How hard is it to just walk away when a script tells you to or even forces you out for 1 minute or so? And besides that I know dvorak (I could pick another lay-out), most of my passwords are muscle-memory. I don't actually know them. I once saw a password of mine somewhere in a saved passwords list, thinking it was one I must have used once and then forgotten, but it turned out (after trying it) that I type it almost every day. It also wouldn't be the first time that I have to lookup a keyboard layout to login to our router.
Yes, passphrases are probably a better idea, but by the time I realized this I already had enough strong passwords remembered. Most of my passwords are also designed to be fast to type (on a qwerty keyboard, that is) while still providing enough entropy, so passphrases would be slower.
Anyway, this tool won't work for me, and it looks a lot like addiction to me if you can't walk away when someone or something tells you to. I forget the time often enough, but unless playing in a clanmatch or something, I don't need a screensaver to blank my screen and lock me out.
I'm getting off topic, but I'm amazed that you don't actually know some of the passwords you are typing. Also, if your passwords are becoming muscle memory, isn't it time to change them?
> Anyway, this tool won't work for me, and it looks a lot like addiction to me if you can't walk away when someone or something tells you to.
That's an interesting thought because people actually do go thru working addictions (aka workaholics). However, I don't know any workaholics that install this kind of software or monitor when they should take breaks. Perhaps this could apply to a recovering workaholic though.
> if your passwords are becoming muscle memory, isn't it time to change them?
Somehow I feel they're safer in muscle memory than in 'normal' memory. There has been a research project once which stored the password in muscle memory by using some sort of game. It got quite a lot of attention, but I don't remember what it was called or anything...
Passwords in muscle memory are quickly and easily typed on almost any normal keyboard. It's actually harder to type them slowly. Like with phone numbers that you know by heart, you need to recite it from the beginning (without pausing for too long) if someone asks the last five digits. This fast typing makes it harder for onlookers to figure out what it is, although most people are probably able to type quickly enough that you can't make out their password regardless.
But yes, it is impractical at times. On the other hand, what new password can I easily use? It's not that easy to remember a randomly chosen sequence, passphrases are not accepted everywhere (needs digits, or are too long, or...), and it only adds to the list of passwords to try before I can login somewhere.
Right now I have a few classifications for passwords. Unsecure sites (no https, unimportant, or bad storage like LM hashes) get a low-grade password, and the best passwords are used only on extremely high profile websites and accounts (like my e-mail password). When I get more new passwords, I'll have to somehow remember if the account was before or after the switch. That's gonna be messy, and I prefer not to try too many passwords. The website could log invalid logins or even collect passwords, and the connection can usually get intercepted (https is not as widespread as I would like). And there is the problem of getting locked out after too many invalid logins. I have enough passwords and variations that 3 times just aren't always enough attempts.
> Somehow I feel they're safer in muscle memory than in 'normal' memory.
From my understanding, muscle memory is formed when a task is repeated frequently. It's basically like your "normal" memory caching these motions. So, in theory, you should at least _know_ your memory cached passwords.
> And there is the problem of getting locked out after too many invalid logins. I have enough passwords and variations that 3 times just aren't always enough attempts.
Ah, I hate it when that happens. Have you tried using a password manager like LastPass or 1password?
I don't feel like storing my passwords anywhere but in my head. The rare case that I do write them down, I make sure it's not easy to find what account it belongs to and that it's stored securely. And it's usually only written down temporarily until I remember it.
> Also, if your passwords are becoming muscle memory, isn't it time to change them?
My passwords for Really Important Things are random strings. Committing them to muscle memory happened in a few days; actually being able to remember them is a hassle that isn't worth it.
The (rather convoluted) plan seems to consider Dvorak so fantastically hard, that the user never just learns to write his/her password using it, but must look up a reference on a different machine every time.
I've never used Dvorak, but I think I would be able to memorize a single string after having been forced to type it, after a while.
Well, the idea here is that you are very rarely actually forced to type it (most of the time, you go ahead and take the break). Let's posit a user who really needs to log back in within the timeout period once every two weeks (which seems unreasonably often to me), has a reasonably complex password, and changes their password every three months (normal workplace requirement, in my experience). They will type the password 6 times, at widely spaced intervals. I think most people would not memorise it under these conditions. And if you find yourself going and spending time practicing, or you do end up memorising it because you log back in every three days or more, it's time to admit that either you are regularly literally dealing with fires at work and can't afford to take breaks, or you have deep issues with just chilling for a minute.
I'm a fan of the BreakTime app for something similar (and a bit easier). But I find it very challenging to be forced into breaks, especially for how often you are supposed to take them.
I think what would be ideal is a script that would detect when my system was idle for, say, 15 or 30 seconds. It would then check the last time I took my break. If it had been past a predetermined time, then it would prompt me for a break.
With forced break apps I find it very annoying to be interrupted in the middle of a thought, or line of code, and end up disabling those apps.
I'm doing juggling breaks every time, when I'm stuck or need a time to think. Not sure why it works for me, timers were not working, i just ignored them.
A couple of flaws with this:
1. After being forced to type it in once, I would remember the password in the scrambled form
2. Cutting off active thought processes during mid-thought would cause certain ideas to be lost
3. If you work for an employer who expects you to work constantly, they are going to complain when you very clearly sit in front of a locked screen periodically.
My trick may sound stupid, but it does work and is beneficial in two senses. What I do is to drink quite a lot of water while coding.
I have a 1 litre bottle that I must empty and refill at least twice a day. Every time I need to refill the bottle or... empty myself, I seize the opportunity to rest for 5 minutes. That's all.
I guarantee you will get up from your chair and leave everything you're doing.
This. It's free (or cheap), easy, and is good for your health (and not just because you are taking a break).
I've been doing this for over 10 years, starting from when I realized that I was getting sicker and more unhealthy just sitting at my desk for extended periods of time (> 4 hrs straight).
I do the same with tea. I have a cup all day long and need to boil water, clean stuff, pee etc from time to time which forces me to disconnect my eyes from the screen.
I was about to post the exact same thing. It is the best means to ensure breaks. Plus, to counter all the ill effects of sitting, you have to stand up!
If one drinks caffeine, alternate with coffee and water. Both will guarantee to get you up at least once an hour and the water replenishes water lost from the caffeine.
Pomodoro was a popular technique for this, has it fallen out of fashion? I used Pomodoro a lot and liked it quite a bit. At my current job we pair program mostly, and Pomodoro doesn't work so well in that situation.
I used it for a while and found it to be terribly annoying. The breaks tended to come up right in the middle of my flow periods and interrupt everything, costing me a ton of productivity.
For people who don't need to be actively locked out of their computers in order to have the sense to take a break, but still often forget to take a break for hours:
Search for an 'hourly chime' app on your smartphone, have it go off every hour on the hour with a nice big ben or similar sound.
35 comments
[ 2.7 ms ] story [ 70.7 ms ] threadYes, passphrases are probably a better idea, but by the time I realized this I already had enough strong passwords remembered. Most of my passwords are also designed to be fast to type (on a qwerty keyboard, that is) while still providing enough entropy, so passphrases would be slower.
Anyway, this tool won't work for me, and it looks a lot like addiction to me if you can't walk away when someone or something tells you to. I forget the time often enough, but unless playing in a clanmatch or something, I don't need a screensaver to blank my screen and lock me out.
> Anyway, this tool won't work for me, and it looks a lot like addiction to me if you can't walk away when someone or something tells you to.
That's an interesting thought because people actually do go thru working addictions (aka workaholics). However, I don't know any workaholics that install this kind of software or monitor when they should take breaks. Perhaps this could apply to a recovering workaholic though.
Somehow I feel they're safer in muscle memory than in 'normal' memory. There has been a research project once which stored the password in muscle memory by using some sort of game. It got quite a lot of attention, but I don't remember what it was called or anything...
Passwords in muscle memory are quickly and easily typed on almost any normal keyboard. It's actually harder to type them slowly. Like with phone numbers that you know by heart, you need to recite it from the beginning (without pausing for too long) if someone asks the last five digits. This fast typing makes it harder for onlookers to figure out what it is, although most people are probably able to type quickly enough that you can't make out their password regardless.
But yes, it is impractical at times. On the other hand, what new password can I easily use? It's not that easy to remember a randomly chosen sequence, passphrases are not accepted everywhere (needs digits, or are too long, or...), and it only adds to the list of passwords to try before I can login somewhere.
Right now I have a few classifications for passwords. Unsecure sites (no https, unimportant, or bad storage like LM hashes) get a low-grade password, and the best passwords are used only on extremely high profile websites and accounts (like my e-mail password). When I get more new passwords, I'll have to somehow remember if the account was before or after the switch. That's gonna be messy, and I prefer not to try too many passwords. The website could log invalid logins or even collect passwords, and the connection can usually get intercepted (https is not as widespread as I would like). And there is the problem of getting locked out after too many invalid logins. I have enough passwords and variations that 3 times just aren't always enough attempts.
From my understanding, muscle memory is formed when a task is repeated frequently. It's basically like your "normal" memory caching these motions. So, in theory, you should at least _know_ your memory cached passwords.
> And there is the problem of getting locked out after too many invalid logins. I have enough passwords and variations that 3 times just aren't always enough attempts.
Ah, I hate it when that happens. Have you tried using a password manager like LastPass or 1password?
edit: https://lastpass.com/
My passwords for Really Important Things are random strings. Committing them to muscle memory happened in a few days; actually being able to remember them is a hassle that isn't worth it.
I've never used Dvorak, but I think I would be able to memorize a single string after having been forced to type it, after a while.
I think what would be ideal is a script that would detect when my system was idle for, say, 15 or 30 seconds. It would then check the last time I took my break. If it had been past a predetermined time, then it would prompt me for a break.
With forced break apps I find it very annoying to be interrupted in the middle of a thought, or line of code, and end up disabling those apps.
I have a 1 litre bottle that I must empty and refill at least twice a day. Every time I need to refill the bottle or... empty myself, I seize the opportunity to rest for 5 minutes. That's all.
I guarantee you will get up from your chair and leave everything you're doing.
I've been doing this for over 10 years, starting from when I realized that I was getting sicker and more unhealthy just sitting at my desk for extended periods of time (> 4 hrs straight).
Otherwise, individuals who drank nothing but caffeinated sodas would die of dehydration.
Same idea, easier to set up, and includes some animated exercises you can do at the start of your breaks
Search for an 'hourly chime' app on your smartphone, have it go off every hour on the hour with a nice big ben or similar sound.
This works for me, anyway. Most of the time.