Passwords

Changing a password is a big step to help keep control of your accounts and information. It also can be frustrating, so people often resist making good password choices.

 Here are the latest tips about passwords, which include lessons learned from years of password frustration and failure – this is not the same ol’ blah blah blah…

1. Long passwords are good passwords

The very word we use to describe the thing, a “pass word”, has led us in the wrong direction, especially combined with the other old rules. It’s much easier to remember, and much harder to break, if we use pass PHRASES – multi-word combinations – as passwords. Every added character doubles the time it takes to brute-force a password.

Old: “Password-2018”

New: “My super-secret phrase would take 10 years to guess.”

My favorite pass-phrases are lines (or parts of lines) from Shakespeare sonnets. I don’t have many of them memorized, but if I keep at it for a while maybe I will eventually, which would be a nice added benefit.

2. Write your passwords down

Ideally we’d all remember our passwords easily, and that was fair when they were short and most people only had one or two. These days, when people might need to log in to half a dozen different services in a day and scores of them in a year it’s simply no longer possible. A shortcut people often take is to come up with a “good”, "complicated" password that meets all the tests for strength (like “Pa$$word-1992”) and then commit it to permanent memory. That weakens passwords in a couple of ways.

In keeping with the first tip, using long passwords and writing them down if necessary is much more secure than using short passwords easily remembered.

Also, “write” doesn’t necessarily have to be a sticky note on your monitor. There are several excellent password manager apps and desktop programs, such as LastPass and KeePass, that are great for organizing logins and passwords while keeping them safe from accidental disclosure – which also helps with the next tip…

3. NEVER use passwords over, NEVER use one password for multiple services

When that one good "Pa$$word-1992" was locked into memory, it was common to use it for the few things that required a password. As the demand for password use grew, and attacks on passwords became more common, one leaked password gave bad people the keys not just to the service that leaked but also to every other service where that password was also in use. This is like using your school locker key for every apartment, home, office, and car you ever used – a bad idea!

Time is also a big factor here. If a copy of the one good password lives on at a service I don’t use anymore, it might be exposed and I might never know. Using unique passwords helps increase the security of each account.

4. Reset, reset, reset

If you’re familiar with “phishing”, where an attacker pretends to ask you to log in but really is just collecting your password, imagine what a jackpot they get from people who try a list of different passwords! And sometimes the first sign of trouble is a password that really should work but doesn’t.

If your login or password doesn’t seem to work when it should, don’t just keep trying. Most web sites and services have an easy means to request a new password, which involves emailing or texting a temporary code to you using an address or number you’ve previously given them, or by other means. Resetting the password can stop an attacker from doing harm or profiting from your losses, and there’s no prize for delaying that, so try it once or twice and then start the process of resetting.

5. Go beyond passwords

Sometimes it’s not enough to know a secret word or phrase. For greater security many services are requiring a second and third layer of proof before allowing access. This may be a temporary code generated by a smartphone app or a fob device (Google and Microsoft do this), a single-use code texted to a number you’ve set up (Yahoo and Twitter), confirming a secret (Verizon and many “password reset questions”), or other keys (fingerprint readers on smartphones and laptops).

If the service offers these options, use them! If they don’t,  pester them to take your security seriously and add these extra layers as soon as possible.

6. Take the good old advice too

While some of the thinking around passwords has changed, there’s a lot of old wisdom that still applies:

Avoid guessable information like the names of loved ones or milestone dates in your life

Don’t use a password you’ve seen as an example elsewhere

Don’t tell anyone your passwords

Keep your account and contact information up to date

My apologies for the length of this post – and I think I’ve barely scratched the surface of account security. Oh, I could go on and on…

Bike School for Groundhog Day, 2017

Hello again, #BikeSchool! I - @darsal - am picking up the chalk tonight just as soon as I wipe all the al pastor off my beard.

Before we kick it off, a refresher: I will ask a buncha #BikeSchool questions in the next hour. They start with ***Q#

Respond if you wish. No #BikeSchool penalty for "wrong" answers, so go for it. I may even give bonuses for good tries! (Likes, probably.)

(If I miss anything good, please give out your own #BikeSchool likes. Which worked much better when likes were gold stars...)

I really like Twitter’s “quote retweet” for #BikeSchool answers because it’s a lot easier for people to see just what you’re answering.

But, whatever. Always include the #BikeSchool tag, or we won’t see your good words.

And with that out of the way, here we go with #BikeSchool - the groundhog day edition!

***Q1: Groundhog day = 6 more weeks of winter. What’s still on your winter riding bucket list for this year? #BikeSchool

***Q2: Groundhog day = boring, routine. Like some winter riding routes, unless you know the following tips - class? #BikeSchool

***Q3: Groundhog day = same clothes all winter. Any surprisingly useful new items in your wardrobe this year? #BikeSchool

***Q4: Groundhog day = a fun movie! Have you (or your bike) ever been in one? (Advocacy counts!) #BikeSchool

***Q5: Groundhog day = a traditional meal. (The ‘hog!) Do you change your diet for winter rides?  #BikeSchool

***Q6: Groundhog day = finish up those “off season” maintenance tasks. Any big upgrades under way now? #BikeSchool

***Q7: Groundhog day = okay, there is no “off season” - but are there routes you avoid until spring? #BikeSchool

***Q8: Groundhog day = some people prefer winter I suppose. What will you miss about winter riding? #BikeSchool

***Q9: Groundhog day = spring is coming! What’s your surest sign winter biking is behind us? #BikeSchool

Longest night

Today is not only the shortest day of the year, it's also the longest night. People all over the world celebrate this fact on December 25th, the date when nights begin to shorten again. It is therefore halfway through bike light season. What better time to write a few light thoughts?

For a few years I've been very happy with my Exposure Diablo light. It's very small, devastatingly bright, and can be mounted on either my handlebars or my helmet. On the helmet I can aim it directly where it will do the most good, which is sometimes directly into the vision of someone who might not otherwise know I'm there. But mostly I keep it on my handlebars, and the battery life is fairly short on retina-searing settings so I save those for off-road use.

Mine still works as good as ever mostly, but the switch is a bit fiddly and hard to turn off sometimes. It came with a quick-release mount that has worn and now rattles, as does the second one I got so I could use one light on two bikes. I have the third version of this awesome light, which is now up to version seven, and I was considering replacing my old one with the latest model until I looked at the current price. Yow!

So I turned the the universal catalog to see if any alternatives exist, and I'm happy to share the one I've been testing.

WindFire Wf-501B, with charger and mount

This generic flashlight puts out just about the same light as my good old Diablo, both in intensity and beam shape. The included clip works fine and is easy to move from bike to bike. I use it under my handlebars in a way that might knock the light loose if I hit a big enough bump, but so far it has held on. (I loop the little string around my bars so the light will stay with me even if it falls from the clip.) Runtime is excellent, and it uses a swappable rechargeable battery (the widely available 18650 lithium cells, same as used in Tesla car battery packs and flame-throwing "hoverboards") so if I do run the battery down I can get back to full charge in about a minute and/or keep very warm*. And the price, including the light and clip and one battery and a charger, is less than an extra mount for the Exposure.

It's not a perfect Diablo replacement. My Exposure light can be put into one of nine program modes, which each has two or three intensity settings, while the flashlight has a simple high-medium-low-fastflash-SOS loop. Some current models of Exposure lights have wireless remote switches - great for finding my bike in a huge parking lot, but this light has a simple clicky-button with a rubber cover. The teeth on the clip seem to want to make it point just a little off straight ahead, or maybe it's just my handlebars. There's no helmet mount. While the construction seems solid, I'm a bit skeptical that the manufacturers of this little gem fully appreciate the rough life a bike headlight lives, so I half-expect this light to die after some random bump or fall. At this price I won't be too sad - and I've already purchased a second to use as a flashlight around the house and an emergency backup headlight when this one fails. This light includes O-ring seals that appear adequate for water resistance, but I haven't tested that in anything other than light rain, so I'd at least try spraying it with a hose for a while before heading off on the next "48 HOURS OF TYPHOON CLARABELLE, WE'RE ALL GONNA DIE" ride with Pete Beers.

Summary: this is a good bike light with some great convenience features at an incredible price.

* I'm kidding. The hoverboard fires are mainly due to misuse and abuse. Battery instructions clearly explain that the cells may be hot after use or charging and should be allowed to cool before charging or use. Damaged batteries should be taken out of service immediately, but the hoverboard instructions don't explain how that's supposed to be known or done. The light and charger don't move power fast enough to create the same heating problems, and the batteries aren't kicked around in the light as much as they might be with a hoverboard. 

Stravistix for Strava

When I used to use simple cyclometers to see my speed and distance while riding, that seemed to be plenty of data for me. I'd put one on the bars and look at the screen to know everything. It started getting complicated when I added other bikes, with different tire and wheel sizes. I fussed with changing the calibration for a while, which was a hassle. More often than not I simply skipped the whole deal, but I missed keeping an eye on those basic stats.

When switched to a GPS computer that I could move from bike to bike, everything changed. And when I figured out how to get that data into Strava, I gained insight into a lot more information about how I ride.

Now I've added another dimension to that, thanks to Stravistix. This is a browser extension for Chrome and Opera that enhances the standard Strava web page with several convenient features such as expanded map options, quick links to Velo Viewer and RaceShape, and a few options to customize what's shown.

Southeast Boulevard Bike Tour

While DDOT sorts out plans to build more Capitol Hill in the footprint of the former Southeast Freeway, the space has temporarily been restored for use as an east-west connection between 11th St. SE and Barney Circle (Pennsylvania Ave.) SE.

Area overview

It's disappointing to defer this opportunity, though it's unclear how much of a setback the new configuration is. The old freeway was an extension of the busy 295/395/695 complex, but this version has a stoplight at 11th. It looks very similar to the old freeway and even uses some of the original pavement. It doesn't create new livable space, doesn't connect anything to the residential surrounding, but it isn't the same old raceway.

But can bikes use it? Let's see...

Coffeeneuring 2014

Coffeeneuring turns four this year. Not coincidentally, this is the fourth year I've participated in this event. It's not a difficult challenge: ride a bike more than two miles round trip to get coffee (or another seasonal beverage), seven times over a seven week span. Also, document the rides in photos and words.

One change from previous years is that I didn't do it alone. Where in the past I tried to fit these rides between other life events, or occasionally sought company from people who were not attempting the series, this year I rode all seven rides with a single partner. I can attribute this change to several factors, but the biggest is that this year Jean and I have a tandem bike. So, this is a team entry to commemorate our team effort.

The biggest change though is that I (we) actually completed the challenge! The other years I've participated, somewhere between life and other things I either didn't make enough trips or didn't ride far enough - or more regularly, didn't fully document the outing.

Thus I present my first official, complete, and thorough Coffeeneuring report - after the jump.

Mugging, 2006

I chased down a mugger once. I heard a yell from across the street. Looked out and saw two kids pulling a bag from a woman.

I saw them run in two different directions. I jumped into a pair of shoes and rushed outside to follow one at a distance.