About me
Archive
About me

Passwords suck

The Washington Post’s Hayley Tsukayama recently pointed out out that in the latest version of Windows,

if you go through setup as recommended, you’ll never get a password option.

Passwords, we can surely agree, are the bane of modern digital existence. On a big-picture level, insecure passwords cause an estimated 80 percent of breaches, according to a 2017 report from Verizon. On a human level, they’re paralyzing; right when you need to access your utility bill, you can’t remember if you replaced the “a” with a 4 or an @ symbol.

Indeed, we certainly can agree: passwords suck. I seemingly have quite a few more online accounts with passwords than the average person. It’s simply impossible to have unique passwords for all these accounts and have any hope of remembering them. So for many years, I used Lastpass to manage my passwords (though I moved elsewhere after their significant data breach), and turned on two-factor authentication wherever I could. I even used a YubiKey for a bit, until I got fed up with having to fetch my keys to log in to stuff. Despite this, I was still pretty lazy, and typically used the same password (or a simple derivative of it) to sign up for new services, which meant that–despite all advice to the contrary–many of my accounts ended up with the same password.

I thought this was “alright enough” security. I had unique passwords for accounts I saw as “high risk”, such as banks and email accounts, but “so what” if some loyalty card account shared a password with some other account. I didn’t think I cared. Even when I knew that various company’s data breaches had exposed my information, I didn’t think I needed high security on most of my accounts.

Then, in a matter of months, three things happened that changed my mind.

First, somebody used my details to spend a couple of quid on my Greggs app. I don’t actually use the Greggs app very often, so it took me quite a while to notice that my account had been drained of the small change it contained. And I wasn’t all that bothered: I was mostly amused that someone had gone to some effort to steal a small amount of money to spend on pastries. I didn’t even report it, I just closed down the account. (Sidenote: yes, I’m a public health consultant, and yes, I had an account on the Greggs app. Deal with it.)

Second, I noticed that dodgy advertising text had been inserted into a number of posts on my blog. This did irritate me. It turns out that I had both used a frequently repeated password to secure the database that runs the site, and also left this in a publicly accessible place. I’m fairly certain that it was the former rather than the latter that led to the problem. In some cases, the miscreant had also deleted the backups of posts, so I couldn’t do a simple restore to overcome the problem: I had to do it manually. And I still occasionally come across bits of inserted text that I missed when cleaning up.

Third, someone knicked £8 of Costa points from my loyalty card. This also annoyed me–albeit slightly irrationally given that I rarely bother to redeem the points, hence having £8 built up. Again, used a password that I’ve often used elsewhere to secure this account. I did report this, and Costa refunded the points and (so they told me) investigated the fraud.

What’s the point of all this? I suppose I realised that I cared more about many of my accounts than I thought I did. The convenience of using an easy password meant that my security was a bit lax around the edges, and I lost out around those edges. The system of using passwords to secure accounts inappropriately rewards lax behaviour on a day-to-day basis, as it is less hassle than securing things properly.

I’ve since used my password manager properly, changing all of my accounts to long random sequences of numbers, digits and symbols that even I don’t recognise, and got into the habit of generating new secure passwords every time I’m asked to set one up. This takes a very small amount of hassle, but certainly more hassle than a go-to easily remembered reusable password… until the account is breached, of course.

There are still settings where I maintain that a long string of characters as a password is not particularly helpful. For example, I was at a conference at the Royal Society of Medicine the other day where the delegate wifi password was long and complex. Who were they trying to keep out? Why was any password even necessary? But at the same time, it’s becoming clearer to me that lax security is no longer really good enough, even for seemingly insignificant accounts.

It seems to me that ‘password management’ has gone from being something that ‘techy people’ need to think seriously about, to something we all need to think about. And let’s be honest, most of us won’t, at least most of the time. So it’s always good to hear that passwords are being ‘phased out’. The sooner the better, as long as the alternative isn’t too much hassle!


The image at the top is by Christiaan Colen on Flickr, used under Creative Commons licence.

This 2,417th post was filed under: Posts delayed by 12 months, Technology, , , .

Balancing an egg on end

There’s a quaint Chinese legend which says that raw eggs can be stood on end at the vernal and autumnal equinoxes—that is, today. I first came across this in season four of The West Wing, in the appropriately named episode Evidence of Things Not Seen.

Most superstitions try to convince people that the impossible can happen under specific circumstances. What I really like about the egg myth is that the exact opposite is true: it’s perfectly possible to balance an egg on its end on any given day of the year (particularly if the egg is first vigorously shaken). The myth is in the restriction to a specific date, not the action itself.

It’s this aspect of the legend that makes me want to revisit it regularly. In life, I think that myths more frequently work this way round. I find that people far more often build up a sense of challenge and foreboding around straightforward tasks than insist that the impossible can be done if only specific circumstances applied—and certainly, I think it’s human nature to think this way when looking ahead to events in our own lives.

The legend is a good reminder that we shouldn’t get distracted by the social mythology that gets built up around stuff, and we shouldn’t give into our own fears about future events. There are enough barriers and hurdles in the world without imagining ones that don’t really exist.


The photo at the top is my own, originally published on 20 March 2012. In retrospect, I should probably have tidied the kitchen table a bit before taking the photo.

This 2,414th post was filed under: Posts delayed by 12 months, , , .

Political polls are getting more accurate

An interesting article by Will Jennings and Christopher Wlezien in today’s Times Red Box pointed me in the direction of their recently published paper in Nature Human Behaviour on the accuracy of pre-election polling. Their conclusion, in a nutshell, is that polls are becoming better at accurately predicting the outcome of elections.

This gave me pause for thought: are polls designed and intended to reflect the outcome of an election? Or are polls about reflecting the views of the population at a point in time?

My hunch is that they are more often designed for the latter purpose. Most polls ask how people would vote if there were an election today. I’m not aware of any polls that attempt to correct for the typical post-election “honeymoon” nor the typical midterm “slump” in their efforts to better predict the next election result.

If my hunch is right, then it’s probably unfair to talk about poll “error” when the results of polls conducted well before elections do not match the election results. More importantly, it puts a different spin on their findings.

Assuming all other things are equal (which they are most emphatically not), then late polls better reflecting the outcome of an election suggests that they are better reflecting the views of voters. Assuming that this increased “representativeness” carries across the election cycle and that polls are measurements rather than predictions, then mid-cycle polls more accurately reflecting the final outcome suggests that the population’s views are becoming more intransigent. (In truth, I’ve no idea whether or not this fits their data, it just seems like it might.)

I don’t know whether that is true or not, but it certainly feels like it might be. I feel like things are reaching a point where people are no longer willing to engage with alternative political views, let alone change their own view. On social media, in particular, I see people who didn’t have had a clearly defined political view five years ago now suggesting that those with differing political views necessarily have malintent. This goes for both sides of the political debate. This never seems a particularly good strategy to me – I don’t think many people have their views changed through the hurling of insults!


The picture at the top is by RachelH_ on Flickr, used under Creative Commons licence.

This 2,411th post was filed under: Politics, Posts delayed by 12 months, , , , , .

Happy Birthday John Snow!

Alongside my main job, for a few hours a year I’m an Associate Lecturer in Public Health at Northumbria University. My biggest single contribution in this role is a full day seminar on health protection, which forms part of the Master of Public Health course. By sheer coincidence, this year’s seminar fell on 15 March—today—and so I “treated” the students to a brief lecture version of this blog post from a couple of years ago. They seemed to like it!

This 2,410th post was filed under: Posts delayed by 12 months.

Spring is coming… just not yet!

Spring feels like it is just around the corner, with crocuses and daffodils just starting to appear along my route to work. I think the combination of lighter mornings and other signs of spring life do a lot to lift the mood at this time of year! Unfortunately, there is further snow forecast for the coming weekend—really rather unusual for this late in March, and potentially very problematic for sheep farmers with lambing season well underway.

This 2,408th post was filed under: Posts delayed by 12 months.

I find it hard to write about classic works of literature

Yesterday, I finished reading Decline and Fall, the seminal social satire by Evelyn Waugh. I picked it up because someone⸺I cannot for the life of me remember who⸺recommended it as the funniest novel they’ve ever read. I can’t even remember whether someone said this to me in person, or whether I read it somewhere. I’m useless at this kind of thing, and haven’t come up with a good way to address my uselessness.

When I finish a book, I usually write a paragraph or so about what I thought and post it on Goodreads. This stops me from unintentionally reading the same stuff twice, acts as an aide-mémoire, and lets people know what I thought of the book. The last of these was never really an intention, but I’ve become increasingly aware of it as people in real life talk to me about what I’ve written, and sometimes tell me they’ve read books as a result. Once a month, I also reflect on what I wrote after reading each book, and post a tweaked version to my blog.

With Decline and Fall, I really struggled to think what to write. The same is true of Frankenstein, The War of the Worlds and A Christmas Carol which I read late last year. These are all very widely respected seminal works which people are very attached to⸺including some people I like, admire and respect. With the exception of Frankenstein (one of my own favourites), these are all books which I wasn’t completely wild about. That’s not to say I didn’t like them, enjoy them, or admire them, but none of them are books I’m desperate to re-read at any point.

Now, if these were pieces of music or works of art, I’d have no hesitation in writing that I found them less than earth-shattering. Indeed, I’ve no hesitation in trying (and failing) to convince Wendy that Daft Punk’s Random Access Memories is a great album, not “a bit weird”; I’ll happy tell anyone who will listen why David Shrigley is one of the UK’s greatest living artists, even as others call his work ‘mundane’, ‘spare and child-like’ or ‘quirky in the worst sense’; and this Letter of Recommendation by Jessica Chiccehitto Hindman in the New York Times article got me tweeting without hesitation about how Winter my favourite of Vivalidi’s Four Seasons concerti, despite having been to plenty of weddings featuring Spring.

So, to pose a provocative question to myself: Why I am happy to disagree with people about the music they’ve chosen on the most carefully planned day of their life, but not happy to be seen to disagree with people about a book they’ve read? I haven’t got a good answer to that question, but here are some thoughts.

I think reading, more than most other art forms, is as much about the reader as the writer. I know others will say the equivalent applies to music and visual art, but I disagree. To read a book is to build a relationship over a relatively prolonged period of time with the person who wrote that book. Therefore, if I don’t think there’s much to be squeezed out of Decline and Fall as other people, I think this is as much about me as it is about the book. Yet if I say I don’t enjoy it, it feels like I’m criticising people who like it as much as the written text⸺and that’s not something I mean to do.

On top of that, I write all the time. On the other hand, I’ve never written decent piece of music in my life (except perhaps a variation on The Holly and The Ivy⸺no, this isn’t a joke⸺which I wrote when studying GCSE Music, and which I really liked, and which was performed at a school carol service⸺a high bar this is not). I cannot draw or paint to save my life: I’m colourblind, and struggle to stay within the lines at the best of times. So perhaps, despite having never written any extended works of fiction, I have slightly better insight into what goes into writing a novel, and feel worse about criticising something that I know has so much effort and soul poured into it.

Finally, I think there’s a sort of elite snobbery around books. A work colleague was recently shocked that I hadn’t ever read anything by the Brontë sisters; another was appalled that I’d never read Anna Karenina. So perhaps there’s an underlying nervousness that if I say that I don’t particularly enjoy books which are widely recognised as great works of literature, then I’ll be judged for it… which is obviously hogwash, because I’m reading for pleasure, and it’s perfectly reasonable to hate something while appreciating that it is important. I understand that Shakespeare’s work is important, but that doesn’t mean I need to ROFL like an insufferable toff at every joke which requires a fifteen-minute primer on the social strata of the time. I understand that Dracula was an important milestone in the development of Gothic horror and in challenging the suppression of women in society, but that doesn’t mean I have to love the truly terrible final third of the novel.

So each time I struggle with what to write about these books, I try to think: it really doesn’t matter. I’m not setting out to impress anyone. I read for pleasure, not to educate myself on the history of world literature. If someone thinks less of me because I enjoyed reading B.J. Novak more than Muriel Spark, then that’s their issue, not mine. “All readers are equal,” as Alan Bennett would say. I should just say what I think. I set out to do exactly that: and then second-guess myself, wonder exactly what I did think about a book, and start the whole cycle again.


The brilliant picture of Liverpool Central Library at the top of this post is by Tee Cee, and is used here under its Creative Commons licence.

This 2,406th post was filed under: Blogging, Posts delayed by 12 months.

Will Camilla be Queen?

There is much made in the press today of a change to the Clarence House website. A passage which explained that the Duchess of Cornwall plans to use the novel title Princess Consort, rather than Queen, when the Prince of Wales accedes the throne has been “quietly removed” (The Telegraph). The press extrapolates from this that Prince Charles “plans to go back on his word and make the Duchess of Cornwall queen” (The Times). This is certainly a reaching stretch of a journalistic conclusion, but the coverage has caused me to reflect a little on the situation.

Is there really a decent argument for the Duchess of Cornwall being anything other than Queen? Regardless of whether she chooses to style herself as such, Camilla will be Queen. In the same way, the Duchess is currently Princess of Wales, even if she chooses to style herself with a lesser title.

But let’s assume for a second that madness prevails, and someone wishes to make an argument for the Act of Parliament which would be required to stop the Duchess becoming Queen, and all the comparable legislation in the nations where Charles will be King. There appears to be no basis for doing this: the common argument mostly boils down to “the public won’t accept it” and “people disapprove of her private life”. The whole point of the monarchy is that such things don’t matter. We don’t get to choose our monarchs or their spouses: provided they are eligible to accede their positions, then accede them they do. If there were a public desire to be picky, then the problem is with the monarchal system, not the individual.

To me, the more persuasive argument is a constitutional one: now that the constitutional principle of primogeniture has changed to favour the firstborn regardless of sex, it’s no longer logical to assume that the role of King is superior to the role of Queen. There should, therefore, be gender equality in terms of the title given to the spouse of the monarch: either the spouse of a Queen should be called a King, or the spouse of a King should be called the Princess Consort (or Queen Consort). To my mind, the latter is the better solution, otherwise we would need to invent another adjective to distinguish the member of the royal couple with the inherited position and constitutional power. It would also be the clearer solution in the case of a monarch with a same-sex spouse acceding the throne.

The catch with my constitutional suggestion is that it really ought to have been sorted when the constitutional changes to primogeniture were approved by Parliament (and equivalent bodies in other nations). However, the problem was sidestepped, along with a host of other gender-related problems. For example, the honorary title bestowed to the spouse of somebody in receipt of a duchy is ‘Duchess’ if the recipient is male and the spouse is female, but zip if the recipient is female and the spouse is male. It’s therefore hard to argue that the status of duchies is equivalent between the sexes.

And the problem with sorting any of this out is that one quickly ends up questioning why such an archaic system survives at all. Only a minority of people may support abolishing the monarchy, but surely an even smaller minority would support creating one if it didn’t already exist.

No doubt harming my credentials as a liberal-leaning millennial, I have to admit that I don’t know my own mind on the future of the monarchy. I vacillate between thinking “of course the monarchy is anachronistic, undemocratic and should be abolished”, “of course the monarchy is anachronistic and undemocratic, but it’s mostly harmless, might do so some good, and no other option looks much better”, and “of course the monarchy is anachronistic and undemocratic, but it would be madness to abolish a long-standing and proven check/balance on our system of government”. In retrospect, I’m surprised to see how unequivocally positive I was about the wedding of Charles and Camilla at the time.

So, in order to avoid complicated and unpredictable questions, it seems to me that the most likely option is the fudge that has been already proven: Camilla will be Queen, but she’ll call herself something else… which is what the Clarence House website said all along.

This 2,403rd post was filed under: News and Comment, Posts delayed by 12 months.

The content of this site is copyright protected by a Creative Commons License, with some rights reserved. All trademarks, images and logos remain the property of their respective owners. The accuracy of information on this site is in no way guaranteed. Opinions expressed are solely those of the author. No responsibility can be accepted for any loss or damage caused by reliance on the information provided by this site. This site uses cookies - click here for more information.