I come to you today a recovering password management hypocrite.
I have over 190 accounts and logins for which a password or PIN is a part of my access: website tools, online banking, social media, email, internal company tools at Summersault, and so on. I used to pretend that I was maintaining the security of these accounts by having a reasonably strong set of passwords that I re-used across multiple sites, sometimes with variations that I thought made them less likely to be broken into if someone did happen to compromise one of my accounts.
But as I prepared to give a talk in December about email privacy and security issues, and really stepped back to look at my own password management scheme, I realized just how much pretending I'd been doing, and just how vulnerable I was making myself to the increasingly well-equipped and highly-automated attempts at compromising accounts, stealing identities and stealing funds that are being launched every day. I went and tested some of my passwords at the Password Strength Checker, and I was ashamed. The potential impact of this really hit home as I read Mat Honan's personal tale of woe and his follow-up piece Kill the Password in Wired magazine. Add in Passwords Under Assault from ArsTechnica and you'll be shaking in your boots.
So I decided that I was not going to be that guy who goes around telling people about how vulnerable they are with their simplistic password schemes while quietly living a lie in my own password management scheme. I might still be hacked some day, but I would not be found giving some teary-eyed interview to Oprah where I whined about how the pressure of the 190 accounts to manage just got to be too much and how I knew using a simple dictionary word plus a series of sequential numbers was wrong but I still didn't do the right thing.
That's when I found 1Password from AgileBits, a password management tool that alleviates the horrors of password management.
In reading the Gallup book First, Break All the Rules: What the World's Greatest Managers Do Differently, I encountered their list of questions that, when answered by close to 200,000 employees across almost 8,000 business units in different companies, turned out to be a good measure of organizational dynamics that led to lower employee turnover, higher productivity, and higher customer satisfaction.
At their core, the questions are asking an employee whether they feel their strengths are being used every day at their organization. The questions are simple and applicable across a lot of different kinds of organizations; I've listed them out below.
Using the free open source software LimeSurvey, I set up the questions in an open ended online survey on Summersault's Intranet. Around twice per month, a randomly selected subset of the staff get an automated email invitation to answer the survey, anonymously by default but with the option to provide our names if we want.
In late 2011, I noticed a Kickstarter project to support the creation of a portable wi-fi sensor device called Twine. I was already a fan of Kickstarter and its model of crowd-funding the development and implementation of great ideas, be they for gadgets, business models, artistic creations or otherwise. The idea behind Twine struck a particular chord: "connect your things to the Internet."
Yes, there have been Internet-connected things coming out all over the place for years now, and pretty soon the average consumer of household products will find themselves in a store aisle asking, "what do you mean this model doesn't connect to my home network?" But most of these network-connected devices are using their own proprietary standards and protocols for having those "conversations," and often the information being transmitted is only available through some specialized website or smartphone app. Just like all of the web services you now have individual accounts for, you'll have your toaster username and password, your refrigerator username and password, your lawn mower username and password, and so on.
In contrast to this trend, I was excited to see that Twine was an Internet-connected sensor device designed to be tinkered with, expanded upon, customized and fully integrated in whatever way you could imagine. Almost as soon as the project was announced, the creators were receiving fun and useful ideas for how Twine could be used; clearly there was an unmet need (you know, in that first world sense of the word "need") for a device like Twine.