I recently updated my Facebook password because my password was reset by Facebook for some unknown reason. This incident alerted me of security levels of my passwords. I was pretty much using the same passwords for many of my most important emails but also on some doubtable websites, even though they all claim they will not share registration information with anyone else.

Risks

• Increasing number of phishing sites. Phishing refers to websites which mimic designs of some popular website and asks users of the authentic website to “log-in” to the site. They would then store the credential and use them for malicious purposes;
• Increasing risk of cross-domain scripting attack. Along with the exposure of Ajax, cross-domain-scripting has gained more power and browsers can be tricked to send cookies of some domain to illegitimate domains, exposing important information in cookies to third parties;
• Reusing same id name across all websites. In the past few years many specialized web applications have been built and the Internet has become more heterogeneous. These new web apps offers service like no others. Even though they all provide APIs for other people to access their function, up to now, users still need to have register at all places. Keeping user names consistent is certainly what most people would like to do during registration. Therefore, if someone has gained the username and password pair of someone from one site it uses, it can be reused, sooner or later, on some others, or at least, as a great heuristic guess.

Schema

To guide myself in choosing password during registrations, I’ve created the following diagram to show the level of seriousness in selecting password strength for different accounts on the web.

Highest Level - Frequently Used Emails

We shall use the most complex passwords for these services and never give them to anyone else. These are fundamental online identifications which may help you reset passwords of other services in the case of password breaks.

Second Highest Level - Essential Favorite Web Apps

For some of famous and well-respected web services, we may use a looser password, but still contains variations of cases and character sets.

Second Lowest Level - Not-So-Trustworthy Websites

Some blogs ask users to register before they can post comments. This is okay since they may be victims of spam themselves. Many blogs are well-respected and they offer great contents. The authors don’t really care about your password but simply want to block unfriendly visitors. But the problem is some of those bloggers may not be able to take care of their user info, especially for those non-technical bloggers. If someone hacks through their database and get all the information about you, the damage can be significant. It will happen sooner or later, on some of the blogs. So it’s good to be prepared before hand.

Lowest Level - All Other Websites

If you are visiting some websites with crappy designs, you may need to think carefully before you give away your common password to them. Or any other websites which claim you’ve won a great fortune, stay alerted and calm. Everyone knows they are malicious and deceptive, when they are thinking about it clear-minded.

Misc

A strong password is usually at least 8 character long and would consists of letters in lower or upper cases, numbers, and even punctuation.

Were it not because Gao, Yuan sent me the nerd test two weeks ago, I wouldn’t have realized how nerdy I am. I scored 75% in the test, but I can be much nerdy than that. Simply because some of the questions are so obvious that you know the result will show you’re nerdier if you choose “you know it” than you don’t, so I escaped some, pretending that I don’t know about it. O well.

But, I should have known that I am nerdy without taking any tests. It’s just that I’ve been so used to the lifestyle I have and never thought about it.

• First of all, I don’t watch TV. If I like a particular series, I’ll download as many seasons as I can find off the Internet and watch them whenever I feel I want to, in particular, when I am having dinner. That doesn’t sound too bad, but the problem is, the TV series available for download out there, are usually at least a year behind the latest ones. That means, I live in a world a year behind others’, on average.
• Secondly, I don’t make new friends, or rarely do, in real life. That’s probably not quite precise, since every time I get into a new environment, I got to know a lot of new people and faces. But, 99% of chances are, the relationships will limit to saying hi when met in the hallway and not a word more than that. This is a big problem though, but I’ve been so used to it, probably for years that I just don’t feel lonely at all. It might also be why I haven’t been sent to a mental hospital, yet.
• Kind of followed from above, I cannot speak fluently, either in English or my mother tongue. So there is no wonder why my spoken English got hardly improved in the last few years. Because I just couldn’t speak logically or consiously, not even in the language I am more familiar with!
• Another thing is I bite nails when I feel nervous. Yep. To be a nerd you gotta have some bad habit.

There are a bunch of other symptoms on me though, but the killing one is, I wanna to be nerdier, a researcher!

A list of my other symptoms (not exhaustive):

• I don’t drink
• I don’t clubbing
• I don’t smoke
• I don’t call friends
• I don’t read literature
• I don’t know politics
• I don’t watch sports nor care about the results
• I don’t recognize a lot of celebrities nor know the buzz
• I can stay home all alone without feeling lonely
• I don’t know how to bargaining

This is not a IE friendly blog. I was kinda tired of the crap IE6.0’s lack of documentation. There are just too many things that IE is behind the standard on. However, the readers and users are innocent, even though there is none at this moment (;-\), it is insane to let the user suffer from these incompatible issues. Ahhhhhh, but I am so tired of this. I am hoping some kinda hero, maybe like spiderman or superman, if they know W3C, to jump out and save the world! By like, kidnapping the CEO of MS and Mac and Moz, maybe NS as well, and let them sign the agreement on joining together. Lol…just kidding. Then this huge mixture will “take over the world” again.

Seriously, people should use Firefox, just so that they can visit my blog. Woohooo~ XD