Cogitas Blog:
Musings on developing Android apps,
machine learning and misc tech stuff.

What’s your password strategy?

Filed under: google android, web — March 10, 2013

Not a week goes by without a high profile online service getting cracked (most recently, Evernote). Yet, thanks to smartphones and faster connections, cloud services are so compelling that many of us have come to rely on them. So what’s your password strategy?

Firstly, yes, we know, we should never use the same password twice. Many people do it but it’s bad… The problem is, how do you remember all your passwords?

A plethora of services have appeared, to help you store your passwords on a cloud server somewhere. Services such as 1Password store securely all your passwords on their servers and you access them with the 1 password. Mmm, what if they get cracked? Is a server really secure?

Then, you have the option of offline storage in a little black book. It’s fine if you are mostly desk based and have a secure storage area (like a safe).

Most people use a strategy in between. For example, they will use variations on a memorable word, so their passwords between services are technically different but not very dissimilar (for example, it may be “MonkeyT” on Twitter and “MonkeyF” on Facebook).

Another method, used by many self proclaimed geeks, is to mentally apply an algorithm to words. For example, you may replace “o” with “8″, capitalise every third letter and so on. For “converting” your password across different services, you may, for example, add the 3rd, 6th and 7th letter of the service, in the 2nd, 8th and 6th position of your basic memorable word. How complex it gets depends on how logical you are, mostly, but I know some individuals who have developed this to a fairly high level of sophistication.

Inspired by the method above, I designed an Android app called SafePass. The app lets you enter 3 words (or short phrases)  and generates a safe password for you. By safe password, I mean something that looks random, with small and big caps and digits. The way it works is simple: the 2nd word is used as a key to encrypt 1st word (AES Encryption), and then 3rd word is used as a key to encrypt the result of 1st encryption. The app has no internet permission so you know your generate password doesn’t get sent off somewhere to a server.

OK, you may say, but I still need to remember loads of words? As the app uses 3 words, you have a variety of options: you can use always the same first 2 words and change the third word to be based on the service you are creating the password for.  If you want to be a little bit clever, you can also change the order in which you enter the words (as this will change the generated password). Other options include remembering sentences, not words – this works particularly well if you remember a funny sentence. Your Facebook memorable words could be ‘My boss’ ‘is on’ ‘Facebook’ (this will serves as a handy reminder to yourself to think twice before posting compromising pictures of you!).

The app costs only £0.99 (= US$1.48) and there is a free 14 days SafePass demo available. It requires no permission of any kind, and it works on Android 4+ whatever the screen size.

There are other apps out there, I encourage you to try them all and assess them in terms of security, both in terms of “Should I trust the app publisher” and “Does it rely on a system whose safety could be breached by hackers?”.

Lastly, protect your loved ones, particularly those who are less aware of online dangers. If you have an elderly parent using a variety of online delivery services for example, do advise them on how to choose a password and tricks to remember it.

Diaspora, the privacy aware & personally controlled social network, to be open-sourced on 15th September

Filed under: web — Tags: , , , , , — September 1, 2010

By now, you probably know that Diaspora is a (as yet unpublished) social network where you own and control your private information.

Render maps in HTML5 using Geographic Style Sheets

Filed under: web — Tags: , , , — August 31, 2010

You know how it is, you follow a few links and then you find something that blows your mind… This is how I ended up on Cartagen, following a link from Open Street Map Wiki.

HTML & CSS validation

Filed under: web — Tags: , , — August 30, 2010

You can use WC3 Markup Validation Service to validate your html5.

New blog design, with HTML5 tags and mobiles in mind

Filed under: web — Tags: , , — August 25, 2010

I have finally updated the Wordpress theme for this blog. Some of the tweaks I have made include using new HTML5 tags, such as header, nav and footer. Other changes include moving the site navigation to the top, which is designed to help viewing the blog on a mobile phone.

How to reset canvas in HTML5

Filed under: web — Tags: , — August 24, 2010

The excellent “Dive Into HTML5″ online tutorial by Mark Pilgrim mentions that to reset a canvas (= clear all its contents), all you need to do is set its width. It even says that you can set the width to be the same as the current width and gives the example below

Google Chrome Web Store preview now up for developers

Filed under: web — Tags: , — August 20, 2010

The developer dashboard for Google Chrome Extensions is now up at

I haven’t tested it yet but it seems that you need to pay a one-time developer registration fee of $5. The fee is said to be required to verify your account and at that value, I can’t really think that Google is expecting to make money off developers registering. In comparison, to register as a Google Android developer, the fee is $25.

What is your CSS3 approach?

Filed under: web — Tags: — August 19, 2010

From my recent CSS3 research, it seems that there are two schools of thought when it comes to using CSS3 in your web design.

The first approach is to design your website without using CSS3 then to add CSS3 features to enhance the basic user experience of your website without any detrimental effect for those using a browser that doesn’t implement this specific CSS3 feature. For example, you can use rounded-corners for your menu because they look better – those viewing in a non-compliant browser will still be able to view your menu properly, albeit without rounded corners.

The other approach is to design for the most CSS3 compliant browsers and then to provide alternatives for browsers that do not implement a certain CSS3 capability. Note that this doesn’t mean designing for a specific browser, it is only about checking if the browser implements a certain CSS3 capability. For example, if the browser implements transitions and transformations, you can design a product area using these to show off different information about the product in a visually creative manner. If the browser doesn’t implement these, you can design the product area showing the different bits of information in a grid. This approach requires you to test if the browser implement a certain CSS3 capability then to provide two CSS codes.

Which approach do you prefer? Which approach are you currently implementing?

HTML5 rocks indeed

Filed under: web — Tags: , , , — June 23, 2010

I’ve just checked out the HTML5 presentation at HTML5 Rocks, it’s pretty impressive.

Of course, it’s a catch 22 situation: the more HTML5 compliant your browser is, the more you’ll enjoy the presentation (which encompasses HTML5, CSS3 and the new JS APIs). They should do a video of it showing what it should look like so people with older browsers might find out about it and decide to upgrade their browsers ;-)

To worry or not to worry about IE6

Filed under: web — Tags: , , , , — June 21, 2010

A few years ago, it seemed that web developers had to code their websites in two ways: to be compliant with standards and newer browsers, and for backward compatibility with IE6. Yes, IE6 was still widely used and behaved in its own manner, not following many CSS, JavaScript and HTML standards. This meant web developers had to add many hacks to their code to ensure the web page would show as desired – or as near to desired as possible – on IE6.

But, should we worry about IE6 now?

According to the latest report, the current share of IE6 is 18.11%. It’s much lower than it was, say, 2 years ago, but it is still significant (a bit over 1 in 6 but not quite 1 in 5).

Two sides to the story:

- if you don’t check for IE6 compatibility, you are excluding almost 1 user in 5. We’re not talking about a minority here, it’s a pretty serious figure.

- if you keep making sure websites look OK on IE6, you will not encourage people to upgrade their browser to a more modern one.

The question is, how easy is it for users to upgrade their browser?

- browsers are free so cost isn’t an issue.

- most modern browsers will not install on an old OS, such as Windows 98, and of course, a new Windows OS is not free. However, Linux is free and something like Ubuntu is quite user-friendly.

- it is relatively simple to install a new browser: one click to download, one click to install, a few clicks to accept user license.

- I know the above, you know the above, but what about your grandmother? She might have seen Google Chrome ads but she probably hasn’t taken notice. I certainly wouldn’t expect my father in law to upgrade his browser himself – however, I would gladly do it for him.

So my answer to “should you worry about IE6 compatibility?” is two folds:

- if you know somebody still using IE6, please, upgrade their browser for them.

- do not specifically design for IE6 compatibility because it is outrageous that IT managers up and down the country haven’t done their job properly and upgraded their systems to more modern browsers.

Too harsh? What is your take on this?

Older Posts »