...maybe there isn't a consistent number that identifies my page. So far Facebook has been a space where URLs are totally irrelevant.
It sort of reminds me of the initial gmail frenzy. I ended up squatting on my last name, and now I feel mildly bad about it as I don't really use it. Sorry, rest of my family!
Remember when URLs used to matter?
This is conceptually a bit of a step back for facebook, isn't it?
Certainly mucks up the UI models.
St. Pauli
or perhaps George F. Will
My Sister recently tried to convert me to using Facebook by sending me her login info so I could poke around a bit before signing up. I found the UI and page design so horrifically bad that I just couldn't. I suppose that makes me an effete snob, but dammit, user good website design just isn't that hard. There's more than enough crap in the world, and tolerating it just leads to more crap.
My thoughts have been basically those expressed in 10. Doesn't giving people a URL to hand out sort of breach the walls they've clearly tried to put around the Facebook experience by, at first, limiting it to certain TLDs and requiring logins and turning it into a place people went to do Facebook-specific things using Facebook-specific apps? Or is it a way to draw people in? I honestly can't tell.
It does seem to me that it would at the very least make Google-stalking easier in terms of finding Facebook pages. The only answer here is education, though. There is a degree of responsibility on the part of Facebook to educate their users about the risks of putting up too much information or making information too available but there is also a responsibility on the part of the users to employ what someone tries to teach them.
Oh, and yes, I would agree with the original post in that I expect lots of people will be handing out to the world their username for at least one other site. I don't think the average person is going to say, "Gosh, last time I did this was for my {online banking,yahoo,etc.} account and I had to go through an extremely annoying process that I am eager to repeat!" It would be nice if Facebook would at least prevent the username from being the same as whatever comes before the @ in the email address the person used to sign up in the first place.
Don't mean to be a dick, but this problem has an easy solution: use a good, strong password, one that is not derived from English-language words representing your likes and dislikes. I've been using KeePass for the last year to generate (and store) completely random unique password strings for every site I log into.
16: If you say "And change it every three months", I'll have to smack you.
Remembering strong passwords is just brutal, though. My office requires strong passwords (that is, containing at least three of uppercase, lowercase, symbols, and numbers), that change every two months. If I were using really strong passwords, there's no way I could possibly manage without carrying them around with me on a piece of paper, which kind of kills the point, no? I cheat by doing leet-speak versions of fairly weak passwords.
I've been using KeePass for the last year to generate (and store)...
Remembering the passwords (and changing them) is pretty trivial if you use KeePass or Password Safe. You can even keep your KeePass database file on a USB thumb drive or on Dropbox so that you can access it anywhere.
18: I cheat by using three passwords in rotation as they only disallow the previous two. I'm not opposed to strong passwords, but I have to have so many of them, only two of which I use with any frequency.
I thought Facebook's UI and page design was amazingly intuitive. What's the problem, tokolosh?
I guess it's a little stupider now that each person's page is divided into "Info", "Wall", "Boxes", and whatever else, instead of being one big page.
It's certainly better than LinkedIn's.
You can even keep your KeePass database file on a USB thumb drive or on Dropbox so that you can access it anywhere.
If your company's security policies allow you to use USB sticks you can.
23: I thought that was just my employer.
A 1337-speak version isn't necessarily cheating or weak. Your goal should be to increase the types of characters they would need to include in any given set of possible passwords that could possibly include yours. It's not really meant to keep a human from guessing your password, it's meant to make the dictionary files they would need to try vastly larger.
My personal, professional opinion is that password strength is vastly more important than changing one's password on a given timetable. Sites are targeted more often than individual users of sites so IMO the first priority of any given user should be not being the easiest point of entry to the site and strong passwords help do that. In the rarer instance that one's own account, in specific, is the goal then the strong password is still the most important piece because if all goes well then it extends the time it could take to brute-force the password beyond the password expiration window. The simpler a password, the less likely to matter how often it gets changed.
21: It's ugly. That's really the root of my objection. The basic Facebook page looks like it was made by someone just learning how to make a web page, but with no idea at all about simple aesthetic rules. Silly, I realize, but I'm apparently something of an effete snob when it comes to design of such things. I only recently came to terms with this, and I'm a bit embarrassed, but if I can't be an effete snob here, where the hell can I?
If your company's security policies allow you to use USB sticks you can.
Well, now you're in trouble.
24. My company (biggest outsourcing outfit in Europe) and the entire British civil service, just to my knowledge. There may be owner managers somewhere who still allow themselves to use them.
I should note that I also believe things like KeePass are useful for storing passwords that have to be shared, for instance, but that I think it's dangerous to make one's password be something that isn't and likely can't be remembered by the user, is generated without any user cogitation at all and can only be accessed with a specific application. Don't put yourself in the position of having yet another single point of possible failure.
"Don't put yourself in the position of having yet another single point of possible failure."
Were you my guidance counselor?
Answering a few questions upthread, if you click a direct link to someone's facebook page currently (the URL of which contains a string of random digits), you're going to see a very abbreviated profile, along with a note that you must be friends with the person to see a full profile. (This is just the default, I think--I'm pretty sure users can make their profiles "public", so anyone can see them in full, although I've never done though, nor seen anyone else do it.) I don't think anything is changing with the new system, other than the fact that the URL will now be a customizable username-oriented thing, rather than a string of random digits.
Here's a cyber-security question for you: how can I get Firefox to stop inserting my IRL name instead of my very, very strong, nigh-unbreakable handle in the post form?
I mean, short of blowing away every stored password, cookie, history, etc?
My plan is to follow the example of my students' email addresses and go with "creamythighs17".
You mean here on this site? Put in your new info, and then click in the little "Remember my info" box, and it should remember the new info.
31: You might be surprised at how much information is public on your FB profile. I believe they've loosened up the privacy restrictions without a lot of users realizing it.
Yeah, that worked. Stupid me, I thought it was Firefox's fault.
35: Never!
1Password is a really fantastic password manager/generator for the mac. Though I'm also pretty lucky in that I have enough job autonomy to manage my own computers, and thus be able to install the thing in the first place.
I use two passwords: one easy one (a six-digit standard english word), for most website registrations and online accounts that I don't give a shit about--that create an online profile but aren't storing credit card info, etc.), and another slightly more complicated one (that I think is very strong, but password-strength-tester programs tell me is somewhere between medium and weak), for websites containing financial or other sensitive information. I've been using those same two passwords for about a decade now.
(I have a different password at work, which rotates, which I hate.)
(For the half-dozen or so websites that require something different--more digits, more numbers, etc.--I make something up and then email it to myself, and save the email. Otherwise I'd forget it. I've worried before that this might be insecure--I have emails to myself with subject headings like: "Chase Bank Account", the text of which is "Login: [xxxxxxxx]. Password: [12345678]". But I honestly don't know what else to do.)
I don't like this whole words-in-facebook thing. I like my random string of digits! I am not a free man, I am a number!
I find that a good source of random strings of numbers is obsolete phone numbers -- if you're like me, you remember a bunch of phone numbers that aren't operative any more, so the headspace devoted to them can be repurposed by making them passwords.
40: Do not email that shit to yourself. I love you, Brock, really, I do, and that's why I kind of want to beat you with a rolled up magazine right now. Do not do that. If you have trouble remembering very complex passwords, seriously, sit down and invent one that is going to meet all the requirements you can imagine and that you will remember and just use that. Do not email it to yourself. Start with an acronym for a phrase describing how much you fucking hate passwords or something and go from there.
36: well, I suppose I might be surprised by that, yes, although I don't actually have much personal info on my FB page anyway, so I wouldn't care if all of it was pubilc. But I mean, when I'm viewing the profiles of persons I'm not friends with (friends of friends, wondering if I know them), the parts I can see are generally pretty abbreviated. A thumbnail pic and a line or two of primary bio info. That's the pubnlic part, right?
42: Wait. You still remember phone numbers?
44: Usually, all of their friends are also public (just the name and thumbnail).
I was a very late cell phone adopter, and still don't use mine much. I've got some numbers in it, but mostly I remember the numbers I call a lot.
if you're like me, you remember a bunch of phone numbers that aren't operative any more
I'm not like you, I don't think. Two or three from childhood, maybe?
43: my thinking was that standard-password #2 (the slightly more complex one, which is used on almost all my sensitive accounts) is my gmail password anyway, and if someone malicious got that I'd be ungodly fucked anyway, to the extent that losing the half-dozen or so other random passwords that are stored in there wouldn't really be much worse of a result. So it didn't seem too problematic. Is that somehow wrong?
46: IIRC, by default your entire profile is viewable by anybody in "your network" (e.g., the city you live in).
49: Thanks for the warning. I'll check that.
48: This is actually a good response to the "single point of failure" critique of 29. Your email account is a de facto point of failure in any password regime—confirming that you have access to your primary email address is the mechanism by which most sites allow you (or a malefactor) to reset your password.
Unfortunately, my 'single point of failure' is usually motivation.
I do exactly what Brock describes in 40, and I do not want to be whacked with the newspaper of 43. How on earth am I supposed to cope with each business having slightly different specs on what they demand of your username and password?
The basic Facebook page looks like it was made by someone just learning how to make a web page, but with no idea at all about simple aesthetic rules
Facebook is worse than it used to be, but I think it has been too long since you have seen the actual product of someone just learning how to make a web page OR someone with absolutely no idea about simple aesthetic rules, let alone both. The depths are very deep.
My online bill-paying routine almost invariably includes clicking on "forgot username/password?" Do I know that there's software out there to help me manage this information? Yes, I do. Have I gotten around to using it? Bahaha. Please.
I do exactly what Brock describes in 40, and I do not want to be whacked with the newspaper of 43. How on earth am I supposed to cope with each business having slightly different specs on what they demand of your username and password?
Password Management software?
54: Seriously, it's beyond me how anyone could complain about Facebook's aesthetics, when its two primary competitors are MySpace (!) and LinkIn (!!).
Password Management software seems like it's begging for someone to write a virus and hide it in there.
I do exactly what Brock describes in 40, and I do not want to be whacked with the newspaper of 43. How on earth am I supposed to cope with each business having slightly different specs on what they demand of your username and password?
Get yourself a program that lets you make an encrypted password database and save them in there. (For Macs, I like Pastor. I don't know what's good for a PC.) Then have a nice long passphrase as your password for that, and remember to close the darn thing when you leave your computer. You can even email yourself the password file, then, because it's encrypted.
I don't know if I've ever seen a less ugly webpage-building site than Facebook. Myspace? LinkedIn? Livejournal? Geocities? Tripod? The idea is laughable.
In fact, there's hardly any sites anywhere that are less ugly than Facebook. Blogger accomplishes a much simpler goal. What could be improved about it?
(admittedly, I think "ugly" = "busy", in general.)
Keep an list of passwords encrypted with one master password that you remember, and store it in multiple places. And don't forget the master password.
It would help me feel like the hoops described in 60 were worth jumping through if someone could explain where the logic in 48.2 goes wrong.
The idea of "encrypting" something is likely to be the stumbling block for 99.9% of people, including me. I would have to find out what is involved in encrypting something.
I have a text file on my home computer that contains most of the passwords, written in a sort of run-together way. I guess if I had a laptop I would be in trouble if it, and that file, got stolen.
Also, 58.
Hey, 60 really only involves one hoop.
63: Because they probably wouldn't get that password from stealing your Gmail password -- they'd get it from stealing any of your myriad financial passwords, which are on the whole probably less secure anyway. The situation you want to avoid is that they steal one password and then have them all. It's mostly true, as per 51, that your email password is a kind of 'master key', so why are you handing the master key over to anyone else?
For Macs, I like Pastor. I don't know what's good for a PC.
One of the reasons I like my system is that I can get at my passwords from home (mac) or from school (pc). Also, I'm sure identity theft could never happen to me.
Password Management software seems like it's begging for someone to write a virus and hide it in there.
I guess. But there are plenty of perfectly respectable applications. You choose a hard master passphrase and that's all you have to remember. All your logins are stored in an encrypted database. Then the software can autogenerate very complex passwords for you as needed, and remember them for you. 1Password is compatible with all the mac browsers, so when I go to my bank or FB or what not I just hit command-\ and the relevant login is filled in for me. Easy. One major benefit is that all your passwords for various websites are different. You don't even have to know what they are. You can store other encrypted stuff too (notes, SSNs, whatever). It's really pretty easy.
One of the reasons I like my system is that I can get at my passwords from home (mac) or from school (pc).
KeePass works on Macs, Windows and Linux.
Is that somehow wrong?
The first thing worth mentioning is that e-mail is sent in clear text. So every time you send a password to yourself there's a possibility that someone could be reading mail on one of the hops between your work mail server and gmail could read the message if they happened to be eavesdropping (if you're just sending it from gmail to gmail this might be less of an issue).
[someone else has probably said this already].
A few websites out there are starting to make use of OpenID in ways that don't suck. As this becomes more common, y'all should take advantage of it. Basically, instead of logging in to each website, you just have to log in to Google or Yahoo or whatever your OpenID provider is, and then being logged in there will give you access to the other sites.
67: KeePass (Windows), KeePassX (Mac), store your passwords on Dropbox.
Facebook gets progressively uglier over time, as more ads and random "who ordered that?" stuff creeps in. It's still infinitely better than Myspace, though.
69: Like Heebie, I'd need both mac and PC compatibility. And at a quick glance, KeePass looks to be downloaded software. Are any of these hosted online? Because I can't download software to my work computer, and I would need to be able to access my passwords from here.
My passwords are composed of several mixed-and-matched parts that are permuted and rearranged for different purposes. So I remember the pieces and do my best to remember what to do with them in different circumstances. This is probably not the best strategy, but it works well enough for me. (And the one time I had all the money stolen from a bank account, it didn't seem to have anything to do with password security.)
77: that might work--I'll look into it. Thanks. I'd like to do something to make RMMP stop hitting me.
I should be clear that I think KeePass or something like it is much better than the email solution. My main problems are what NickS describes, that emails are sent clear text and, odds are, your Gmail session is also just plain HTTP instead of using HTTPS so every time you view a Gmail message that's also clear text. You've also noted that you use this system when you need to remember a more specific or stringent password than your normal strong password, which seems backwards to me: you're using a password that is weaker than the passwords you're using it to protect. (If I've misremembered, my bad.)
If you have to go the one-password-to-rule-them-all route, go with KeePass or Pastor or something like it. However, yes, you will have to install it on your work machine. If your only option is Gmail, make sure you go to https://mail.google.com after logging in so that your session is encrypted. Also, consider setting up a second Gmail account and use one for logins and another for passwords. Pain in the ass, yes, I know, but in general the goal should be to keep from having all of one's eggs in the same basket or, in the case of something like KeePass, putting a good lock on the basket and lining it with lead and praying you don't lose the key. Ultimately, it comes down to how much risk you're willing to tolerate. There is no such thing as security, there is only risk management.
Also, I'm sure identity theft could never happen to me.
Hey, I never said that!
72: Aw. Yeah, leaving policy problems to one side, he is awfully personally charming, isn't he.
you're using a password that is weaker than the passwords you're using it to protect. (If I've misremembered, my bad.)
No, that's exactly right, except I don't really think my email password is necessarily weaker than the others--just shorter*, or otherwise not conforming to some website's idiosyncratic requirements. Of course, it's used in a bazillion different places, so that makes it more prone to being stolen, I guess.
* I realize that in some crypographic sense shorter=weaker, but I'm not sure that's really relevant at this level of security.
When is everything going to be biometric? I don't want to remember a dozen strong passwords, I just want to look into the damn retinal scanner.
85: That's all well and good until someone pries out your eyeball to fool a retina scanner.
84: It's all fun and games until somebody steals your eyeballs.
(Also, 72, 81.)
When they don't completely suck at the retail level. My work machine has a fingerprint reader that doesn't work for shit.
Pwned by recursive meta-commenting!
85-87: I guess that one was too easy...
Yes, yes, stop shitting on the fingerprint scanner, I know, it sounds so easy when you just say it like that but have you ever tried?
For a while I used 1337-ed obscenities and the like together to create easy to remember passwords. Then my laptop died and I had to take it in to get the data of the HD and there was a lovely moment when the guy asked me for the password and I had to spell out a pornographic (and frankly disgusting) phrase with leet-substitutions. He enjoyed it more than I did.
57, 61: I don't use any social networking sites, so my points of comparison are blogs and professionally done websites for the most part. The FB look just strikes me as clumsy and awkward. Perhaps it's elegant compared to similar sites, but it seems like that's damning with faint praise. As I said, effete snob here, so YMMV.
Get yourself a program that lets you make an encrypted password database and save them in there. (For Macs, I like Pastor.
FWIW, on Macs you don't even need to install third-party software; Keychain will get you most of what you need. (The DB itself isn't encrypted, but your passwords are, and you can set the Keychain password to something other than your login password.)
I keep a list of clues to my passwords in a little book that sits on my desk at home.
23, 24: At my previous job, it was a firing offense to connect any non-company-owned removable storage to any work machine, although I suspect that was more for retroactive use than active monitoring. They also would not let any non-company-owned machines onto the networks or VPN, which meant that when I started I was issued a desktop for my office and a laptop to take home.
97: Like I said in 39, I am so happy/lucky not to have to deal with this kind of BS. (I mean, I see the reasons for the policy, but what a PITA that must be).
I'm pretty sure I infected my work computer with malware via a USB drive which I'd brought from the home computer. The work computer became unusable since obviously I didn't have the authority to go to an advice website and install all the software and take all the steps they recommended, which worked great with the home computer. The instructions from IT were "Let me wipe the hard drive".
AutoPlay is to blame. Why does it exist? What good does it do?
I keep a little notebook on my desk at home that has a list of what look like passwords to my various e-mail accounts and forum boards, etc.
I scribble over them and pretend to invent new ones every so often.
My real password set is stored in my head: I'm safe until identity thieves kidnap me, shoot me up with truth drugs, and untangle the passwords from all the other random information that I spill.
Does anyone know anything about the website linked in 77? I'm mostly just looking for some sort of assurance that it's not hosted by the Russian mob.
100: "I confess! I felt genuine empathy for the characters in Titanic and Ih8t3NN!5!"
98: The thing was, they actually (for the most part) did it right, so it wasn't a pain in the ass at all. All work machine (Windows) images came with PasswordSafe pre-installed, and employees were encouraged to use it, and since you were only allowed to login from work machines you didn't have to come up with some way to distribute your passwords everywhere. It would have been a pain in the ass if they hadn't issued us all laptops, though.
The only real problem was the brain-dead Windows password rules (required to change every few months, couldn't use the same password you'd used in the previous year, shit like that). Those used to drive me into a rage every time I had to come up with a new one.
97, 98: Fortunately, the ubiquity of computing devices will in then end kill that approach for all but the most super-secure needs (air gap stuff). But it is a long, slow process heavily reliant on encryption and security protocols. And there will definitely be some big "oops" and other bumps along the way. But I suspect by mid-decade or so most organizations will not provide employees with company-procured physical devices (they might give a stipend). We'll see.
102: I confess that 2/3rds of 100 was a lie.
when I started I was issued a desktop for my office and a laptop to take home.
A laptop and a docking station might have saved a few bucks, no?
To be extra secure, I won't sign up for this URL Facebook feature. At least not using any of my passwords as my username.
85 should be 84
Spikes most of human mathematics since we got advanced enough to figure out the answer to 5*17...
f your only option is Gmail, make sure you go to https://mail.google.com after logging in so that your session is encrypted.
There's a setting in gmail to tell it to always use HTTPS which is very important if you're using it for anything secure.
Further to 109:
Settings --> Browser connection: (main tab) --> Always use https
103: Heh. I first encountered the rule that you had to change your password regularly, and couldn't repeat it, when I worked for IBM in 1990, and back then IBM were seriously kidding themselves that O/S2 would beat out Windows any day. ("Better DOS than DOS! Better Windows than Windows!" as their propaganda video that staff were required to watch put it.)
One of my colleagues used Anne McCaffrey dragon names for his password set. His computer was called Ramoth.
105: I bet your real name isn't actually Jesurgislac, you lying sack of things which are bad.
O/S2
I have heard this pronounced "Half-oss".
Which makes more sense given that the name is OS/2, not O/S2.
From semi-back in the day:
Two versions of OS/2
so the small machines can fly.
Three versions of DOS
for the clueless in their homes.
Nine versions of UNIX
for the hackers late at night.
One version of Windows
for the Dark Lord on his throne.
In the land of Redmond, where the shadows lie.
One OS to rule them all, one OS to find them.
One OS to bring them all, and in the darkness bind them
In the land of Redmond, where the shadows lie.
My real name is
An Arm Clothed In White Samite, That Held A Fair Sword In That Hand.
(My parents, Thomas Hand and Malory That, couldn't resist a literary reference if it killed them.)
"Je Surgis Lac"
104: Yeah, the amusing thing (to me, anyway) was thinking about how the "no removable storage" policy interacted with the "take this laptop and use it to WFH" policy. Does that mean that if I have a NAS at home, I'm violating the policy by getting on my home network with the work laptop?
106: Well, at the time I joined, the company was pretty flush, so cutting costs on that level wasn't much of a concern, but more importantly tying me to the laptop as my only machine would have meant that I had to carry it back and forth to work, and that would have raised the risk of theft or loss. (In fact, I did have a work laptop stolen out of the trunk of my car. I got a lecture from the company on how to keep it secure in the event I ever needed to take a company laptop anywhere ever again.)
114: It's been almost 20 years, and I never cared about the stupid operating system anyway.
118: The best laws are those that everyone has to break. The IT department has their ass covered.
I use one password for most everything, but a different login email. I own my personal url, so I use amazon@myurl.com/standard password.
This is so if someone does start sending me spam, I can just delete that email address rather than count on them to unsubscribe.
I have never had to do that. It is a silly system.
(I actually have a different 1337 pwd for paypal and ebay, after someone cracked my ebay account and bid on a whole bunch of stuff.)
I use 1Password and love it, but it's not helpful when I'm not on my own laptop. For passwords I want to be really secure (banks, paypal, etc) I use a randomly generated one from 1Password. For everything else, I use an easy to remember pattern: a common root with a prefix/suffix specific to each site.
Eh. I use what I think is probably the most reliable system: something I'll never, ever be able to forget, that I never discuss with anyone anyway. It helps that I have an inconveniently good memory for useless numbers.
123: Oh, what the hell, since we're all friends here: I use the Stargate code that landed me on this stupid planet, rendered into hex, usually with the year of my arrival. That works as the secret password for my bank account, the entrance to my secret basement, and the phone number General O'Neill uses to contact me. Dead easy, see?
I use what I think is probably the most reliable system: something I'll never, ever be able to forget, that I never discuss with anyone anyway
You mean two dozen different unforgettable things? Because that's my whole problem--different institutions have different password requirements, not all of which are compatible with one another.
that's my whole problem--different institutions have different password requirements, not all of which are compatible with one another
Here's my system, which may seem a tad cumbersome while I explain it, but is in fact beautifully simple.
I keep a list* of sites and passwords. BUT -- before RMMP has a heart attack -- it's coded.
Imagine that my standard password is littlebitches.
Instead of putting "littlebitches" on my list, I put "security" and then adjust "security" as needed for different sites.
So, if on a particular site I use l1tt1leb1tches as my password, I put secur1ty on my list, reminding me to change the i's to 1's.
littlebitch3s = s3curity
littlebitche$ = $ecurity
Et cetera.
*Of course it's a spreadsheet, not a list, because I am a proud nerd.
That is brilliant -- my biggest problem is remembering exactly what I've done in terms of 1337-speaking my standard passwords. I suppose it's vulnerable to anyone who both figures out your standard password and gets your list, but at some point we all have to concede that SPECTRE probably isn't after us each individually.
I am a proud nerd.
Yes, I know all of the rest of you are nerds, too, but in a much more nerdy way -- meaning you know stuff about nerdy topics -- which somehow makes me more of a nerd than everyone else. See?
Or I could just send $10/mo to that LifeLock guy, and then I could freely post all my login info and passwords here in this thread, right?
127: Why, thank you! No one know my non-obvious standard password except M/tch, so if I turn up dead and my bank accounts have been cleaned out, sic the cops on him.
Or I could just send $10/mo to that LifeLock guy, and then I could freely post all my login info and passwords here in this thread, right?
I'm sorry, Brock, I can't hear you from all the way under that bridge.
125: No, actually, I really do mean one unforgettable thing. It's a flexible unforgettable thing, so I can usually backfigure "If the rules are thus, I would have done this to my Unforgettable Thing".
I like the old phone number trick, too. If I used my childhood phone number as the password, I think I'd use something like the initials of the street I lived on as my reminder.
I realized as I wrote out 126 that I could just use "3" as my reminder for "littl3bitch3s," but I do try to remember my frequently used passwords without having to look them up and "security 3" sticks better in my brain than "3."
127: I suppose it's vulnerable to anyone who both figures out your standard password and gets your list, but at some point we all have to concede that SPECTRE probably isn't after us each individually.
But it's less fun that way. I enjoy assuming everyone in the world could be a secret agent out to get my passwords, so that I have the motivation for a perpetual system of misdirection about my system of remembering yet concealing them so that I never have to write them down yet never forget them.
...because the number of times someone's told me "Hey, I have this brilliant system" and bragged about it to me at length and left me t hinking "Just a little bit of investigation and I could find out what your password is, if I wanted to, if I was that sort of person"... but I'm not and I don't.
And of course, not everyone has a brilliant system.
I use a safety pin to scratch my password on the underside of my balls. When the scar fades, I know its time to change passwords.
I have not actually read this thread, but I am mildly amused to note that ALL of the cases* of password hacking/identity theft that I have firsthand knowledge of entailed:
1. Nearest and dearest, who had at some point in the past been entrusted with the password, and/or could easily figure it out
2. Corrupt employees of a trusted bank, agency, company, etc.
The first group is within your control; the second isn't. No amount of password caution is going to protect you from corruption, either. That said, I'm pretty insanely cautious with my own.
*No, wait, I'm just barely wrong. A pair of notorious identity thieves strolled through my office complex once, but our alert receptionist booted them out for general hinkiness and lack of good reason to walk through private offices when everyone was at lunch. This was a month or so before their pictures hit the front pages of local papers.
||
My little brother just found out he's accepted to Chicago law school. Previously he'd been accepted at Michigan and waitlisted at Columbia, which is not looking hopeful. He wants to be either a legal academic or do some kind of public-interest stuff (that's a new interest as he's started turning into a liberal). Is there an obvious choice here? He mentioned some kind of scholarship from Michigan -- does that change things?
|>
There's no obvious choice. I'd advice him to take the money.
139: If he really does want to go into public interest law or academia, take the scholarship unless there is some other over-riding concern with location or whatnot.
138: No worries, mrh. Tell me your password and I'll keep it safe from Secret Agent Jesurgislac.
Depends on how much. If he wants to be a legal academic, I think University of Chicago gives him better odds. (Not on the basis of much knowledge, but I'd think.)
unless there is some other over-riding concern with locationng the best Unfogged meetups.
143 But we must never admit that we know each other! If we meet in public, pretend not to recognise me.
144: I should clarify that I don't know anything specific about either program. I was just thinking in terms of 'less debt' = 'more freedom after graduation'.
I would imagine that Chicago has more ideologically doctrinaire people.
I don't know anything ideological about Chicago, but law schools are (IMverylimitedE) fairly forgiving places to be out of step, so unless money's a major factor, I'd take the higher ranked school over the perceived leftier school. If money is a big factor, Michigan is certainly an excellent school in its own right.
I think I'm going to pick "kristoncapps" for my url.
I know someone who just recent graduated from Chicago who felt the atmosphere to be a little all-libertarian-all-the-time.
And if he ends up in a public interest job, Chicago gives out $70K in loan forgiveness, which is something.
Of course, Chicago is where fun goes to die.
Only for the undergrads. The professional students have a blast.
151: Seems likely -- I'm just thinking that won't have that much of a negative effect on his experience.
151: Yikes. My brother has a worrisome young-white-guy libertarian streak that I wouldn't want to see encouraged.
On the other hand, isn't indoctrination in the ruling ideology pretty standard for top-tier law schools? A guy I dated who was at Harvard Law would spout the most ridiculous Law and Economics shit that he was being fed in his classes -- crude Coase stuff. His knee-jerk anti-labor reaction to the transit strike when he was visiting me was the beginning of the end.
You know, I'm a horrible snob. I just looked at a law school ranking site, and hadn't realized quite how excellent Michigan is. At that level, it's a wash -- I'd make the decision based on the money.
155: Repeat to him as often as possible 152.last
The last thing the world needs is more glibertarians.
My point in mentioning the atmosphere was precisely that it did have a negative effect on her experience.
On the other hand, isn't indoctrination in the ruling ideology pretty standard for top-tier law schools?
Oh, you betcha. NYU is lefty as law schools go, and man oh man did we get the Law&Economics gavage. Annoyed me something fierce.
The last thing the world needs is more glibertarians.
LET'S LET REVEALED PREFERENCE REVEAL THAT
157: Isn't that for the Market to decide?
fairly forgiving places to be out of step
Maybe relatively, but I didn't think it was entirely forgiving. Of course, I can see a difference between 'out of step on an ideological scale' and 'out of step because I think the law is deeply weird and don't want to be a lawyer'.
I was reading a couple law students who said that class differences made law school baffling for them. I didn't notice that myself.
143: I use the Kraab Password Manager! Whenever I need my bank password, I just call up Sir Kraab, and she tells me not to worry about it, she'll take care of making any withdrawals or whatever.
The Uof C law school is built on the trampled skeleton of a once-vibrant black community. That community was pushed out and left to die by the intentional racial cleansing policies of the university, abetted by the city's equally racially oppressive urban renewal programs. Of course, whether this is a plu or a minus depends on your politics.
The class thing at Harvard was kinda strange from what I could see when I visited HLSBF. A lot of students from privileged backgrounds who knew the rules already, but it also seemed that the middle-class t had come to understand at least by the second year that they'd been bumped up a few rungs on the ladder just by virtue of being at Harvard Law. They borrowed, dined, and vacationed accordingly.
165: I think number of trampled skeltons in the foundation is one of the ranking criteria used for law schools.
167: Extra points if they're red.
167: right. In most places, the dead hand of the past is revered, displayed in every classroom, and worshipped at the start of every class session.
168: Or clearly crushed under case notes.
And on the 'forgiving places to be out of step' -- eh, come to think of it, that might be just a feature of my experience. Which was that professors liked being argued with, so disagreeing with them wasn't a negative, and I wasn't all that engaged with my fellow students.
I was going to be a lawyer, but then I found out how much it cost to get your picture on the back cover of the phone book.
Milk cartons are much cheaper and easier.
There's a reason they're so cheap. Even the classiest picture of a milk carton on the back of a phone book is unlikely to drum up much business for your practice.
Chicago is where fun goes to die Di goes to fun.
Now I've seen too many big firm lawyers looking for different work to think of doing it. Plus, I'm old.
My stepsister, not a liberal of much flaming, still found U of C law school too conservative and dreadfully unfun.
I wasn't all that engaged with my fellow students.
This is important, I think. If your brother isn't the kind of person who will find his own friends in other departments or outside the university, I'd worry more about the social & political aspects of where he goes.
I've known lots of very good lawyers with very good politics who came out of U Michigan -- at the labor law firm I used to work at, everyone seemed to have come out of Michigan or Yale. And the Michigan law school has a special place in my heart for pressing its affirmative action case up to the Supreme Court (and winning!)
All that said, keep him the hell away from U Chicago.
And really, the ranking difference between Michigan and Chicago is basically imperceptible. When I was advocating Chicago above, I was misremembering Michigan's standing. (I feel incredibly shallow talking about rankings, but if you want to be an academic, it's a huge, huge deal.)
You know, I asked the question just wondering about things like prestige and benefits to his future career and didn't really think about the political stuff. I will push for Michigan, leveraging the money argument.
Did I just write "leveraging"? Jesus. I meant "using the money argument at leverage."
I must now go wash my fingers in holy water.
164: All for a low, low monthly fee! E-mail for details.
184: Once I was getting an assignment from the professor I worked for to help some co-author of his at another university with a dataset. At one point he referred to me as 'a resource.' Which made me laugh right there.
184: Yes! Leverage your core competencies going forward!
Also, I think you mean "as" not "at." Unless "leverage" is some new bar that's replaced the Mineshaft.
If I ever open a gay bar, I'll call it "Leverage."
190: Your signature cocktail could be "The Leverage Beverage"!
Decorated with a sleazy mural of Archimedes.
Plenty of bad pun opportunities in 'Archimedes screw'.
I was thinking about his known fondness for long levers.
Waaay upthread: thanks for 110, Nick.
LB, Chicago isn't really a more "prestigious" school, even based purely on the asinine rankings. They're really in the same tier, and both quite good schools.
As I said initially, absent other considerations, I'd take the money.
Yeah, my general sense is that U of C and UM are at about the same level -- if you're interested in firm jobs outside of the midwest (which is what I know, I have no idea what would be better if you wanted to work in Chicago or Minneapolis), some places will have stronger ties with UM and some with U of C, but it's basically a wash. I'd take the money, too. Plus, while I've met a few awesome liberals who went to U of C law school, I got the sense that they felt like an embittered minority.
Sounds like Michigan might be more to his taste. Certainly more to mine, but that doesn't matter. Chicago's a pretty ideological place across the board, and very concerned with its Chicagoness. My line on this is that a disproportionate number of faculty at Chicago will tell you they are central figures in their field (often, the leading exponent of the Chicago School of X). Some of them are central figures in their field. Some of them are cranks. And unfortunately many of them are cranks who are central figures in their field.
I mean, it was just sitting there. C'mon, people.
On the original subject of the post, Facebook has had several radical redesigns, few of which were improvements. For a long time they seemed to be desperately trying to emulate MySpace, and while there's still a bit of that (as this most recent change shows) they seem to have begun desperately trying to emulate Twitter as well. Have the courage of your convictions, Zuckerberg!
It's Saturday night again, isn't it?
Count another vote for Michigan.
The what is more important than the where. He needs to edit the flagship journal, and he needs a good clerkship. Unfortunately, he also needs to care about the rules of civil procedure -- the difference between a rule 12 motion and a rule 56 motion for example -- and the medieval forms of land tenure from day one. IME, law school is very difficult for people who don't know that they want to be actual lawyers, because just enough of the material is only useful for that (if at all) and just enough of the classmates are going to be working to master this stuff that the top 10% of the class will be dominated by them.
Setting out to be a legal academic strikes me as akin to setting out, in junior high, to be in the NBA. It isn't going to happen if you don't work your ass off for it, but then it isn't going to happen for a lot of people who want it. Maybe I'm just jaded, though, by limited E. (My next door neighbor -- summa Princeton, magna HLS, Roberts at the DC Cir, Kennedy at the SC -- has recently embarked on that road after about 3 years of Biglaw. Good guy, tough time for it. I'm sure it'll work out for him, though. My next door neighbor from my last address is also an academic now: Dartmouth -> GW -> Scirica -> Rehnquist -> Hogan (protege of Roberts) -> SG's office -> Hogan -> SG's office -> SG (until 1/20/09). These guys are NBA.)
Of course, our own Belle L is pursuing it a little differently.
And I see that one of my favorite profs from law school went an easier way. Maybe 205 is a much too bleak.
On the TNR front page: "Jelveh: Are Prostitutes Way Overpaid?"Resisiting the urge to click.
205 sounds about right to me.
Because I understood very little about the field, I was one of those people who went to law school hoping eventually to be a legal academic. It is tough and competitive. Both of my co-clerks now are academics, but they were very highly credentialed, and it was work for them to break in. One, who was Yale B.A., Yale Ph.D., Yale J.D., Yale Law Review and five years practice before she clerked with me, did several years of almost no pay fellowships afterwards before she got a tenure track position. My other co-clerk went on to clerk for Justice Stevens after we clerked together, and still had to do several years as a legal writing instructor before she got a tenure track position. One of the reasons I decided not to go on the teaching market was seeing how hard it was for people who were smarter and much better credentialed than I.
Of course, being a practicing lawyer is great in most respects, so it all turned out OK.
197: Yeah, I figured that out -- I'd mentally had Michigan listed a notch lower than it deserved (as "excellent, but not quite top tier" instead of "definitely top tier"). When I looked at some rankings, I realized I was wrong.
And Charley and Ideal are right about how hard it is to get into academia, although the difference from the NBA is that someone who just misses academia is going to have a resume that will serve them well for doing most other legal jobs.
209.3 is right on. I have very little regard for legal academics, and never cite or otherwise rely on an academic unless there is no other authority of any kind. I'd cite a case from Serbia before I'd cite a law professor. I've just about never read any academic written product that I thought useful or productive (except to the extent that the product is the author/professor's career) to justify my time. And I'm an Unfogged commenter, so you know how valuable I think my time is.
It's unfair, I'm sure, but I don't think my attitude about the legal academy is at all unusual among real lawyers in the bar.
So it's not really the NBA. It's more like Olympic level curling. You can dedicate yourself to it, and with luck and hard work you just might make it.
No offense to curling, of course.
That's pretty true -- academic work doesn't have much to do with practice. On the other hand, you do get to bully the next generation: it was academics who were shoving all that Law and Economics crap down my throat, and there's a generation of lawyers who doesn't question it much.
m. leblanc went to Chicago and managed to survive the experience with her liberalism intact. Still, money is good.
I have heard that conflict of laws is an area where judges do pay attention to academics, and I've seen cases where the decision cites a professor by name. But those people are actual scholars.
It's true that there are darn few academics I would cite in a legal brief. That does not mean that they are not smart and hardworking, they just inhabit a different world.
I could see that -- IME, conflict of laws gets avoided more than really dealt with more than not. The most common thing I've seen happen in cases with a conflict of laws issue is "For X, Y and Z reasons, Ohio rather than NJ law applies. In an excess of caution, though, I will apply both the Ohio and the NJ test and rule that under these facts they come out the same way." For a real conflict with real consequences, I could imagine a judge panicking and turning to academia.
I know a whip-smart guy who did a combined Ph.D. in economics/law degree* at Michigan and is now teaching at a top 20 law school, so it's certainly possible to be an academic out of Michigan if that's the route you want to go.
* He's a lefty interested in intellectual property, and apparently found it horribly irritating whenever people nodded sagely and said, "Oh, law and economics, I see."
214 -- Oh, there are plenty of case cites to academic articles. I just regard that as make-weight. It seems to me that the only time you'd need a scholar to tell you something on a conflict question is where the other law is in another language. I might cite an academic describing Lebanese law, if I don't have a better English language authority for what I want. On the question of how a conflicts analysis ought to be done in a particular case, I think that since the 2d restatement, and the development of government interests analysis, the role for scholars is significantly diminished.
Second grade teachers are more important in terms of shaping the next generation.
(Jaded, I guess, by time in two different sausage factories: law review and watching a lobbying practice engage academics in their cause).
218 is right about the 2nd restatement. I think it was more interesting theoretically before--even if less practically fair.
The guy I knew who was brilliant had a an L.L.M from Michigan or something, worked for one of the major international law firms, but was first trained in Germany. There's a whole bunch of stuff that the American-centric stuff emphasized by Brainard Currie and NYU was kind of parochial.
I don't know anything about law schools but I think of Michigan, Columbia and Chicago and horrible places to be a grad student, with Chicago the best of a bad lot. They aren't even the Harvard/Yale culture of "We're very important, so figure out how to be brilliant on your own time," they're the crazy making culture of "We're very important, so you must all fight one another to the death until one of you emerges as king of your floating hell to obtain our limited favor/funding.
Now that the usernames exist, it seems that everyone I know has chosen...their name, or a shortened version.
But how does this affect the ladies who are expecting to add another surname when they get married?
Jimmy Pongo, Grad Student or professional student? Because they're very different.
And I think that any law school is going to be a bit like that, since ranking is so important. I went to a law school that was known for not being terribly "competitive." The similarly ranked school in San Francisco had a reputation of people taking reserve materials and cutting them up so that other people couldn't use them. My school was known as a place where people were friendly and helpful about telling people where the materials were. And we had 24-hour access to the building, because we all got keys. Still, people were pretty competitive.
And plenty of professors weren't interested in people they didn't see as top-ranked--especially the younger ones.
There's so much Chicago-bashing happening here that I almost feel compelled to defend it. But I know nothing about the law school, and even in the most congenial departments it seemed like grad students tended to linger longer than is optimal. Still: best undergrad education I could have asked for.
essear--Both LB and neb went to Chicago for undergrad.
223: Way to bring back the topic. I got my full name.
226: Yes, I know. And I also know that some of the U of C's departments are centers of idiosyncratic ideologies, as Gonerill said. But some of the departments are objectively excellent. Just hate to see the whole place tarred with the same brush. The law school may well deserve it, though.
Bostoniangirl:
Grad student, and yeah, they're different, which is why I specified that I didn't know anything about law schools. I don't think that promoting competition among students ever does anyone any good , but I can see how it would be more par for the course at elite law or med programs scratching and clawing your way to the top is how you prove your egomaniacal derangement/worth.
I've heard versions of the hiding/destroying materials thing about MI many times, and also several stories of emotionally abusive relationships with advisors. But, I also know folks who loved it, so, hey, if you dig the agon...
I am intrigued by how U of C really does occupy an interesting and unique place in American higher education. It seems to make choosing to attend the place a more fraught decision than it would otherwise be (of course there a number of folks here who could speak more directly to that) . In retrospect, I sometimes think that it would have been a good place for my eldest to have gone; my youngest did apply and was waitlisted (which he did not pursue), but I really was not in favor from the start (in part because it seemed one of the biggest attractions for him was that a girl he liked was a freshman there—always a terrible reason to choose a college, but seemingly even more ludicrous for a place like Chicago). But of course my assessments of the appropriateness of the place for either were based merely on reputation and second-hand impressions (and as others have said, grad vs. non-grad and law vs. other departments are probably quite different).
I also had a smart but complete asshole bully of a childhood friend/nemesis go there for undergrad, and a relative who popped in for a quick MA in anthro* on his way to a Law degree (not at Chicago).
*I knew Kurt Vonnegut had been a grad student in anthro at U of C, but only learned just now via Wikipedia that, the university rejected his first thesis on the necessity of accounting for the similarities between Cubist painters and the leaders of late 19th Century Native American uprisings, saying it was "unprofessional." and about the following bit of celebrity-whoring, The University of Chicago later accepted his novel Cat's Cradle as his thesis, citing its anthropological content and awarded him the M.A. degree in 1971. Oh, the academic standards!
I'm conflicted about Chicago. It was a fabulous, fabulous place for me in many ways, but I was very slow to realize how much political conservatism was tacked onto the academic conservatism of the Common Core. A decade on, I can't quite shake the feeling that I got snookered. On the other hand, Western Civ with the Weintraubs.
The University of Chicago later accepted his novel Cat's Cradle as his thesis, citing its anthropological content and awarded him the M.A. degree in 1971.
Chekhov tried to get his book on Sakhalin accepted as a thesis. I think they turned him down.
232: Apparently so. It was for his degree of Doctor of Medical Sciences at Moscow University.
Luckily for world literature the thesis was rejected by Moscow University--perhaps they thought the writing was too poor. This failure led Chekhov to give up academic medicine. He never tried again to re-enter a medical faculty but privately had the thesis published.
The University of Chicago later accepted his novel Cat's Cradle as his thesis, citing its anthropological content and awarded him the M.A. degree in 1971.
The version of the story I heard differs from the one he tells in the Paris Review As I heard it, from someone who was present at the meeting of the Anthro department where the decision was made, it was upon a request by Vonnegut. The request was made because, I was told, Vonnegut was teaching somewhere with a rigid salary schedule which depended upon the cademic qualifications of the teacher. If Vonnegut were awarded the degree he could get the raise that the school wanted to give him. There was a promise never to teach anthropology. Of course, I heard the story in 1971, from someone now dead, so I could have misremembered.
He did teach creative writing at Harvard for a short time starting in 1970, so the timing would be consistent at least. I have no idea what Harvard's salary structure is or was at the time.
The promise never to teach anthropology rings a bell---I think that story was told in introducing Vonnegut at a reading he gave on campus. For Time's Arrow, maybe?
Time's Arrow is Martin Amis, so probably not.
237: And it inspired a Weakerthans song! (Um, sorry. Crappy-ish live version.)
237: Crap! You make an excellent point. I mean Timequake.
I'd been hoping to comment at least a few more times before making an egregious error. Oh well.
mostly, i use the same english phrase password. When i needed a password at work that i had to change frequently, i used a sticky note. but most things i end up doing the 'reset password' email' song and dance if i'm not using my desktop, where firefox stores all the passwords.
since most every site requres you to get the password right in the first two tries anyway, it doesn't seem plausible to randombly guess even if you are limited to standard englihs
I did feel a certain amount of pressure in picking a name.
There were a lot of people who were pissed off at how Facebook rolled this out on a first come, first serve basis.