I’m sure we all get ten times more e-mail newsletters than we actually read, even useful ones that we actually signed up for. But there’s one regular collection of articles and links I always make time for: Bruce Schneier’s “CRYPTO-GRAM. It’s a monthly mash-up of security and technology news, seasoned with Schneier’s no-nonsense views.
Perhaps I’m biased, as a lot of the topics Schneier tracks overlap somewhat with my day job. But I really think the issues that he covers even harps on should be on everyone’s minds. And he writes in such a way that you don’t need a “CISSP” after your name to understand what he’s saying. There hasn’t been a “CRYPTO-GRAM” yet that I haven’t forwarded to someone else, because he always hits on something very close to home.
I just finished conducting a round of training sessions across three islands focused on information security, in which I talk about passwords, stress the need to make them more complex (by mixing numbers and letters, at least), and chuckle over how “password” is the most common password. This stuff is emphasized relentlessly in the corporate world, but it turns out that kids may also be smarter than we think. Schneier took a look at the passwords used by members of the immensely popular, too-cool-for-old-people MySpace website:
We used to quip that “password” is the most common password. Now it’s “password1.” Who said users haven’t learned anything about security?
In all seriousness, though, he found password practices generally stronger among the oft-dismissed MySpace crowd than among average corporate users… even though cubicle dwellers are often forced to sit through lectures about strong passwords all the time. Like mine.
Some of the other common passwords are interesting. Best line from the piece (originally published in Wired)? “I don’t know what the deal is with monkeys.” Or perhaps this: “Passwords have outlived their usefulness as a serious security device.”
The newsletter is largely a digest of Schneier’s writings elsewhere, though there are plenty of current headlines and dense references linked throughout. If technology, security, and privacy are remotely important to you at all, but you only have room in your brain for one well-rounded resource, you should subscribe.
P.S. If privacy and security is more than a passing interest, have you used PGP? I’ve had my public key online for years (see the little key at the bottom of every page?)… and I think I’ve received maybe five encrypted messages total. At least keysignings have introduced me to some great folks, and apparently bumped me into the “strong set.”