Digital Security - A Worthy New Year's Resolution

If you're looking for a worthwhile New Year's resolution, why not resolve to bump up your digital security a notch by changing all your passwords to new, stronger ones and resolve to never write them down!

As an IT practitioner I deal with passwords all the time. Between work and home I regularly use hundreds of accounts, each secured by a password. I don't EVER write them down! When it comes to password security there are just 2 rules to remember:

Rule 1: Length matters.
Rule 2: There is no other rule.

Lots of people use passwords like this one: Boston14. I picked 14 because it's almost 2014. I don't know why I picked Boston. This password meets many so-called strong password requirements being 8 in length and composed of at least one upper, one lower and one non-alphabetic character. Guess what, it's not a strong password. Neither is Yeller01 or SoccerM0M. Are your passwords kind of like these?

Here's how I construct secure passwords. First, I generate a very long password phrase that only I would know but that is easy for me to remember. String together several words that have nothing to do with each other but that you can easily remember.  You can use numbers too but remember, it's the length that matters! For instance, I might combine a favorite writer, "Clancy" with a favorite Starbucks beverage, "Mocha" and a favorite band, "Boston". That gives me a password that is 17 characters long. That's a brute force search space of about 150 octillion unique combinations of upper and lower case letters. Of course, using a dictionary attack reduces the search space to a theoretical 100 quadrillion unique combinations (of any 3 of the 470,000 words in Merriam-Webster).

I recommend you read this excellent article on password security to better understand why length is the main thing to consider when creating strong passwords. I used the "Passfault" hack time calculator (read the article!) to evaluate my example passwords. The results:

Password	Time to Crack	Size of Search Space
Boston14	< 1 day	3 million
Yeller01	< 1 day	45 million
SoccerM0m	< 1 day	8 billion
ClancyMochaBoston	220 years	7 quadrillion

OK, so what? So, I use this special long password to secure a password valet app such as:
KeePass Password Safe (my personal favorite), Dashlane or Password Wallet.

These apps keep your passwords securely organized and easily accessible from each of your devices. Basically you only have to remember the one "special" long password. All the others you can look up inside the app if you forget them. Perhaps the best part of this approach is that it forces me to record every account I have that made me enter a password. So, if some site I use gets hacked I just open up my password app, find the web site url, log in (it stores my username too!) and change my password to a new one.

Now go secure your digital world in 2014 and have a Happy New Year!

When Culture Trumps Technology

I was dumbfounded when my colleague "Sue" (not  her real name) announced in a meeting that the decision had been made to use "Redhat", our department file share server, for the collaboration and document management needed for an important, new, company-wide, committee and subcommittees. While it was not mentioned in the meeting, I knew that this committee would eventually need to share its work with a group of outside reviewers.





I gulped and blurted out, "Did you think about using Google Drive?" What a stereotypical tech guy thing to do. Skip all the discussion, consideration, dialog and feel-good collaboration and go straight to the solution. I knew that Google Drive would meet all their needs and minimize the need for IT to set things up and keep them going. I scheduled a meeting in which I would review the many advantages of Google Drive. I dazzled them with my brilliance as I showed them example after example of how easy Drive is to use.

Fast forward one week. The CFO sends me an email. He just got out of a committe kickoff meeting where it was announced they would be using ... wait for it ... flash drives for document management and collaboration. 

Head exploding. Can't think straight. What to do? How can this be happening? I just showed them all the amazing wonders and advantages of Drive. I guess my educational/training meeting was a complete failure. I had been planning a big Google Drive launch this fall with training and promotional messaging and the whole deal. Now a highly visible group of campus leaders have put the bus in reverse and stepped on the gas!

As I stewed and thought about all of this I realized that a much deeper problem exists that gave rise to this problem. That is the familiar old "silo" problem that so many organizations struggle with. I recently heard this referred to as "culture trumps technology". Rather than view the IT folks as subject matter experts in technology and go to them with a list of requirements, a group of well-meaning users "solves" the problem on their own. They wonder why on earth the IT guy wastes their time ranting about some new-fangled way of storing documents in the "cloud". 
Sensing that there was something bad about the "Redhat" solution (why else would IT have raised red flags?), they went back to find a better solution, but again on their own.

So, at the end of the day, the "silo" culture takes over and prevents the application of the right technology to the problem at hand. Successful, modern organizations are good at the latter. Organizations that can't or won't use computers for what they are good at, and people for what they are good at, will languish in mediocrity.

Are you using your technology people as experts? IT should be your first stop when you have a project that involves technology. And don't tell them the solution you need (I need 10 flash drives), tell them what you are trying to do (I need to share documents among 10 committees and post the results to a web site). Then heed what they say!

Don't let (bad) culture trump (good) technology!

iLearn? AppleTV and AirPlay in the Classroom

In higher education, consumer technology is both a blessing and a curse!

The curse?

Each fall I cringe, wait and wonder what new gadget will show up in the dorms, converting wireless bandwidth into the latest gotta-have-it diversion. Faculty and staff get these gadgets too and bring them to IT asking for help in getting them to deliver the promise that was advertised.

The blessing?

New gadgets bring new opportunities to do useful things in new ways, usually at less cost.

The AppleTV is an amazing example of such a gadget. At $99 it delivers a wide array of streaming media (video and audio) along with desktop mirroring (using AirPlay) to the classroom. Sure, we could use the classroom technology podium computer for desktop sharing, but this is so cool!

Actually it really is cool! Professors can now move around the classroom completely untethered from a podium. All you need is an iPad and an iTunes account (ok, maybe a NetFlix, YouTube, Hulu, ... account too) and you're GTG. 

At least, that's how the consumer technology promise goes. Of course, reality isn't quite so uncomplicated. It turns out that Apple's products

rely on the Bonjour protocol, a proprietary protocol 

that sends something called multicast packets across the network to discover other Apple devices on the same network. Colleges and universities typically use complex enterprise networks for wired and wireless connections across campus. Complex enterprise networks block multicast traffic to prevent flooding the network, and the hundreds or thousands of devices on the network, with these discovery packets. This is a big enough deal that a group of over 750 university technology administrators recently signed a petition demanding that Apple redesign their protocols to work in large enterprise networks.

To give you an example of the enterprise multicast problem, imagine coming home and yelling "Hello, is anyone home?". Now, imagine entering a room with 100 people all yelling "Hello, is anyone home?". On your small home network with a handful of devices, "shouting" works just fine, but this approach causes serious problems on a large, enterprise network, causing serious congestion over wireless networks.

Our challenge this summer was to figure out how to put an AppleTV in a classroom with a display, allowing a professor to come to class with an iPad, connect to an AppleTV over the wireless network, and use AirPlay to give a KeyNote presentation. Of course, the iPad's Remote app can also be used to play YouTube, NetFlix or Hulu video, iTunes music and a whole host of other cool content.

Well, thanks to my talented and tenacious team who figured out how to get our Cisco enterprise network to tolerate Apple's Bonjour protocol, Simpson University is rolling out AppleTVs in 5 classrooms this fall! We have professors who are excited to start using their iPads and we are excited to see if this new technology will result in more effective learning. Stay tuned!