The password field is one data entry field I often fly past on my way to testing an application. But maybe I should slow down and spend more time on this essential field. After all, if I can access an application as another user I may have found the most important defect in the application.
The password field has to be strong enough to provide security.
Salted passwords are passwords where random characters are added to the user’s passwords to improve security. From a user’s perspective there is no difference in creating or using the password field. The beauty and value of the salted password is the added protection provided to the user and the system. This blog entry provides the best explanation I’ve seen of salting.
Mixed passwords are passwords requiring a mix of alpha and numeric characters alternately the requirement might include mixed upper and lower case and allow special characters as well. The more characters accepted in the password field and the more varied the mix, the stronger the password. Take a look at how long your password might stand up to cracking. But better passwords are simply hard to remember.
I recently found a utility (and presented this in a lightening talk at CAST 2007) that’s been solving the memory headache for me. Password Safe is a free utility you can use to store your passwords. And yes, the safe is password protected with one of the strongest password requirements I’ve ever used.
Plain passwords are passwords that contain none of the variety that makes a password harder to crack. While most websites don’t allow plain passwords anymore the greater security risk comes through the forgotten password email.
As I use passwords, I’m becoming increasingly mindful of stronger passwords. Here’s a password checking site to check the strength of a password. Or better don’t test your specific password but test a password similar to the one you plan to use. The more I read about password cracking, the more I’m not being paranoid, I’m thinking preventative – a topic I’ll be addressing at my presentation at EuroStar.
Noise on the line. These words reverberate in my ears and have become a personal mantra that means something to me.
Line noise is a term used to describe spurious signals that disrupt line connections. Noise on the line is the phrase I use to check-in with myself to see where my focus is and to find what might be causing disruptions to my attention.
On a recent test project, we encountered electromagnetic noise that caused a disruption to the system under test. It was an interesting experience. And that same week I encountered a demanding combination of events that caused disruption to my own signal strength. I coined the phrase noise on the line in my head and I’ve been using it for months.
There are distractions within me and distractions outside of me. This is it, real life. Sometimes out of balance. Sometimes life comes rolling in with good things and sometimes difficult things. Compartmentalizing compelling distractions isn’t easy.
So here’s the professional question: how do you reign in your focus when sometimes the rest of your life is in chaos – whether that chaos is good or bad.
Discipline is one way. I’ll take my distractions and put what I can on hold and focus. And when that focus session is done, I allow myself time to chill.
Commitment. Knowing I owe my clients the best of me is another way I snap my attention back into line. Knowing my team needs me is another aspect of discipline.
Studying Buddhism and learning about the value of being mindful is another form of assistance that’s helped me. Am I where I am? Or am I truly somewhere else despite my physical location?
Another solution is get soaked into work; I find a compelling aspect of the task at hand and look to find a way to divert and refocus. I find a piece of work that grabs my attention and pulls me back in. I can hyperfocus.
Software testing is the type of work that requires mental engagement so when there’s noise on the line; those distractions have to be cleared.
Do you know where your attention is? Can you clear the noise on the line?
Here’s an idea about how to create your own good fortune and expand your software testing knowledge. Attend CAST 2007. CAST is the Conference for the Association for Software Testing.
We’ve lined up a great program – ok, so I’m program co-chair with Rob Sabourin so I might be biased about the program. But come and find your own good fortune – exchange ideas, listen, learn, trade, share. Seek conversations with different people – the opportunity will be there. I would suspect CAST 2007 will have all the intensity of some of the best workshops in our field. And while we have a fantastic line-up of speakers, CAST is different from other conferences because we will rearrange and shift the program to follow the energy that comes from attendees and speakers. What does that mean?
If a presentation has tremendous interest and the questions and conversation generated are running at fever pitch, we’ll adjust the schedule to accommodate the topic and speaker to keep going. We’ll shift the schedule; we’ll find another room if needed, we’ll do whatever we can to enable that conversation and that energy to go on. CAST is about conferring – it’s not about a perfect schedule.
So here’s the hitch in my own personal opinion – if you come and you come with a coworker and walk about in lock step with each other and don’ t separate and meet new people than you might as well skip the conference. You have to reach out and meet people. You have to share. And when you open the door to share, you will find your own good fortune.
Hans Rosling does a fantastic presentation posted on Ted Talks. Rosling brings data and statistics to life. For anyone in software testing who’s been thrown in front of the executive management team and been asked to present statistics – whether those statistics are defect metrics or web performance analysis, watch this webcast. And this one too.
His first presentation at Ted in 2006 was so well received, he’s back in 2007. Once again, he demonstrates how statistics don’t have to be dull. I think what makes his presentations so effective is the combination of his deep knowledge, clean graphics, and passionate delivery. Thanks to Rob Sabourin who pointed out Rosling to me.
I’ve watched both webcasts several times and noticed a few things. No graphs or fantastic presentation can replace knowledge. Rosling knows his data. He pleads us to look, look at the data. Look at what the data can tell you. And he takes what must be volumes of data and tells us a story. He weaves mini-stories into an overall presentation. We pick up data; we see the nuances and we begin to see the story as a whole.
This brings to mind comments from Edward Tufte, re: power point presentations that are too thin to be effective. We miss the full story, we lose context when we’re forced through countless slides with perfect bullet points. We don’t gain the deeper perspective that matters. See this booklet from Tufte. What I learned from this is to do my analysis without being limited by any tool.
Back to Rosling. Rosling doesn’t miss the story. He has the data, the graphs, and the passion. He brings it all together. Honestly his videos are spellbinding. If you listen closely he addresses preconceptions and bias in constructive ways. I find this helpful as sometimes I encounter deep-seated beliefs and need to tactfully show how the data doesn’t always match what we believe or want to believe.
Rosling warns too about the danger of using averages. Something each of us in software testing who gather statistics from performance testing should be well aware of. Every time I hear his comment on how averages can be dangerous, I want to jump up and down. Exactly. Averages can be misleading. He guides us through volumes of information in a way that makes it digestible. He tells us how statistics are beautiful. What’s beautiful his presentation.