How Strong Passwords are LESS Secure

We all know how important it is to use strong passwords and not to re-use passwords on different sites. We’re told not to use real words, not to use the names of pets or family members, not to use our birthdates, anniversaries, or Social Security numbers, and not to use common passwords like “password”, “1234”, and “qwerty”. And yet some of the most popular passwords at many sites continue to be easily remembered names, dates, or words.

Some sites have instituted draconian policies to make sure you use a secure password. Ironically, while some of these are banks, others are discussion forums for hobbyists or the comment section of a news site. I can understand why my bank wants me to use a secure password, but the comment area of The Mooselick Times?

Recently I was setting up a temporary testing account with Apple and had this exchange with their password validator:

Password: test
“Passwords must be at least 6 and no more than 32 characters.”

Password: testing
“Passwords must be at least 8 characters.”

Password: xxxxxxxx
“Passwords must contain at least one digit.”

Password: xxxxxxx1
“Passwords cannot contain more than two consecutive identical characters.”

Password: testing1
“Passwords must contain at least one upper case letter.”

Password: Testing1
OK

The problem with this is a) this is a temporary account for testing In-App Purchasing, and the Apple site knows that. Why all the security? And b) Since I’m never going to remember “Testing1”, I have to write it down (and write about it in my blog). Anyone who finds my password list now knows my “secure” password.

While this is no big deal for the testing account at Apple, it’s a big deal when it’s my bank account. I have a series of mixed alpha-numeric, non-dictionary-word, very secure passwords committed to memory that I use for my truly secure accounts. But if one of those doesn’t work at a site because it doesn’t meet their rules, I have to make up another, then write it down. Once it’s written down, it’s not secure.

At Laridian, I don’t think we put any restrictions on your password. Even though almost one thousand of you use “password” as your password, we’d rather have you be able to remember it than force you to make it unguessable then have to write it down.

Why I Run

I’ve never been one for sports or exercise, adopting as my life verse “bodily exercise profiteth little” (1 Tim 4:8a).

A while back someone asked my dad why I started running. My dad had an interesting answer. “I think he got a new phone that had a running program on it that let him track his location with GPS and keep track of his time, distance, heart rate and a bunch of other stuff. I think he started running so he could play with all that stuff.”

That’s not too far from the truth. About seven or eight years ago I started working out when my doctor put me on cholesterol and blood pressure medication. I was doing 30-45 minutes on an elliptical machine three days a week. About three years ago I was heading down to my dark basement on a beautiful spring day to work out when I thought, “why not run instead?” So I headed out the front door to see how far I could run. I ran until I got dizzy and my stomach got upset, then walked home. I got in my car and drove the same route and found I had run about three quarters of a mile.

Two days later I headed out again, this time with a program on my iPhone (RunKeeper, www.RunKeeper.com) that tracked my distance and time. I made it a mile before I couldn’t go farther.

I read online that it helps to run short intervals then walk for a minute or two. I started running quarter mile intervals with 2 minute walks in between and found I could cover 2-3 miles without wearing myself out.

A knee injury took me out the rest of that year (2009). I started up again the following spring and got my running intervals up to a mile and a half by the end of the summer, with total distances around 4.5 to 6 miles of running.

By now I was hooked. I enjoyed the challenge of running. Being able to track my progress on RunKeeper’s website was highly motivating. Running itself is hard and at times, boring. But it’s like the guy who was pounding his head against the wall. When asked why he did it, he replied, “Because it feels so good when I stop.” when I’m done, there’s a feeling of accomplishment.

This summer a friend told me she does the same kind of interval running, but runs 5 minutes then walks 1 minute. I switched to that method and increased my distance to about 7.3 miles.

A change in my work schedule made it more convenient for me to run on Tuesdays and Thursdays, so I added a Saturday morning run to my schedule. Three weeks ago I had a crazy idea and turned left when I should’ve gone straight and my usual 7-mile route became a 10-mile route. 10 miles wasn’t bad.

I told my friend about my weekend run and she said, “If you can run 10 you can do a half marathon (13.1 miles). So the next weekend I made another left turn and my 10-mile route became a 13.1 mile route.

The problem with running farther than you’ve ever run before is that you first have to run as far as you’ve ever run before, then you have to keep running after that. At about 11 miles I was re-thinking my decision but then I hit 12 and it seemed like a waste not to go all the way. I made it 13.1 miles in just under two and a half hours.

The following Monday, my sadistic friend said I should look for a “real” half-marathon to run. I went online and discovered the local running club was sponsoring a half-marathon the very next weekend. $36 later I was registered for my first official half-marathon, which I completed in about two hours and 23 minutes, beating the personal record I set the week before.

I told you all that so I could talk about technology. The core of the technology I carry with me is RunKeeper running on my iPhone. To that I add a pulse rate monitor from Wahoo Fitness (Www.wahoofitness.com). This provides real-time heart rate data to RunKeeper.

So that RunKeeper can calculate calories burned, it needs to know my weight. So I have a Withings WiFi-connected scale (www.Withings.com) that automatically uploads my weight and body mass index (BMI) to a website where RunKeeper can access it. This has the further benefit of tracking my weight loss without me having to create a spreadsheet and update it manually.

That’s the computing technology that keeps me running. But there are some other products that are essential. First, A Speed 2 hydration belt from Nathan Sports (Www.nathansports.com) lets me carry 20 oz of water or Gatorade along with a pouch full of “energy gel” packets for replenishing electrolytes (they’re what plants need) in long runs. (For runs that are ten miles or more I need more liquid so I have to plan my run to pass a water supply).

Absolutely essential are NipGuards (www.nipguards.com). Running longer than an hour or so causes a lot of nipple abrasion. Running without a shirt is not an option for me (I run past a school, and the sight of me shirtless frightens small children and some animals), so affixing a pair of NipGuards protects me from embarrassing blood-streaked shirts.

I’m currently running in Mizuno Wave Rider 14 shoes. These lightweight shoes give me a medium amount of support and cushioning without getting in the way of the normal flexing of my feet. The provide less structure than the Asics I was running in before, but are lighter and more flexible.

Other than my winter running gear, I’ve been able to find good shorts and shirts at Target. You need something that wicks moisture away and lets it evaporate, as opposed to a traditional cotton that will just hold sweat.

So yes, a lot of why I run is all the cool toys. But I can’t dismiss the feeling of accomplishment watching my times improve and distances get longer.

Fact: Verizon iPhone GPS is Grossly Inaccurate

Verizon and Apple deny there are any problems with the GPS in the Verizon iPhone. I can demonstrate this is not the case.

Today I ran a route that MapMyRun.com says is 5.06 miles.

Here is the route as recorded by RunKeeper on my AT&T iPhone 3GS: AT&T iPhone says 4.93 miles.

Here is the route as recorded by RunKeeper on my Verizon iPhone 4: Verizon iPhone says 6.3 miles.

The Verizon iPhone does a better job if you turn off its cellular data connection and WiFi. However, with cellular data turned off, I can’t use RunKeeper’s feature of reporting my position live on their website as I run, nor can I send or receive text messages. The AT&T iPhone does equally well regardless of whether its data connection and/or WiFi is turned on.

I’ve talked to the people at RunMeter and RunKeeper and had them analyze the data. It appears that Verizon favors using location data gleaned from cell towers and private WiFi access points. What you’ll notice with the Verizon map is that it appears that I run up to every cell phone tower and building that has a WiFi access point, when in fact I’m running straight down the street or trail.

Verizon denies there is a problem. I’ve talked to their tech support on at least three occasions and they have escalated the problem, but nobody has ever called back. Apple asked for supporting data but never replied after I sent it.

The proof is in: Your Verizon iPhone does not know where you are. It ignores location data from 24 geosynchronous, military-grade, high-tech satellites and favors rough triangulation based on your drunken neighbor’s badly configured wireless access point.