The West Coast Trail and Juan de Fuca Trail

It's official! I've booked a ride on the Victoria Clipper from Seattle to Victoria for 3:15 PM tomorrow afternoon. =) My plan is to find a place to spend the night in Victoria tomorrow night (so far, I don't actually have any reservations anywhere, but I have all my backpacking gear--I can stealth camp if I really have to! Ha!)

Then I'm off to Bamfield and the trailhead for the northern terminus of the West Coast Trail. I have to take an "orientation class" before they'll give me my permit--you know a trail is tough when you're required to take a class about the trail before they'll let you on it! Then I get to hike the next 50 miles through knee-deep mud, up and down 30 stories worth of ladders, cross two rivers on boats, and numerous serge channels on hand-drawn cable cars, all the while timing my hike on the beach to make sure that a high tide doesn't drown me. If the rain doesn't drown me first--this is a rain forest where precipitation is measured in feet rather inches. (Actually, being Canada, it's probably measured in meters rather than centimeters, but you get the point.) The area regularly gets more than ten FEET of rain per year. What's in it for me? It should be fun! And it's allegedly the most scenic trail in the entire North American continent. =)

Once I claw my way off the trail, I'll end up in the bustling little town of Port Renfrew. Rather than go home, I've decided to extend my hike by doing the Juan de Fuca Trail, another 30 miles along the Vancouver Island coast before getting a ride back to Victoria. The Juan de Fuca Trail conveniently starts right by Port Renfrew, so I don't even need a ride to that trailhead. It's also supposed to be a tough hike, and is allegedly the second-most scenic trail in the entire North American continent.

I'm not exactly sure when I'll finish, but I'll get a ride into Victoria once I finsh both trails. I'll stay in Victoria and play the tourist until October 1st when I'm booked to return to Seattle again on the Victoria Clipper. Hopefully that night I'll be online and post that I survived the hike. Until then, if you wonder what happened to me, that's it! =)

-- Ryan

A Death in the Family

It is a sad day in our little letterboxing family today--Janet, better known as Blooming Flowers to most of us--passed away. She had been diagnosed with Acute myeloid leukemia (AML) earlier this year, which would ultimately cut her life way too early.

I've gotten a few people e-mailing me thanking me for the Blooming Flowers theme up right now, but I would like to make sure that everyone knows that that was Wassamatta_u's creation. He created it for her shortly after she was first diagnosed with AML, before *I* even found out she had been diagnosed with the cancer, and put it up again first when she was rushed to the hospital and today when she passed away. He jokes a lot, but he's actually a pretty thoughtful guy. =) But he really deserves all the credit for the theme. I just let him put it up.

On another note, there is a tributes page set up on Atlas Quest in honor of Blooming Flowers. If you have a fond memory of her or incident to tell, please share it with the rest of us. Or even just to offer your sympathies and prayers for her and her family.

While reading her profile today--strange that I'm compelled to do things like that after someone dies, as if trying to get to know them better after the fact, but I particularly enjoyed her answer to the question about what animal she would be and why, writing, "A cat. I like to lay in the sun and be pampered."

Here's to laying in the sun and being pampered. =)

But our little community will still miss you.

Calendars!

The official Atlas Quest 2010 Letterboxing Calendars are here! I have two calendars this year--the usual, run-of-the-mill original style calendar with photos taken by letterboxers from all over the place.

Then there's what I call the Tortuga Edition because it has only photos that I took. While looking through my own pictures for the year, it seemed like I took an unusually large number of photos that I liked and turned them into a calendar. I don't really expect that calendar to be especially popular, but I figured my own family members would probably like it better when the holidays come rolling around. ;o)

But I've made it available for anyone who would like it--the photos are pretty good, I think!

I'm also doing things a bit differently this year than in past years. In years past, I would collect a bunch of calendar orders then order them in bulk, exactly the number of calendars I need. This time, I'm still ordering calendars in bulk--but I've already ordered them. Ordered them this morning, in fact. So rather than taking an unlimited number of calendar orders, the number of calendars this year are limited in quantity. Just 100 of the "original style" calendar, and just 10 of the "Tortuga edition."

When they run out, I won't be taking anymore calendar orders. Eventually, I'll get them online so you can order them directly from lulu.com, but they'll cost more there and probably not until October at the earliest.

I should also point out--you can order the calendars now, but I only put in the order for them this morning, so I won't be shipping them out immediately. It should take an expected "3 to 6 days" for the calendars to be printed, and probably another good week or so for the calendars to be shipped via ground across the country. Then I need to repack them and ship them on to you. At the very earliest, you probably won't have a copy in your hands for at least two weeks from today, but they should arrive by the end of the month. =)

If I used one of your photos in the calendar, I'll be sending you a free calendar. Don't include the free one in your order if you wish to order additional calendars. I'll contact each of you personally about how to get your free calendar.

And remember--Atlas Quest is always ready to take more photo submissions for the 2011 letterboxing calendar. Just go to the Project X page for rules and the submission form.

Calendar Photo Deadline Approaching!

For those of you interested in submitting photos for the 2010 letterboxing calendar, be sure to upload them by the end of the month! Full details about the project can be read on the Project X page. (I moved the link so it's now under the 'Marketplace' menubar option rather than the 'Toolbox' option where it used to be--in case you're having trouble finding it.) It has some descriptions for what I'm looking for in photos along with previous calendars of photos that had been selected as winners.

I included my favorite photo of last year's calendar in this post. Isn't that photos absolutely awesome! Seems like every year I get at least one photo that when I see it, my eyes pop out and I immediately know that I'll use it. Not that many of the other photos are absolutely stunning, but certain photos are just hard to get. A bright red cardinal sitting in a tree during a snowstorm? That's not the kind of picture you can plan for! The bright red against that cold, white background--what an amazing photo! A nice scene of a sunset can be beautiful, but finding a pretty sunset isn't actually all that hard to do. (Probably why I get so many sunset submissions!) But this photo..... wow. It's the one that really grabbed my attention last year. I'd never be able to get a photo like that in a hundred years!

Which one will grab my attention this year? =)

-- Ryan

Results of the Great Blue Diamond Experiment

The second poll is now officially closed. The official winner, by a whisker, is the original blue diamond algorithm I had been using all along. Before I started this whole voting process, I actually saved a list of exactly which boxes had a blue diamond, and during this vote, I simply put them back. So despite all these other algorithms I tried, the original blue diamond algorithm is actually still the favorite. =)

A close runner up was the green algorithm, which is close enough where I feel the two colors really were a tie from a statistical standpoint. That doesn't surprise me much--the core algorithm for the two is exactly the same. The difference between the two is that the blue algorithm had additional "tweaks" I added after the core algorithm ran. The core ranked boxes based purely on the votes, adjusting for the voter's average vote and the standard deviation of their votes. The green algorithm is the "pure" results. The blue algorithm included a few additional tweaks after the fact by rearrange the "borderline" results.

Boxes that ranked near the cutoff for a diamond usually ended up there more-or-less by chance. From a statistical standpoint, the boxes immediately above and below the cutoff are actually ties. The difference in ranking for #2223 or #2252 might depend on what a voter had for breakfast that morning. So I added a couple of tweaks to make the rankings more consistent and (I hoped) fair. If a box already had a blue diamond the previous month, it would still keep the diamond even if it technically fell below the cutoff (but was still a borderline case). If two new boxes fell close to the border line, one on each side of it, I would give a slight edge to the one with a planter's choice listed as an attribute. Basically, in the event of a tie, then the planters would cast a tie-breaking vote. (Don't think putting a planter's choice icon next to ALL of your boxes will help either--how discerning one is in applying them to your boxes is also taken into account.) There were about a half-dozen various tweaks I made to those borderline boxes in an attempt to break the statistical ties, and those were applied to the blue algorithm but not the green.

The tweaks only affected the results of the borderline boxes, and apparently it didn't make a significant difference in the results.

The purple and white diamonds I didn't expect to do well since they didn't do especially well in the last vote. The white diamond used the algorithm where it removed the best and worst vote for a box, then took the average of the remaining votes. The purple diamond took the ratio of high votes (5s and 4s) to the number of low votes (1s and 2s) and sorted accordingly. It actually did surprising well in the last vote, but still nowhere close to the original core algorithm that adjusted votes based on the average and standard deviation of an individual's voting patterns. While the first vote had the high-low ratio score nearly double the rate of the straight-average of votes, this time they scored almost identically. I'm a bit puzzled about that, but they both did significantly worse than other options, so it doesn't make much of a difference.

The red and yellow algorithms were the "combined" algorithms, where I ran three different ranking algorithms, then combined the results to generate the red and yellow diamonds. Intuitively, I thought these would do very well--perhaps even beating out the original blue diamond algorithm--and was stunned to see them go down in flames like they did. I guess in my head, I thought a combined algorithm would pick up on the best of all the algorithms. It seems actual results were more skewed towards "the weakest link." It took the results of the green, purple, and white diamonds, and combined them. The red is the "pure" combined algorithm, while the yellow is the "tweaked" version using many of the same tweaks I did for the green/blue variations.

The end results of the combined algorithms, as I see it, is that the most popular core algorithm (the green), was pulled down by the poorer results of the purple and white algorithms. Or you could view it as the green algorithm "pulling up" the results of the purple and white algorithms. The combined algorithms did score better than the two least favorites, but it scored worse than the most popular algorithm. An average of algorithms thus resulted in average results.

And that was the biggest surprise for me. I really expected the combined algorithm to get much better results than that.

The different between the tweaked and non-tweaked version of the combined algorithm 31-29, a statistical tie in my book. Again, there doesn't seem to be much preference one way or another based on the tweaks.

So, the core algorithm using the average and standard deviations of a person's voting patterns is hands down the winner and will continue to be used. The tweaked version shows a *slight* preference, but it may not be outside the range of a statistical tie. I also never broke down the multiple tweaks that could be voted on to see which ones might be preferred--it was an all-or-nothing type of deal.

The two "tweaked" algorithms also didn't all have the same tweaks, so I can't really compare those two very well. I literally applied the blue diamonds on exactly the same boxes that had blue diamonds before the votes were counted, which meant that tweaked version did allow boxes with just two votes to get a diamond, but the yellow diamond was limited to boxes that had a minimum of three votes. The blue diamond included the tweak that gave preference to boxes that already had a blue diamond if it now falls just under the cutoff, but the yellow version had no previous diamonds that it could be compared to and thus did not use that tweak.

So I'm left trying to decide exactly which tweaks to keep and which ones to throw away, but based on the results of the poll, I'm not sure such decisions will make a big impact anyhow. They're little decisions that ultimately have little impact. I'll definitely continue favoring boxes that already have blue diamonds just for the consistency factor--one of the biggest complaints about blue diamonds was their fleeting nature for borderline boxes. It would appear one month, disappear the next, and return the month after that, and so on. Giving a slight edge to those with the blue diamond already got rid of most of that inconsistency (and the subsequent complaints about "losing" diamonds).

But in a nutshell, after all this voting and discussion, pretty much nothing will change. =) Was it a waste of time? I think not. There were several very good things that came out of these proceedings:

1. You no longer have to take my word that I'm using the best algorithms possible.

2. I also don't have to trust that my biases had been playing a roll in the selection of algorithms.

3. I hope that anyone who intuitively felt that a simple average of all votes really is NOT the best ranking algorithm available will finally be able to let it go. Yes, there are some people who actually liked that result the best, but there were also nine people who each voted for the "completely random" results as well. The results were pretty overwhelming, however, that a simple average is NOT the best ranking algorithm available, and it's time to simply agree to disagree.

4. And I hope to gave many of you a sense of empowerment. Not the "cram it down your throat whether you like it or not" feeling that some people seemed to have, but a sense that you're in control of how the boxes are ranked. The end results may not have changed, but this time it was you all who chose the algorithm--not me. =)

On another note, I'm seriously considering giving boxes with different status different colored diamonds. Not because it has any significance, but rather because there continues to be that persistent myth that retired boxes are "taking" diamonds away from active boxes. It's not true, and even after I explain mathematically why that's not happening, it's a myth that continues to persist. And maybe a simple change of colors can finally put the nail in that myth once and for all. It's an intriguing idea to me, and it would be pretty easy to implement given the fact I already have lots of colors available now. =)

Thanks to everyone who participated. I'll be putting everything back to normal shortly. I'll leave the original blue diamonds up this months, but I might make a couple of minor tweaks when it comes to next month's ranking of the boxes. For the most part, however, expect the same algorithm.

Happy trails!

Diamonds, Diamonds, Everywhere.....

For those following along in the message boards, IrishRef suggested a different algorithm for calculating blue diamonds. His idea was to throw the highest rated vote and lowest rated vote for each box out (those pesky "outliers") then average the rest and sort accordingly. It's an interesting algorithm, and not one I had considered before. I was intrigued--how would blue diamonds if I sorted it out that way?

And what about those people who think every vote should be counted "as is," no normalization of the votes allowed. How would that shake out? Sure, there would likely be a lot of overlap, but how much? Would one of these other algorithms provide better results? Ultimately, I'm not attached to any one particular algorithm. I'm more than happy to go with the one I think works best.

So I'm having an algorithm face-off. I have created seven, yes, count 'em SEVEN colors of diamonds: red, yellow, green, blue, purple, white, and brown. Each one uses a different algorithm to determine the 5% of boxes that will have that color.

I'm not going to tell you which algorithm goes to which color, or even what all the algorithms are. I will say, however, that one of them does use IrishRef's suggestion. Additionally, one of them is a "flat average"--it takes the votes as is and averages picking those with the highest averages. I'd like your opinions on which color you feel best represents the real "blue diamond letterboxes." I'd also like to point out the the color blue is NOT using the old algorithm--I've actually tweaked the old algorithm and given it a different color to disguise it a bit. =) None of the colors actually represent what the old algorithm used.

If one of the algorithms is a particular clear-cut favorite, I might update the code to use the new algorithm instead of the old one. =)

But please, be honest. Don't pick the color that gives your plants the most diamonds. Pick the one that you feel provides the most accurate results. These are supposed to be the best boxes out there--those that a visitor "can't miss" if they're passing through. Be honest with yourself, and select the algorithm you feel accomplishes this goal.

You can cast your vote in this post.

Red = funny
Yellow = interesting
green = educational
blue = agree
purple = disagree
white = huh?
brown = hug

I'm very curious to see how you all think the different algorithms stack up against each other. =) Also keep in mind, anyone who has opted out of the blue diamonds will not have ANY color on their boxes, so don't fault an algorithm for not putting a diamond on a boxer if you know they've opted out. The problem might not be the algorithm.

I also want to point out--all these colors are temporary. Eventually, I will be selecting ONE algorithm, and that's what'll be used for blue diamonds. The rest of the colors will go away.

Happy trails!

-- Ryan

Another New Feature

I seem to be in a mood this week of working on features I actually dislike. First the blacklist, and now a "who's online now" list.

Have a pressing need to know if someone is on Atlas Quest right now?! If I've said it once, I've said it a hundred times: There is no such thing. You see lists like that on other websites, I know, which is probably why so many people want to see it on Atlas Quest, but unless someone is in the chat room and their browsers are pinging Atlas Quest every single second (well, every other second--I slowed down the pinging to help alleviate the load on the AQ servers), I can't really know who is actively on the site. Actually, even the chat rooms are imperfect. I know I've been in them in one window while surfing a completely unrelated website in another window. Not to mention that the list in the chat rooms could be two seconds out of date even with the faster Internet connections. (It could be even more out of date with slower connections.)

People who aren't in chat rooms--it's even harder to tell if they're on Atlas Quest or not. I can only track the last time their browser hits the AQ server. If five minutes go by without any additional hits, what's that mean? Maybe they're reading a long post or solving a challenging cryptogram? Or maybe they've moved on and are checking their stock portfolios on another website. Or maybe they shut down their computer and are watching television.

The point is--there's no master list that's actually accurate of who's online now. Never has been, and never will be. So keep that in mind. And given the fact that some people might not want others to know when their online, they can hide that information if they so choose. I'm notorious for turning off those annoying status icons on my Yahoo account. Mostly because people seem to expect an immediate reply if they think I'm online, and I rarely do that. I reply when I'm good and ready to reply. ;o)

For me, the list serves two very useful purposes. One, I can monitor how much activity Atlas Quest is getting and how close it's getting to capacity. And two, as an admin, there's a link available to me that allows me to force a member to logout. Until now, I didn't actually have an easy way to do that--a feature that would have been useful during the rare attacks by spammers. For the rest of you, it doesn't actually serve much purpose except give you another thrill by 'spying' on others.

Anyhow, to view a list of members who have recently been on Atlas Quest, check out the Online Members page. It only includes people who have logged into Atlas Quest--unless they've logged in, there's no way for me to know who it was. The "age" column does not represent a person's age--that's how long it's been (in minutes) since the last time the person has shown any activity on Atlas Quest. Someone who's age is 10 minutes means they haven't registered a hit or clicked on anything in Atlas Quest for 10 minutes. Maybe they're solving a cryptogram. Maybe they left the website. Maybe they took a bathroom break. We may never know. =)

If you click the "logout" button and actually log OUT of Atlas Quest, you will be dropped from the list immediately. Technically, you could still be surfing the website anonymously--but for the purposes of this list, it only shows logged in members rather than every single person surfing the site.

If you'd rather not have your presence known, you can opt out of the list from your privacy preferences.

What Happened?

I updated Atlas Quest this afternoon. Nothing particularly serious or noteworthy. Minor things that most people would likely never even notice unless it's pointed out to them. =)

One addition that probably needs a bit explanation is what a "whitelist" and "blacklist" is. You're probably more familiar with the term blacklist, as in, "Fred was blacklisted from the agency." To be banished or excluded from something.

Whitelists are more of a computer nerd type of terminology, but it's the opposite of a blacklist. If you send out invitations for a party, anyone you send the invitation to is on your whitelist. Everyone NOT on your whitelist is excluded by default. Sometimes, it's easier to maintain a list of 30 people on a whitelist than a 5,999,999,970 people on a blacklist.

For a quite awhile now, AQ has supported a "whitelist" option when you listed boxes. You could restrict your box to anyone on your designated whitelist. I didn't call it a whitelist, but that's what it was. It was actually called a "contact group" on Atlas Quest. AQ lets you create contact groups, or a collection of people you want to contact or communicate with quickly and easily, but not in a public forum. If you had listed any contact groups, then you could restrict boxes, events, and trackers to members of one of your contact groups. Anyone you added as a member could see the box, event, or tracker. Everyone else could not.

Occasionally I'd get requests asking if there was some way they could restrict a specific person from seeing their boxes. In a word, no. Even if that option were available, they could log in under a different name and still see the listing. So it's not a feature I ever took seriously.

But I added it today. I'm not really sure why. I don't think people should use it. If they figure out they are on a blacklist, they might get really ticked off and do something stupid like steal your boxes. But for what it's worth, I added a blacklist option. It works like the whitelist option, but in this case, anyone on your list cannot see the box, event, or tracker.

There is ONE instance where I can see why you might want to make sure of the blacklist--and that's a blacklist with nobody in it. =) The way AQ works, it has to know who is logged in to know whether or not to display the box, event, or tracker. So if you have a whitelist or blacklist restriction, anyone who is not logged in will not be able to see it.

So AQ first checks if the person using the site is logged in or not. If not, it displays a "this page is restricted" message. If so, then it checks if you are on the whitelist (in which case you CAN see the page) or if you are in the blacklist (in which case you can NOT see the page) and displays the appropriate message. But the key thing here is that whether you are logged in or not is checked first.

So if you add an empty blacklist as a restriction, it essentially means only a logged in member can view your box, event, or tracker. Kind of equivalent to a P-0 or F-0 restriction, except those don't actually require someone to be logged in. So if you want your clues to be available to all members with the only catch being that only people with accounts can see your boxes, an empty blacklist will do the trick. =)

If you are absolutely bound and determined to prevent specific people from finding your boxes online through the use of a blacklist--that's fine. Not my problem. But it's as easy as creating another account and logging in to get around it. Most aliases don't typically have a lot of plants and finds so if you combine it with an F-count and P-count restriction, it might actually do a pretty good job of keeping people out of your boxes you don't want visiting them. It still doesn't stop them from finding boxes with friends who might have access to your boxes, and you do risk a lot of hurt feelings if the person you blacklisted ever finds out, but I'm not your babysitter. =)

It's a tool--use it responsibly.

-- Ryan

Contraseña segura

For those of you who don't realize it, I'm currently vacationing in Spain, taking it easy in the little pueblo called Madrid. The other day, I passed one of those newspaper stands with all sorts of magazines and newspapers, and one of them caught my eye--mostly because there was a topless woman on the cover. (Hey, I'm a guy. I notice these things.) There's a topless guy on the cover too, but I didn't notice him at first. They're taking a peek at each others "goods"--but those goods are still hidden from view. (Barely.) The magazine was called "Muy interesante"--Spanish for "Very interesting." Interesting indeed!

Turns out, the magazine isn't a porno magazine--despite the misleading cover photo. I think they're a little bit looser about topless women adorning their magazines than we are in the states. The cover photo was part of an article about "The Great Couple Test--Are We Compatible?" It seems to be mostly a science-kind of magazine, with lots of information about recent scientific discoveries, stories about archeological discoveries, and an article about sunbathing with the scariest pictures of white people with the darkest tans I've ever seen in my life.

I brought the magazine with me to dinner to pass the time and read some Spanish, and one section about "Words" caught my attention. It has a drawing of a laptop with a combination lock on the monitor, and a hand twisting to open it. The article was called "Contraseña segura"--or "password security" in English.

What a bizarre coincidence! Not two hours after I posted about password security, I stumble onto an article about password security in Spanish!

The list of most commonly used passwords is naturally going to be different in Spanish than in English, but the meanings were largely the same. "Hackers circulate a list of no more than 200 words and combinations of letters or numbers that are most common. For example, 1234, contraseña, hola or yo qué sé are some of the favorites that people use. Also, love, felicidad or buenos días.

There are two things about that list I find interesting. One, they use the English word for love as a password a lot. And two, the most commonly used words in English (password, hello, happiness) is also used by Spanish speakers (contraseña, hola, felicidad). Spanish speakers correct me if I'm wrong, but I understand yo qué sé to mean "I know that." Which amuses me--I hadn't heard that as a possible password, but nobody on Atlas Quest ever selected it as a password so I guess the English counterpart doesn't get used much. An exception to every rule!

The article goes on to say that other popular passwords are the "names of pets, kids, birth dates or wedding anniversaries, telephone numbers, and common words like macaroni, sausages, cars." (Turns out, two people are using macaroni as a password on AQ--a word I had never thought to check before. Nobody is using sausage, however, and cars is too short to be a valid password on AQ.)

Then it recommends that passwords should have at least six characters, should not be a word you use regularly or can be found in a dictionary, and should use letters, numbers, and symbols, then goes on to recommend a "trick" by selecting the beginning of a book and converting the first line into initials, numbers, and symbols, using an example of Don Quixote, "En un lugar de la Mancha" which might map to "e1ldl*". In this case, they replaced the word "Mancha" with an asterisk (a common pattern matching symbol in the computer industry). Un, in Spanish, means "a" or "one"--so they replaced the word with the number 1 instead of the letter U.

And the article ends that you should change your passwords occasionally--but don't do it on a Friday because "you probably will forget it by Monday." Hahaha! I love the Spanish. =)

Doing a search for common foreign words as passwords has been coming up empty for me. If you absolutely must use a word for a password, perhaps foreign words are a better choice than English ones?

Choosing Passwords Wisely

I got a message from someone today who forgot their password. I won't name names, but in the message the person included the password they wanted, and that it "somehow" got changed because they "knew" that's what it used to be.

These kind of messages are usually rare for me--most people just tell me that they forgot their password, and I either send them to the Lost Password Center to reset it, or manually reset it myself if they're e-mail address doesn't seem to work. They usually don't send me the password they want it set to--I'd just as soon not know, and there's no reason I need to know. I can log into any account I need to with a "master password" when I need to--I never need to know anyone's actual password. Passwords are stored in the database in an encrypted format that's specifically designed so that I can't even decrypt it even if I wanted to. If hackers ever broke into Atlas Quest, they might be able to steal your e-mail address or cause all sorts of mischief, but there's one thing they can't get--it's your password.

Unless it's a poorly selected one. And alas, there are a lot of poorly selected passwords. Many moons ago, I read an article in a magazine about the ten most common passwords, and out of curiosity, I ran them through AQ's accounts to see if people actually were using them. Some of the most common passwords of all time, in case you're curious, include: password, 123456, qwerty, abc123, letmein, monkey, and money. Every single one of the most common passwords were being used by people--some of them in numbers that made my mouth drop open in shock. Passwords such as god did not get any hits since AQ has always required passwords to have at least five characters, even from day one.

I tried a few other "obvious" guesses including atlasquest and letterboxing, cracking loads of additional accounts. Then set it up so AQ tried using the same password as the trail name for the account, which as I recall, was the mother load.

Almost immediately, I added new restrictions on passwords to encourage people to pick better passwords. I made those most-common passwords off limits, and AQ will reject them. It will also reject any password if you use your first name, last name, or trailname as your password (or even a part of it). Which brings me back to the person who said that somehow their password had been "changed." Since the person told me the password they wanted, I could see the problem. It included their first name. The password wasn't changed--AQ had just rejected it as being too easily guessed and the person didn't remember their second choice.

A letterboxing website probably isn't a hacker's paradise, and even if a hacker did get into your account, they probably can't do more than delete your boxes or finds and send offensive messages in your name. But why choose bad passwords in the first place? Do you use the same passwords for your bank accounts, brokerage accounts, and other places where sensitive materials reside? Hackers DO try to break into those kinds of accounts, and easy-to-guess passwords make YOU a tempting target.

Some of you might remember the password cracker I set up the last time I discussed password security, and we had a lot of fun "cracking" accounts on Atlas Quest. All told, with all of the various guesses and such, we successfully cracked close to half the accounts on Atlas Quest. Without knowing any personal data about you, we could hack into about every other account given enough time to make guesses.

It might be a little harder now since AQ no longer allows the most common of passwords anymore (however, old accounts that made it in before the change still got to keep their poorly selected passwords, so those do still exist), but I bet there's still a lot of passwords you can guess. AQ will no longer allow you to use your first name, last name, and trail name (at least not what you entered when you registered on Atlas Quest), so those types of guesses won't be anywhere near as successful. But AQ doesn't know your birthday, it doesn't know the names of your children or pets, and it doesn't know much about you on a personal level, so it can't stop you from selecting those types of bad passwords.

If you're using a bad password now, consider changing it. Make your online accounts safe again!

Still don't believe? Try cracking accounts yourself and see how many you can break into with the Password Cracker.

I just want to say to the five people who use the word "goober" as a password--I'm honored. But you really need better passwords than that. ;o)

I'm also happy to report that while there are no "losers" on Atlas Quest, we do have four "winners"! Let's give our winners a round of applause. =)