Friday Humor

If you think engineers are difficult try talking with a mathematician…

An engineer, a lawyer, and a mathematician are traveling through England on a train.  The engineer looks out the window at a passing farm and says “Look, the sheep in England are black”.

The lawyer promptly replies, “we do not have enough evidence to support your statement, all we can say is there is one black sheep in England”.  The lawyer then leans back with a smug look on his face at finally having gotten back at the engineer for always using technical jargon and precise words.

The lawyer waited to see how his friend would respond.  The engineer calmly looked at the mathematician and said “I believe this is your department”.  To which the mathematician replied “strictly speaking you are both incorrect as all we can say is there exists at least one sheep that is black on at least one side in England”.

Friday Humor

They were using the same words but were not speaking the same language…

A computer programmer is wrapping up work for the day when his wife calls and asks him to stop at the store on the way home.  She says “I need a gallon of milk and if they have fresh eggs get a dozen”.

The programmer comes home with 12 gallons of milk; his wife looks at him like he is crazy and says “what are you thinking, why did you buy 12 gallons of milk?”.

He looks puzzled and says “because they had fresh eggs”.

Friday Humor

Engineers are natural born problem solvers…

During the French Revolution a priest, a merchant, and an engineer are to be executed for helping the aristocracy.

As the executioner leads the priest to the guillotine he asked if the priest has any final wishes.  The priest says rather than be placed face down in the guillotine he would like to face up toward heaven and his God when he dies.  The executioner agrees to this request.  The rope is released, the blade falls, and stops an inch above the priest’s throat.  The executioner says “I’ve never seen this happen before, it must be divine intervention” and declares the priest is free to go.

Next the merchant is led up to the guillotine and says he too would like to die facing heaven and God thinking the faith the priest had might spare him as well.  Again, the executioner agrees.  Again, the rope is released, the blade falls, and stops an inch above the man’s throat.  The executioner declares the merchant is free to go having been found innocent by God.

Lastly the engineer is led to the guillotine and he also wishes to be placed face up like the others.  While lying there considering this fate he suddenly exclaims “there’s your problem, there is a large knot in the rope”

Friday Humor

There is a lot of truth in humor…

I recently found this joke and wanted to share it with everyone.  I don’t know who originally wrote it to give proper credit.  To that anonymous person, thanks for giving me a laugh.

A man flying in a hot air balloon suddenly realizes he’s lost. He reduces height and spots a man down below. He lowers the balloon further and shouts to get directions, “Excuse me, can you tell me where I am?”

The man below says: “Yes. You’re in a hot air balloon, hovering 30 feet above this field.”

“You must work in Information Technology,” says the balloonist.

“I do” replies the man. “How did you know?”

“Well,” says the balloonist, “everything you have told me is technically correct, but It’s of no use to anyone.”

The man below replies, “You must work in management.”

“I do,” replies the balloonist, “But how’d you know?”

“Well”, says the man, “you don’t know where you are or where you’re going, but you expect me to be able to help. You’re in the same position you were before we met, but now it’s my fault.”

Beyond Passwords

The time has come to move beyond passwords for protecting our accounts.

As a final comment in the password security series I have been doing I thought I would share something called Two Factor Authentication (2FA) or more generically Multi-Factor Authentication (MFA).

What is 2FA/MFA?  In non-technical terms is simply means that you need to provide two or more forms of identification (the factors) to prove who you are (the authentication).  The factor typical fall into three categories:

  • Something you know (knowledge factors) – such as a password
  • Something you have (possession factors) – such as your phone
  • Something you are (inherence factors) – such as your fingerprint

While 2FA/MFA sounds complicated, it isn’t.  Most people have used a form of 2FA without realizing it.  When you check into a hotel you are given a room key (something you have) and a told a room number (something you know).  Without both factors you cannot get into the room.  This protects you if you lose or forget your room key at the pool.  Sure, a criminal could try the key on every room until they found the right one but it would slow them down – hopefully long enough for you to realize the key is missing and notify the hotel office.

2FA/MFA for websites works in a similar way.  When logging in you typically provide your password as you normally would, then the website will text a code to your phone (or call you with the code).  You must enter that code to complete the login.  The password is the something you know and the phone with the code is something you have.  It is unlikely that a criminal would know your password AND have your phone.

There are variations on how this works where the “something you have” is a Smart Card or token provided by the website rather than your phone but these are typically not used for consumers due to the cost.  High security environments may use biometric scanners (fingerprint, retina scanners) in place of something you have or something you know or as a third factor – a fingerprint reader that requires a password and a code sent to your phone.

For more details on MFA please see:

A number of websites have started offering 2FA/MFA as an additional protection for your accounts.  If you are interested in using 2FA/MFA to protect your accounts see for a list of websites that support 2FA/MFA.  You can search by name or by category.  If the site you use doesn’t currently support 2FA/MFA you can click a button asking them to support it.

Give 2FA/MFA a try on few accounts and see if it is right for you.  Strong passwords, non-standard security questions, and 2FA/MFA are the foundation of on-line account / identity protection.


I forgot my password

The best password in the world can be defeated with the information you post on Facebook.

It happens.  It is hard to remember everywhere you have passwords not to mention remembering the passwords themselves.  This is why many people use a single password for everything.  If you missed it, see my previous post for why this is a bad idea.

Most sites have a “I forgot my password” link you can use to reset your password if you forget it.  Many sites require you to answer security questions before they will reset your password.  By answering these questions correctly you prove your identity.  These are questions you provided answers for when you created your account.  Common security questions are:

  • Who is your favorite actor, musician, or artist?
  • What is the name of your favorite pet?
  • In what city were you born?
  • What high school did you attend?
  • What is the name of your first school?
  • What is your favorite movie?
  • What is your mother’s maiden name?
  • What street did you grow up on?
  • What was the make of your first car?
  • When is your anniversary?
  • What is your favorite color?
  • What is your father’s middle name?
  • What was your high school mascot?

These questions allow you to gain access to your account the same as the password so you need to protect them as you would your password.  The idea behind these questions is that you are likely to remember the answer but someone else would have a hard time guessing the answer.

Unfortunately, that is not always the case.  According to the FTC 8.3 million people were victims of identity theft in 2005; 16% of those people reported that they knew the person who used their identity without permission.  The problem has only gotten worse since then.  Family members, friends, roommates are all likely to know the answers to at least some of these questions.

As bad as that is, complete strangers may be able to guess the answers to these questions.  People share a lot of personal information on social media.  Read the list of questions again and think about what you have shared.  Do you follow your favorite actor or musician on Facebook or Twitter?  Have you “liked” them?  Did you list where you went to school?  If you listed your home town a simple search will find the names of all the schools and their mascots in the area.  Have you listed your birthday or anniversary?  Are you friends with your parents?  If so, someone may find maiden or middle names easily.  What about posting a picture with your pet and including their name?

You get the idea.  Very little is truly private anymore.  It is either a public record that can be searched or we share it without thinking about the possible consequences.  By guessing the answers to your security questions criminals can hijack your account without knowing your password.

So, what can you do?  If the site lets you create your own security question consider doing that.  Think of a question that only you would know and is it not something you would post online.  For example:

Q: What color shirt was I wearing when I fell in the river?

A: White

If you are limited to pre-determined listed of questions you can do any of the following (assume the question was “What was your high school mascot”):

  • Add punctuation to the answer – Tiger!
  • Add numbers to the answer – Tiger88
  • Misspell the answer – Tyger
  • Spell the answer backwards – Regit
  • Do all the above – Regyt88!
  • Make up an answer – Green Mustache

Remember, the computer has no idea what the “right” answer is.  Whatever you provide is the “right” answer.  There is no rule that says it has be the real answer.  As long as the answer you give when you forget your password matches then answer you gave when you created the account you are good.

If you follow this approach you need to remember which method you used so you can reproduce it later; just what you needed, something else to remember.  You could use the same answer for every question so you can remember it but this is as bad as using the same password everywhere.  You could just make sure you use the same method, that would be more secure than giving the standard answer each time.  The best solution is to record the security question and your answer in the notes field of your password manager.  This gives you the best security without having to remember anything.

You may think this being paranoid or overkill.  First, I would remind you of one of my favorite sayings “Just because you are paranoid doesn’t mean they aren’t out to get you”.  Second, you need to think about this from the criminal’s mindset not yours.  Most people see a locked door and a sign that says “Authorized Persons Only” and move on, criminals see that and start thinking about how to get around it.  You need to protect yourself.