Because of bots, websites need a way to verify that only humans are signing up for their services. They need to ask a question that humans can answer but computers cannot. Enter the CAPTCHA. CAPTCHAs are those squiggly letters you’re asked to enter when you signup for things online. Here is an example:

A recent estimate suggests that 60 million CAPTCHAs are solved by humans each day— that’s a lot of reading and typing! The folks at reCAPTCHA have decided to put all that human power to work. Using their service, you enter words taken from books that have been scanned in but couldn’t be converted by a computer. The system turns both words into CAPTCHAs for you to solve. It knows the answer for one of the words but not the other. Since humans can read better than computers, you’re actually helping to digitize books and preventing spam.

You can help the book digitizing effort by adding reCAPTCHA to your site. You can use it to protect your email or your blog’s comments section; reCAPTCHA makes implementation easy.

Hear more about reCAPTCHA on a podcast from the Museum of Science in Boston.

Hear an in-depth discussion about CAPTCHAs on Security Now—a podcast by security expert Steve Gibson. (Episode 101- the discussion starts at 33:47)

If the idea of writing down a password conjures up scenes from Wargames and Ferris Bueller’s Day Off, don’t worry—it’s really not a bad idea.

It is better than choosing a poor password. The Dalebert comic (below) is not too far from the truth. Here is a recent list of the 10 most common passwords:

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. link182
10. (your first name)

Yikes!

Security guru Bruce Schneier writes:

People can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down… writing down your impossible-to-memorize password is more secure than making your password easy to memorize.

He’s not alone. Microsoft’s Jesper Johansson made the same suggestion.

Another suggestion that I like comes from security expert Steve Gibson. During his podcast Security Now, Steve explains:

Most people have never taken some time to create their own policy, their own personal password policy. They’re on the web, they’re doing something, and suddenly something says, okay, give me a password, create a password. And so, you know, they think of – they just do the first thing that comes to mind, whatever that might be. And so I wanted to take some time to discuss the issue of passwords and cause our listeners to sort of say, okay, wait a minute, this is an important thing. I’m going to, you know, take five minutes and figure out what I want to do about this, rather than continuing not to think about it and not to think that it’s important. Because I think it arguably really is an important issue.

Steven suggests that you create a little algorithm that helps you create a new password for each place you log into.

…take every other letter from the domain name, or every third letter. Come up with a rule for capitalizing them. Swap some letters around. You know, just sort of make up your own algorithm – and you don’t share with anybody else, and don’t use anything that I’ve talked about on the show, of course – and use that to create a password. Maybe take the name and, like, mix in the year of your birth, alternating that with the letters.

Steve talks about passwords in Episodes 4 and 5 of Security Now. I used Audacity to splice together the good parts into one show. Give it a listen.

His site also provides:

• a list of favorite passwords-related utilities and
• the Ultra High Security Password Generator.

When you think about all the important and private things that your passwords protect, you owe it to yourself to give passwords some thought.

Maybe the folks at ClaimID can help. Their website states, “ClaimID is about letting you have some say in what search engines say about you.”

ClaimID lets you take credit for the information that search engines associate with your name. It also lets you state what things are not about you. (learn more)

See an example.