So many usernames and passwords

Where do you have to put in a username and password in your daily computer geekery? Here’s what it looks like for me.

Work stuff

my laptop running Windows • our crappy corporate email client • our crappy corporate travel provider • the software that controls the phone on my desk • lots of other programs not smart enough (or not allowed) to authenticate me based on other methods

Personal stuff

our Mac at home • our Linux desktop at home • our Linux laptop • our email provider • our bank • Skype • Paypal • Amazon.com • Amazon.de • iTunes • Twitter • dozens, if not hundreds more

I imagine your situation is similar. With the personal stuff, you really should not be using the same passwords at multiple websites. Just one site being sloppy about security and getting breached by hackers is enough for them to send email in your name and steal money or service from you — look what happened to usernames and passwords recently at Gawker Media. You probably know someone whose account got hacked with real-world financial implications — I know two people to whom this happened in 2010 (and a third who got hacked but apparently didn’t lose any money). It happens all the time.

You and I both know you this is not a safe practice. But what can you do about it? With so many usernames and passwords in your daily life, the natural inclination is to stick to just a few username/password pairs and reuse them entirely or perhaps modify them slightly. Writing down passwords and usernames onto paper might be OK at your home, I guess, but that means you need to carry that piece of paper with you out into the world if you are going to do any sort of mobile computing. Writing those usernames and passwords onto paper at the office is a terrible idea; don’t ever let your IT people know that you do it.

password safeInstead, you can use Password Safe on Windows or a compatible program like Password Gorilla on Windows / Mac / Linux — and even on your iPhone or iPod Touch via the PasswordVault app. Instead of those hundreds of username/password combinations to remember (or look up), you only have to know one password to get into your “safe.” From there, you can copy usernames and passwords with the mouse (and keyboard shortcuts) from the “safe” into whatever application is requesting your credentials. Password Safe can randomly generate passwords for you based on policies you define: minimum password length, exclusion of easily mistaken characters (like zeroes/O’s or ones/L’s), inclusion of punctuation characters, etc. Lots of cryptologically sound practices there. “But how will I ever remember those randomly-generated passwords?” you ask? Well, you won’t. You’ll have to remember the one password to get you into the “safe” and the application will remember the rest for you.

I keep my “safe” file updated on my Windows computer, and then synchronize that periodically to my Mac and Linux machines via Dropbox. From my Mac, it synchronizes into my iPod touch. This means I am carrying that piece of paper with all the sensitive info on it around with me after all, but in electronic and encrypted form: I still have to enter the password to open the “safe” on all those computers/devices in order to get a glimpse of the content.

But hey, I can remember one password pretty easily, especially if it virtually eliminates the chances of someone stealing my purchased Skype-out credits or impersonating me via a hacked Gmail account.

DB: c’mon, work with me here.

The Deutsche Bahn website is not the easiest to navigate, in my opinion, but recently they’ve made efforts to increase its user-friendliness.

Though it still chafes that you can buy tickets via your mobile phone (for verification by the conductor on-screen) or computer (print your own paper ticket) up to 10 minutes prior to departure, unless you want to buy a BayernTicket online. You have to do that three days in advance or suck it up and wait in line at the station at the ticket counter or use a ticket automat.

bayernticket_online

What a pain.

MarsEdit, TextWrangler, and sshfs via MacFUSE

I know it’s nerdy. Just move along if you don’t get like it.

I’m trying out a couple things at once here, and not all of them are successful.

#1 MarsEdit MarsEdit, software for blogging (through WordPress in my case, but presumably via others) without relying on a webbrowser.I like the live preview-as-you-type thing. There’s a flickr plugin or something for it too, which I might try out with this post. Seems to support tags, categories, and post status stuff (draft, published, etc.) I guess it won’t replace the WordPress front-end (Dashboard, Settings, Plugins, etc.) but it’s a comfort thing to be able to post — the main function needed for a blogger — with a nice GUI. There’s an HTML helper thing too. At first I poo-poo’d this like I do most clicky HTML editing widgets, but this one lets you define your own macros. I dig that. Seems pretty good so far, but I’m not sure I’d pay $30 for it. Oh well, the free trial (for a month) out to help me decide whether to cough up for it.

#2 I am intrigued by handy, usable text editing (coding) software that will let me edit files on my websites remotely over a secure connection (scp, ssh, sftp, stuff like that). In the Windows world, at work, I generally get this done via mapped network drives and security is not really a concern. I use UltraEdit for that (I think it cost about $50). I recently heard about TextWrangler for Mac OS X thanks to a geeky BBS I frequent that does a lot of the same stuff (at least, a lot of what I need it to do) as freeware. Bonus! Get a copy from their website and try it out on your Mac yourself.

#3 Piggy-backing off of #2, the next cooler level is to be able to edit remote files with software that thinks they’re local when they’re really not. Or being able to hook up all kinds of different filesystems to your computer which it otherwise wouldn’t natively support. That’s what FUSE is all about, and MacFUSE allows you to use sshfs — meaning your favorite text editor, whether it can already remotely edit files or not, can be tricked into thinking the content you’re writing resides locally. Sadly, I’ve not yet managed to make this work. I am using the latest MacFUSE disk image and a static binary for Leopard and am getting the following errors:


sshfs: cannot find sshnodelay.so
warning: ssh nodelay workaround disabled
user@hostname's password:
fuse: unknown option `auto_cahe'
mylocalmac:Desktop cliff$ mount_fusefs: failed to mount /Users/cliff/Desktop/the_mountpoint@/dev/fuse0: Socket is not connected

Anyone know what I’m doing wrong? You’re supposed to be able to use the sshfs static binaries with recent versions of MacFUSE, but uh….yeah, it’s not working.