Stop With the “Change Your Password” Ritual

In the past few months, we heard over and over how big corporations such as Sony and Anthem have been hacked and customer information stolen. It’s not just information for one or two folks but thousands, even millions. And you know what? This happened regardless of what YOUR personal password was! In fact, what I’m going to suggest is that whenever someone with whom you have an account asks to keep changing your password “for security reasons,” you should change it to “Bullshit!”

Hackers are not interested in my password for the Speech Dudes site. They really are not. Any hackers who are going to spend hours and hours trying to break into this account so as to upload a picture of a skull-and-crossbones and say “Yah boo sucks, Dudes, you’ve been hacked” are one card short of a deck; two fries short of a Happy Meal; three sandwiches short of a picnic. Their lights are on but no-one’s home; their elevator doesn’t go to the top floor; and their cheese has slid so far off the cracker that their collective intelligence can only be matched by that of a shed-load of broken garden tools.

Just last week I wanted to check my recent health insurance bills from United Medical Resources (UMR) only to find that before I could, I have to change my password “for security reasons.” Fair enough – except that this is the third time in a year I’ve had to do it. And what’s more, I can’t use ANY of the past 10 passwords I’ve used, which means I have to invent new ones every time.

This “you cannot use any of your previous 10 passwords” is also an irritation because it (a) forces me to create yet more mindless character strings than I need to remember and (b) tells me that the Grand Keeper of the Passwords at UMR has a list of all my previous ones. “Someone” is tracking my passwords! And if “they” are keeping my passwords, and “they” are hacked, I’ve not just lost my current password to hackers but all my previous ones – which may in turn include ones that I am still using for other accounts.

Some sites have now introduced not just the password but some stupid picture that is supposed to help; by making you now remember both a password AND a picture! And hey, hey, hey, it’s not just pictures: my friend Kara has an account where they also include what they call a “personal security phrase,” which in her case was “devoted corn.” Devoted Corn! I’d love to stuff that devoted corn down the throat of the person who came up with that idea!!! So now she has to remember her password, “devoted corn,” and her “personal image.”

All I can take from this madness is that I bet the sale and use of sticky notes has gone up significantly over the past five years because let’s get real and acknowledge what people actually do with regard to passwords:

They make a list.

Sure, you might have a list that you store in an encrypted format using a piece of software (presumably written by the folks who have developed these password/image/personal-phrase systems) but you’re still making a list. And when folks like UMR and Apple stop you using previous passwords, you can’t even have the option to have just one “open sesame” for all your accounts. Apparently that’s a bad thing. But that didn’t help all the folks who had accounts in 2014 with Sony, Target, Anthem, Neiman Marcus, AT&T, eBay, PF Chang’s…

It’s the hacking of all those big, international corporations that points to where the real danger lies. It’s not from some guy in Russia [1] trying to get MY personal password for Chase Bank, but from some guy in Russia trying to get ALL the passwords for Chase Bank at a corporate level. The personal password might make me feel safe but the evidence is that I’m no safer having the word “password” for all my accounts than someone who has “XX345Xbbg$3iOO” and anagrams thereof for every single account they use. During my recent trip the ATIA 2015 conference at the Caribe Royale Hotel in Orlando, Florida, myself and a number of other colleagues had their credit card numbers stolen, with all evidence pointing to someone having access to the desk at the on site Cafe (the only place where we all used a card). No passwords were involved, just the opportunity for someone to see numbers in a hotel system [2], and opportunist theft is something that can happen to anyone.

“But the Emperor has no clothes!”

The danger I face from having “Captain Danger” as my one and only password for all my accounts is not that some hacker will work it out. The danger is from having an account in the first place with a company whose security system is lacking. If they employ highly paid so-called “security experts” whose answer to breaches is to tell all their customers to change their passwords, I suggest they recognize them for what they are – Naked Emperors. Get them to do their job and make the system secure or sack ’em and employ some East European hacker to bolster up your website and pay them with a subscription to XBox live for a year and a free download of Grand Theft Auto 6 – although there’s a good chance they’ll hack a pre-release freebie long before the product is released to paying customers.

I want three, maybe four, passwords for all my accounts. I want them to last forever. I want to be allowed (yes, it’s my choice, after all) to use whatever characters I want no matter how simple, stupid, or “obvious” some over-hyped security expert thinks it is. And I want my health insurance company (to whom I give lots of cash), my bank (to whom I give lots of cash), and my wireless phone company (to whom I give ever-increasing amounts of cash), to get their acts together and stop trying to blame me for being unable to handle passwords when they seem unable to protect their own systems.

Rant over. Let the flames begin!

Notes
[1] Before any Russian readers decide to hire a hacker to crash this blog because they think I’m being unkind to them, I use the example of Russian hackers because according to a 2013 article from the Gartner Group, it is “fairly well-known  by most security professionals that the best hackers on the planet often originate from Russia.” Deutsche Telekom has a fascinating little site that tracks real-time hacks across the world (http://www.sicherheitstacho.eu) and during January 2015, China took first place by a wide margin, with the US taking silver, and Russia slipping down to a mere bronze. Another fascinating “live attack” site comes from the company Norse, and if they were to create a live wallpaper based on their http://map.ipviking.com map, I’d be using it!

[2] I’d be curious to hear if any other fellow attendees experienced card theft. I wrote to the hotel to alert them to the multiple thefts but heard nothing back – which may be expected because no-one wants to admit to having lax security.

 

Stop with the “Little Words” grab-bag in AAC

I have a proverbial bee in my bonnet today related to the sloppy way that some folks seem to think that designing an AAC system is just a matter of (a) collecting a list of words, (b) adding a set of pictures, and (c) sticking them on pages. This is errant nonsense, positively dangerous, and, after over 30 years of living in a world where AAC systems have been in operation, a sad indictment of how little we appear to have learned. Is that strong enough for yah?

Angry Bee

The number of popular press articles that have erupted in the past year or so about how the iPad can be magically used to provide “voices for the voiceless” is staggering. What’s more staggering is that you’d think nothing had ever been done prior to the iPad – as if Steve Jobs (all praise unto His name) invented AAC. Why, one article was positively gushing about how a doctor (it’s always a “doctor”) had invented a new program where he had a page of pictures that – gasp! – spoke recorded messages when you hit a key. Awesome! Who’d have thunk it? [1]

Those of us who’ve been in the field most of that 30 years have typically adopted the perspective of “well, this is raising the awareness of AAC to levels unknown” and “a rising tide raises all boats.” But are we so sure? Do we really think folks are getting some “better deal” because of the 100+ apps that are now available as “AAC solutions” – all of which claim to be The Answer, often supported by little more than some flashy words culled from linguistics and speech science, such as “core,” “morpheme,” “word,” “cognitive,” and, my favorite, “intuitive. Toss in lots of exclamation points [2], a YouTube video of some poor kiddo having their face thrust into an iPad, and bingo… AAC in a box! I hear the product “experts” at Best Buy and the Apple stores are now recommending AAC solutions based on their years of experience in the field. [3]

Which brings me to the topic of linguistic grab-bags as an excuse for avoiding thinking about teaching language.

There are several AAC offerings out there that use a folder/page/list labeled “Little Words.” This turns out to be shorthand for “I don’t really know where to put them so let’s toss ’em all in one bag.”

There is no particular rationale for these little words other than they are, well… little! And by “little” I mean have few letters. And by “few” I mean somewhere between one and five. So this effectively means we have a collection of words defined as “words with five letters or less.” That’s it. Where is the linguistic coherence here? Are we teaching language or not? If we ARE teaching language – and I’d like to think we are – then putting if, in, is, and it together as “little words” is so tragically far from useful as to be almost negligent.

If we’re OK with also having at, by, of, and be as little words, why not toss in ax, we and me? And once you allow a three-letter word to be classed as a “little word,” your box gets full to overflowing. I’ve seen the and that in the “little word” box, so I see no logical reason why bat, mat, bug, rug, bit, pit, sit, shy, cry ad nauseam shouldn’t be included.

Ah, someone might want to say, but we wouldn’t include bat, mat, bug, rug, and pit because they are THINGS and we can put those in a different folder/list/box. The good news is that now you’re starting to think linguistically, and I’m going to agree with you. But why only do half the job? Why not apply that thinking to your entire vocabulary set?

You see, if you only do half the job, you end up with your “little words” box containing all the words that you couldn’t fit somewhere else. It becomes the Island of Misfit words, a sad collection of poor little lexical orphans with nowhere else to go. [4]

The reality is that little words typically do have somewhere else to go. The trick is to decide where they go and to reflect that within the system you’re designing. In my original list, if can shack up with other conjunctions; in plays nice with other prepositions, is is a verb, and it can cuddle up comfortably with its close friends, the pronouns.

There is no need for “little words.” There is no need for “grab bags.” What there is is a need for rationale, intelligent, informed thinking based on what we know about language and what we’ve learned over the past 40+ years of AAC.

And shame on us if we don’t shout this out loudly for fear of being labelled reactionary, old-fashioned, out-of-touch, or plain wrong. If you’re claiming to have a “good” AAC app and you have a “little words” package, my question is simple…

Why?

Notes
[1] For the hard-of-thinking, let’s get one thing cleared up right now: My beef is not with the development of solutions for technology, whatever that technology may be. I’m all for it. Why, I have more technology in my room than Lindsay Lohan has rehab appointments. My beef is with poor, misleading, and “tossed-together-because-it-seems-easy” solutions. There are a some very good solutions to a range of speech and language problems out there – and that includes non-AAC offerings – but frankly, there’s more junk than substance. Catch me at a conference, buy me a drink, and I’ll name names and give you specifics, but I ain’t gonna get into an online slanging match with individuals. But you know who you are!

[2] I’m willing to bet that there is an inverse relationship between the number of exclamation points used in an article and its veracity (that’s “truthiness” for the Stephen Colbert fans.) When you see anything that includes such typography and words as “New!!” “Faster!!!!” or “Game Changing!!!!!” take a deep breath and move on. “Sober marketing” is an oxymoron and if something smell like a 3:00 a.m. infommercial, it probably is.

[3] If you’re skeptical of this claim, try this: go to your local Best Buy, grab a random blue-jacketed employee, and ask them to show you an iPad. Then ask them if it could be used with someone with a “speech problem” or even “autism.” See what happens.

[4] At this point, I have visions of a cartoon version of An Officer and a Gentleman with the Richard Gere character played by the word of, sobbing uncontrollably in front of a drill sergeant crying, “Don’t you do it! Don’t! You… I got nowhere else to go! I got nowhere else to g… I got nothin’ else.”