Blog

“Do I have a Problem with Passwords?” (A Diagnostic Questionnaire)

Calligraphic text reads: You are cordially invited to stop using the same password for everything.

Only you can decide if you have a problem with passwords. But, questionnaires are fun, so here you go:

How many of the following statements are true for you?

  1. One or more of the passwords that I use has both a year and an exclamation point in it.
  2. My passwords are stored in multiple places.
  3. I have had to contact customer support about a forgotten password in the last year.
  4. I use the same password on more than ten accounts.
  5. One or more of my accounts has been hacked in the last seven years.
  6. One or more passwords I use has the name of the service I’m logging into in the password itself.
  7. My email (which can reset the login for my bank account) has what I know is not a great password.
  8. I don’t know what a great password is.
  9. I do know what a great password is, but my understanding is based on something I heard somewhere seven or more years ago.
  10. I’ve had to contact acquaintances and ask them not to wire emergency funds.
  11. Some of my passwords haven’t been changed in years. I know because the year I set my password is in the password.
  12. I know what makes a great password, I know there are systems available to store and sync them, but I have answered yes to any of the previous questions.

If you agreed with…
none of the statements above, you might not have a problem with passwords.
one to twelve of the statements above, you have a problem with passwords.

It might not be hurting yet, but like any unmanageable problem, once it does, it really does. Consequences could include ad-riddled websites, drained bank accounts, creepy social media activity, and identity fraud. It’s not just that malicious teenage hackers are trying to target you in particular; it’s also that there are legions of merciless bots trolling the internet for unsuspecting targets for malware and ransomware.

Yikes! Are you awakened, but daunted? Could you just change one bad password? Maybe start with something important: think of the email address you use to log into all your overseas bank accounts—the email address that if I broke into I could get access to basically any service I might be able to think of. If you do anything after reading this, change that password today. Gosh, stop reading this and just go do it!

Wait! Don’t go quite yet. Can we talk about what you’re going to change it to? Are you going to just change the last five characters of the password (which are currently 2015!) to 2022!? And then are you going to save that password in an unencrypted Google Doc? Are you going to scribble it on the legal pad in the kitchen drawer?

Before you do those things, I want you to know how to approach making a good password, and how to store passwords well. Both of these things might take experimentation on your end. But let’s start with crafting a good password first.

Three disclaimers:

1. This post is intended for entertainment purposes only. I’m a designer, not a medical doctor!

2. The tips in this post are already obsolete. See Question 9 above.

3. Sharing your answers to the above questionnaire might not be the safest way to publicly engage with this content.

Making Good Passwords

You’ve probably heard these rules before:

  • don’t reuse passwords or parts of passwords
  • don’t use your dog’s name in a password
  • don’t use the name of the service in the password
  • don’t use anything meaningful to you in any way in a password
  • don’t send passwords to people unencrypted

Your best bet is often to just surrender to whatever your password management system suggests. Sometimes, and especially for passwords you’re expected to remember, a passphrase is the way to go. Our client Nina Lanza, PI of the ChemCam instrument on the Mars Curiosity rover, introduced me to four-word passwords. They’re the best thing ever. (Read this cartoon from xkcd.) Here’s why they’re great:

  • they’re easy to memorize
  • they’re as secure as j$-28f~`LM(c sorts of passwords
  • they’re easy to communicate
  • they’re delightful

A word of warning—the four words have to be truly random (not thought up by us) in order to work. Fortunately, there are a bunch of randomized passphrase generators out there.

I like to cycle through useapassphrase.com until I find one that feels like I could make up a story about it. (And yes, I know that hurts the randomness factor, but we’re all about harm reduction versus perfection here.) For example, “folic compacter mauve grafting” doesn’t speak to me—but “crisply fantastic banister wreckage” most certainly does. I immediately see an image. I don’t know what it means, but I see it.

Four-word passwords won’t always work.
Let’s say your four, truly random words are:
ornery cactus unwitting opal

Some platforms require special characters, or don’t allow spaces. Some will reject four words as too many, and you’ll have to use three. Or in some ridiculous cases, the upper limit only allows for two words, in which case you’re better off using your browser’s standard password generator.

You could type your new password in with the spaces—or, you could remove them:
ornerycactusunwittingopal

What if the website demands a number and a capital letter and a symbol? Because the four words are relatively secure and have likely never been uttered together in human history, you could have a few reusable character strings in your repertoire that satisfy most websites’ requirements.

For example, let’s say you were born in New York, and your area code is 212. You could inject NY212! at the end of every four-word password where the special characters were required.

You could have several passwords like this:
ornery cactus unwitting opal NY212!
blizzard handsaw reheat gown NY212!
compacted rice twiddle said NY212!

And so on. Someone could guess NY212! on its own, but they’d have no way of deducing it had anything to do with succulents or gemstones. (Unless, of course, you use one of the passwords published in this blog post. Please don’t do that.)

Please don’t use NY212! or something like it on anything less secure than a four-word password.

Another word of warning: there are brilliant minds and machines out there that can break into an account with one of these passwords. But if you scored anything but perfectly on the questionnaire, a randomized passphrase will most likely be immesurably better than what you’ve got going on now.

Password Storage

You’ve probably heard that it’s not a great idea to store your passwords in an unencrypted Google Doc or on a notepad in your kitchen drawer. You’ve heard correctly! The best way (as of this writing) to store passwords is in a strong password management system, preferably one with two-factor authentication.

I always recommend using the simplest tool available, which is often already installed on your devices. I use my browser’s built-in password management system, and I use the same browser on my phone and tablet. Look up your preferred browser’s recommendations online. (For example, you could search for ‘managing passwords in Chrome’ or something similar.)

If you want something more powerful, search for ‘best password managers’ and see what sounds reasonable and trustworthy. 1Password, LastPass and Dashlane are all systems clients have used with varying levels of success.

Passwords aren’t for sharing, but sometimes they are. For example, if you have to share your domain registrar password with your web developer, you could email it, but you’re assuming both your email account and theirs are secure. It’s better to call, or use a service like onetimesecret.com to transmit it. Some of the password management systems have built in password sharing functionality.

While I’d love if you reformed everything over a weekend in the near future, it’ll be more sustainable if you focus on one or two passwords today. The passwords that matter the most are the ones where real damage can be done—bank accounts, email, and public-facing accounts like websites and social media. Now step boldly, into your secure future, emboldened to eschew vagueness and embrace clarity!

Share your progress in the comments by letting us know what four-word passwords you chose!

A fourth disclaimer:
4. Please do not share your password progress in the comments. That was a joke.

Client Spotlight: Jess K. Smith & Shelley Virginia’s What Gets Passed Between

A woman holds onto the bannister of the staircase while her daughter looks on.

This is the first installment in a series of Client Spotlights, featuring Hiya, Scout Web Design Clients Jess K. Smith and Shelley Virginia. Written by Jennifer Lane, a playwright who has worked with Shelley and Jess during their time at Columbia.

This isn’t another article about theatre in the pandemic—there have been enough of those, and I swear, if I have to read another think-piece about how Zoom Theatre is—or isn’t—“real theatre,” I’m going to hurl my laptop into a volcano. Instead, I want to think a bit about how performance can, necessarily, transform in a project that requires COVID considerations from all of its participants.

Shelley Virginia and Jess K. Smith are two of my favorite theatre artists in the history of the art form. Jess is a visionary director with an unparalleled eye for how to use space; her work focuses on generative pieces, “adaptations, interdisciplinary collaborations, and imaginative interpretations of classic texts.” And Shelley is an ideal artistic partner: a gorgeously nuanced actor and stunning aerial performer, Shelley’s work explores “the marriage of physical storytelling, heightened text, and emotional truth.” Theirs is a long-standing collaboration—one that began when we attended graduate school at Columbia University—that has continued across state lines and time zones, and now, through the tumultuous landscape of a pandemic. And despite working in various rehearsal rooms and theatre spaces and site-specific locations for years, they’ve taken their collaboration to an entirely new realm altogether: Instagram.

A woman is propped up in a doorway. Her daughter reaches for her from below.
Photo by Shelley Virginia

Their latest project, What Gets Passed Between, is described as follows: Created by Shelley Virginia and Jess K. Smith, What Gets Passed Between is a site-specific, multidisciplinary, cross-country COVID collaboration centered around a house in Marietta, Georgia (traditional land of the Cherokee and Muscogee Creek). It is a story about mothers, daughters, and what gets passed between. Told through image + text, released bit by bit on this account over time. The audience is invited to take in the whole story by viewing the Instagram profile feed, engage through comments and stories, and share what resonates by using the #WhatGetsPassedBetween hashtag and tagging @whatgetspassedbetween.

“You know, I think that I was just looking for something to work on with Jess,” Shelley said when I asked them how the project began. “We started with a question of intergenerational trauma and mothers and daughters, and I feel like it’s just kind of taken on a life of its own.” 

I had the privilege of speaking with the co-creators of this compelling new project and when they talked about the genesis of the piece, they hit on a lot of my own personal thematic obsessions: What did my mother pass down to me? Can I change it? Do I want to? Who am I as a parent and what am I passing on to my child? They began with questions about patterns, and those questions turned into physical patterns that Shelley explored in a daily movement journal that she videotaped and sent to Jess. But it didn’t necessarily start out as a long-distance collaboration.

“COVID has forced a total shift in how we would normally work. We thought, at first, that we were making a play. Our approach has had to be responsive and reflective to what’s happening, and we’re learning what the piece is as we go.”

“Shelley came to [see me in January 2020],” Jess said when I asked them when they first started the project, “and at that point, we knew that we wanted to make a piece together, we wanted to keep building on our long-term collaborative relationship. We are both really drawn toward stories that center complicated women, and we thought initially that we would tackle these big, juicy characters like Blanche and Medea and put them in conversation with each other. But there was also a real thrust toward creating something generative.”

COVID, of course, meant that they were forced to think outside the rehearsal room. They knew they wanted to create something generative—and to give Shelley an opportunity to work as a creator and writer as well as a performer. But they hadn’t originally anticipated that they would be so far removed from a traditional stage. “COVID has forced a total shift in how we would normally work. We thought, at first, that we were making a play. Our approach has had to be responsive and reflective to what’s happening, and we’re learning what the piece is as we go.”

The project went through iterations where it was a play, then a feature film, then a short film, and perhaps it will be any or all of those things down the road. But for now, it is a story in words and pictures. Has the medium shaped the arc of the project? “In a lot of ways,” Shelly said, “it has entirely shaped it.” At first, they had anticipated working the way they’d always worked, but the pandemic made that impossible. So they created a Google Drive folder and began sharing things back and forth. “In the very early days, I started doing a daily physical journal where I would just turn the camera on and move and write something about it. Or Jess would send me a prompt and I would respond to it in movement. Then when I moved across the country, and I moved into this house, all of a sudden this project became site-specific.”

The images are truly arresting, very much evoking the feeling of what it’s like to be parenting during a pandemic: trapped inside with a child’s ever-reaching hands.

The house was the one that Shelley grew up in, and she now lives in it with her husband and their five-year-old daughter, Hunter. The images—which are stills from the movement videos that Shelley shot—are truly arresting, very much evoking the feeling of what it’s like to be parenting during a pandemic: trapped inside with a child’s ever-reaching hands. As a mother myself, I immediately saw my experience abstracted and reflected back. “The first images I got, which I think were the ones of me in the doorframe and [Hunter] reaching up to me was a little bit of a fluke. I set up the shot, and she just kind of rolled through and had a conversation with me. And I just filmed all of it, and pulled the stills from it. After that, I was like, well, this is great.” It’s a beautiful image, a very happy accident, indeed. When I asked what it was like to work with her daughter, Shelley said so much of it was about play. “This is an activity we can do together, and she’s very into art. She has seen me in several plays now, and I’ve taken her out of town three or four times to do shows, so she understands the artistic process. And we just play together. I keep [the camera] running and we play and explore and we have conversations.” The result has been a series of images that evoke the unique bond between mother and daughter, the real or imagined usurpation of a mother’s power, the transfer of the power into the daughter, who looks boldly out while her mother’s face is obscured.

A woman hangs from the frame of her shower door, her child's feet visible below.
Photo by Shelley Virginia

So what are their plans for the release of their story? “There are six chapters,” Jess explained, “and our plan is to release a full chapter over the span of one week. Between each chapter, we’ll take a week, so as to create opportunities for engagement. So by the end of the project, someone could look at the Instagram feed and read the whole thing in reverse chronological order, in one fell swoop. But for the folks who are part of our audience now, as it’s being unfolded to them, they’re getting it sentence by sentence, image by image.” And right now, they’re not thinking beyond the platform of Instagram.

“Someone suggested we create a coffee table book,” Jess laughed. “And, I mean, maybe? Who knows what the next iteration of this might be. Perhaps it will exist on a website, or in a theater, in a publication, as a film, or as a coffee table book. But right now, we are considering all of the possibilities.”


Shelley Virginia is an Atlanta-based actor, teaching artist, and movement director. She has worked in television, film, and theatre all over the country. Favorite credits include Young Woman in Machinal, Lulu in Lulu, Woman in Not Medea, Ariel in The Tempest, W in Lungs, Lady Macbeth in Macbeth and most recently in Juneau, Alaska playing Henrietta Swan Leavitt in Silent Sky at Perseverance Theatre. She holds an MFA in acting from Columbia University in the City of New York and is a proud member of SAG-AFTRA and AEA. 

Jess K Smith is a freelance director, the Founder and Co-Artistic Director of ARTBARN, and an Associate Professor of Theatre Arts at the University of Puget Sound. She focuses on generative work, adaptations, interdisciplinary collaborations, and imaginative interpretations of classic texts.

Web Accessibility Is Not a Two-Dimensional Issue

A framed drawing of a two-dimensional person in a wheelchair transforming into a three-dimensional clay figure that rolls out of the frame.

According to the World Health Organization, around 15% of the world’s population—or upwards of a billion people—lives with some form of disability. It’s a part of the human experience, and these days so is using the internet. Think of it this way: Would it be acceptable if only 85% of your emails went through? If your site were down almost two months out of the year? Would it be good business to keep your doors shut to more than one out of every six customers? Granted, not all disabilities affect web use. But designing with accessibility in mind isn’t just the right thing to do: it’s also good for business. But making sure that your sites are accessible also goes beyond simply being compliant with local laws. It’s a complex and dynamic issue that, when considered in good faith, can deepen the user experience for all of your website’s visitors. In this post, we will take a look at why accessibility is important and what the legality entails.

What is website accessibility and why is it important?

In her book Accessibility for Everyone, Laura Kalberg writes:

“Accessibility in the physical world is the degree to which an environment is usable by as many people as possible. Web accessibility is the degree to which a website is usable by as many people as possible. We can think about both kinds of accessibility as forms of inclusion.”

Just because your product or service wasn’t created with disability in mind doesn’t mean that people with disabilities won’t engage with your site. What we’re talking about when we talk about designing with accessibility in mind is empathy: the ability to think outside of our own experiences. 

Web accessibility is all about ensuring that the tools and technologies present on any given site are designed so that everyone can perceive, understand, navigate, interact, and contribute appropriately to the site. Website accessibility must take all disabilities into consideration during the design and development of the site. This will include: 

  • Visual disability
  • Auditory disability
  • Cognitive disability
  • Neurological disability
  • Physical disability
  • Speech disability

The tools that make your site accessible have benefits that reach far beyond the individuals for whom those tools were intended. But fundamentally, accessibility is a vital issue because we live in an age where basic participation in society relies upon internet usage. This has been particularly true during the COVID-19 pandemic as businesses and educational institutions have all moved online. 

The first step toward making your website truly accessible is ensuring that it’s well-organized on the back end. A lot can be done when you’re coding the structure of a page, and smart organization on the part of the designer can make the site easy to use for screenreaders and others who are using the site in nontraditional ways. 

Is it illegal for your site not to comply with the ADA?

First, I’m not a lawyer and can’t give you legal advice. That said, the answer to that question depends entirely on what kind of site you are operating. In the United States, only federal, state, and local government sites are required to meet section 508 regulations. Otherwise, there are few enforceable legal standards as regards the accessibility of your website. That said, there have been a number of lawsuits brought against companies that do not provide accessible sites (including The Wall Street Journal, Hershey’s, and Amazon, to name a few.) So, what does it mean to be ADA compliant, exactly?

The Americans with Disabilities Act set the standards for website compliance, and this applies to the aforementioned government sites, as well as private employers with more than 15 employees, and organizations that are operating for the benefit of the public. But even if your Company can afford the fees associated with shirking ADA compliance, you cannot ignore the negative impact it can have on your brand, and how it may affect the individuals attempting to interact with your site.

Ultimately, the best thing you can do to ensure that your site is ADA compliant is to hire a designer or developer who keeps this at the forefront of your mind when creating your site. Clean, well-organized code on the back end is the first step toward true accessibility on the front end.

Accessibility and ADA compliance are more than just a sticker on your home page. They ensure that the maximum number of people possible can easily navigate all of your content. So do yourself a favor and make sure you’re considering all of your users from the very beginning of the site creation process.

Reparations Pricing

A note from Scout, 6/4/2020: Reparations & land theft pricing is offered (with client’s consent) on new flat-rate, full-rate projects in the form of a $500 deduction for clients whose ancestors experienced slavery or land theft in this country, and all Black and Indigenous people, citizens of the various sovereign Tribal Nations of the United States, regardless of personal income, and those who experience oppression, abuse or disenfranchisement by our current economic system built upon slavery, stolen land, and white supremacy. In addition, 3% of the fee from all other new flat-rate, full-rate projects will be donated to organizations doing work for racial justice in the United States. (Language adapted from Lena Kassof.) —SJ

Hand-coded with WordPress and Underscores. Fonts: Brandon Grotesque by Hannes von Döhren and Orpheus Pro by Kevin King, Patrick Griffin, and Walter Tiemann at Canada Type. Printed with electromagnetic radiation on various amorphous non-crystalline solids.
This was a Hiya, Scout! design.