The Danger of Fingertip Memory
In the same vein as Deleting saved form entries on Firefox, I’ve noticed a bad habit I’ve developed recently of typing my password when no password is needed.
Most recently, and most tragically, I was mindlessly leaving a comment on a friend’s blog, a typical WordPress install that requires a name, email, and url. Except my fingertips apparently thought I was logging into Gmail and typed my name, email, and password—and then immediately hit submit! Ugh. Suddenly there’s my strong password sitting out in the open, live on the web for all to see (as if it was my blog’s URL), e.g. http://myp4ssw0rd!/
Now chances are anyone who stumbled upon that would have seen a jumbled array of characters and thought I sneezed instead of entering my URL. But I didn’t want to risk one clever or curious person who might have tried to use it to login to my Gmail account, or my blog, or about 5 other places I used that password—all of which I’ve now changed.
I also find myself mindlessly entering my password at the command line in Ubuntu. I’ve gotten so used to sudoing commands, that sometimes I forget I’ve already sudoed, and I’ll enter my password at the command line right after running a sudo command. Oops. There’s probably a lot of mineable passwords in the .bash_historys of the world. I wonder what my sysadmin friends do/recommend when that happens…
Kill the current bash process with -9, to keep it from writing out .bash_history.
If that fails, vi .bash_history, then log out and log back in. You’ll also need to delete your vi status files, as it tends to keep the last killed line for future yanking.
Not that I’ve done this enough to notice as well.
(And, yes, I really need to figure out the compomise between static html and comments on my blog. Alternately, I can get better at emailing people back, but it’s hard to balance life/work when starting a new gig. Sorry about that =\)
Ha! Thanks. And I’ll more than settle for the random blog comment. I guess I’ll just have to write more hacker/sysadmin-bait posts…
I found your blog when “san francisco neighborhoods” in the google bar brought up a map you posted in 2006. It was helpful, thanks. I wanted to commiserate with you briefly on the password dilemma… I just locked myself out of my hotmail account and so turned to gmail. But anyway, my strong password was strikingly similar to yours (if that was the real one) exclamation and all. I also locked myself out of my alaskaair account (not as frusterating) but I couldn’t answer my own secret question– “what’s my favorite animal”. Seems weird. I took a couple stabs, 4 or 5, all wrong, wrong…and so called Alaska…first thing out of my mouth was “I don’t know what my favorite animal is!”.
Kelly, ha, well glad the neighborhoods post was helpful. Actually that was not my password, just one I made up. Btw, googling for password generator is a good source of helpful password suggestions.