August 29, 2008

The MTA doesn't take my house keys

As I was walking towards the turnstiles I dug into my pocket for my authentication. Its the wrong way to think about metrocards but I can't help it. Security, passwords, authentication, identification and privacy have all dug their ways into my consciousness. I'm faced with a plethora of different systems all requiring me to prove something one way or another. If its not the subway wanting proof of fair, its my phone wanting to be unlocked for access to my contacts, calendars, and email. At work I have it easy, I log in whenever I sit down. (I lock my screen when I leave, half for security, half because I've earned retaliation from pulling pranks.) Every windows server, workstation and even some of my linux services, everything in the domain recognize me for who I am when I try to talk to them. My workstation takes care of all of the details.

When I try to get into the office its a RFID swipe card that beeps me in. The server room has a regular key. My laptop has a long password and keeps all my files (not my music) encrypted when its off, my desktop has nothing, no private data, just some games and movies, so no password. It doesn't even stay logged into my email.

During my day I type probably 5-10 different passwords a combined total of a few hundred times. Maybe not that much. I've started using SuperGenPass for websites so even though its one password to me, its a different password for each website. Which is very very good. I do a similar thing with my shell and ftp accounts (of which there are many) I generate a random password (often using this handy site) and save it to my OSX keychain. I still use a text file for passwords sometimes and even though its locked behind filevault (the encryption on my laptop) it still leaves a sour taste in my mouth.

My mail has a long, annoying and different password then everything else. I change it from time to time too, its annoying. But since almost everything else I use a password for will use my email to verify me its important. I've known that for a long time, I've only stopped using my 'legacy' default password for everything (which has grown in length over time but still plastered on any site that would have it) about 2 or 3 months ago. It was a sad and sorry state of things, but I changed it before it bit me in the ass.

I do use openID (check the source of roborooter's home page and you can see my provider information) which let's me log into any site using only my url and let me log into only my provider for the password. (So I don't have to trust or use a different password for every other site.) So far I use it for only a few things, but more all the time. Stackoverflow, livejournal, sourceforge, itself, and a hodgepodge of other sites I can't remember. I could actually check and remove access to my openID for some of those sites if I cared to.

This is my context when I walked up to the turnstile this afternoon and pulled out my keys. Or yesterday when I walked into the turnstile's bar and smashed it against my groin with a loud thump. I had already logged into my network account, why did I need to log into the subway again? For most people a metrocard is money, I pay a lot for (and use it plenty) a monthly card. I have unlimited rides, not a dollar amount on a card. For me my metrocard is just another form of authentication. "Hi, It's me let me in, I'm good for this month. What? Oh OK I'll log in again."


(Now with better spellings, more links, and a recovery from DreamHost's databases reverting.. even with review, writing a post on my blackberry has it's disadvantages.) © 2023.
Powered by NextJS on Vercel.