Monday, June 23, 2008

Password (mis)management

Companies are using password policy managers (software! not people) extensively to safegaurd users from password leaks.

However, I believe that these software’s are not serving the purpose at all!
Just take a look at the rules which need to be applied for making a password 'uncrackable'!(The following password policy is actually in place in a lot of companies!)

Password requirement
1.Minimum Password Length - 8 characters (Compulsory)
2.Maximum Length – (no limit defined)
3.Passwords should contain all the following four types of characters:
a.English Lowercase (a to z)
b.English Uppercase (A to Z)
3.Numbers (0 to 9)
4.Special characters such as!@#$ %^&*(){} []
e.g. !deas1sT (ideas first) – ya that is a password! I hope u can remember something like that!
4.Passwords are case sensitive and the user name or login ID is not case sensitive.
5.Require three number of unique passwords before an old password may be reused.

And to top it all, users are prompted to change the password every month! (sometimes every week also!)

Now, with these “simple” rules in place, it becomes a pain in the ass to devise a password (try to make one based on the rules and you would spend more than 10 minutes figuring out the errors it keeps throwing!!)

So the easiest option available to users is – Retaining the default password! And just imagine when every user in the company does that!!! You have a scenario of ‘one password for all’ defeating the whole purpose of a “safe and secure” password.

Yes, now you would think that the users would definitely make an effort when the system prompts them to change the password. The answer is NO..Never! They get away by adding a suffix or a prefix to the default password (no prizes for guessing the suffix or prefix here!!!).

However, this doesn’t mean that there are no intelligent users. But I am sure these users would be a minuscule population. The larger question is the sustainability of such password policies in corporate circles. I simply don't understand the need for such policies, when on the other hand we have the google, microsoft and yahoo's of the world mangaing it pretty well with simple password rules.

Wednesday, June 4, 2008

Yaari - fighting to stay alive!

I dont know how many of you would be aware of Yaari - a social network which was targetted at the indian youth junta launched almost an year ago. It was anyways very difficult to survive in the clutter of social networks that came up with the sucess of Orkut and Yaari also faded into the .

The website has recently undergone a transformation- the site now comes across as a dating/flirting site. They also draw "inspiration" from HotorNot big time! One thing i have always appreciated is how well indians "cut-copy-paste" business models (maybe i should write something on this in the future!).

But overall, i dont feel the website will take off even after this re-packaging.
(1) I am not sure how many people would be willing to get rated HOT or NOT in India atleast! (would you do it? and girls? and if girls dont upload pictures, why would boys log in?).
(2) And i also tried searching for girls to just check (seriously!) - some random pics were uploaded!...and i was rather disappointed! Success would depend a lot on this factor.

Anyways, lets see if they can make a mark this time.

Thursday, June 7, 2007

Google: Taking Advertising to a new level!!

How many times do we use Google Search in a day? and everytime we get to see the 'Sponsored Links' and Google makes money.


Google has introduced a 'call feature' in the sponsored links increasing the utility of these links manifold. However i believe the feature is still in the test/beta mode because not all searches return such advertisements.


Using this feature, Google can call your phone for FREE(!!) and connect you to the company (which has advertised). Take a look at the screenshots.




I believe this model ( Cost per Call) is set to 'complement/compete' with the already established CPC (Cost per Click), CPM (Cost per impression) and CPA(Cost per Action) models.
A friend of mine working with Google has confirmed these reports. And more importantly Google is planning to launch this advertising model first in India and not US!! There are many other new products in the pipeline from the Google stable which shall see the daylight in India first!!