billso.com

Google Docs, the company’s online office suite, now lets people create and use templates. There are many examples already posted in Google’s template gallery, including invoices, resumes, invitations, mileage caluclators and calendars.

Avery Dennison has already posted a number of templates for their self-adhesive labels. Now I have one less reason to use Microsoft Word, and the folks at TastyPopsicle seem to agree with me: see their article called Oh hell no, Google’s got templates!

I’m sure there are security concerns. How hard would it be for someone to post a template that lets users record their web passwords or credit card information, and then sends back that valuable data to the developer? Google’s videos don’t mention any of these issues - instead, users are told that they can email template-based documents to friends, who can fill them out and return the data in their email client. 

Before trying these templates, I suggest changing your Google password to something stronger, like a passphrase, or using a Google account that doesn’t have much or any email or data in it. It’s much easier to set up a fresh Google account than to figure out who’s looking at your data.

There’s more information and a couple of videos in this Google blog article called Templates bring Docs to life.

Related posts and pages on billso.com

• 12 May 2008: Software and services - free or paid?
• 24 April 2008: Change that password into a passphrase
• 19 April 2008: Salesforce for Google Apps
• 28 February 2008: The Google cable
• 18 September 2007: Google, Yahoo and IBM in the Office
• 17 April 2008: Virtual keyboards and monitoring software foil keystroke loggers
• 12 April 2008: Finding business contacts and passwords on the Internet
• 19 April 2007: Living la vida Google
• 2 July 2007: CXOs face malware email attacks
• 23 February 2007: Google Apps vs Microsoft Office

Long-time readers of billso.com may remember that I used reCAPTCHA to validate comments about my articles. reCAPCTHA is a web service that shows users pictures of two words. The service knows one of the words. The second word was provided by an electronic book scanning project that needs help with its quality control.  reCAPTCHA send the results back to the scanning project, to help them fix their documents.

A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) system is a simple test that determines if a computer user is a machine or a human. CAPTCHAs are small puzzles that people can solve quickly, while being too expensive for a computer system to solve.

I dropped the reCAPTCHA feature in May 2008, because the system was not stopping comment spam from appearing on my blog. “Comment spam” is just messages that have little or no relevance to an article or page.

In the past, people who wanted to crack a CAPTCHA system might pay users to stay at home and decipher dozens of captchas, in return for free content or Internet access. But people are slower and less reliable than computers. Processing power continues to improve, while CPU costs get lower.

Paying the price

Stephan Chenette, the manager of security research at Websense Security Labs, notes that CAPTCHA technology had made incremental improvements since 2000, while CAPTCHA crackers bought faster hardware and invested more in their efforts:

“CAPTCHA has been broken for the last year and a half. The technology has really not progressed. They’ve got a little bit harder but the hackers have made programs that can easily break them. This works both with print and audio CAPTCHA. All of these have been broken in one way or the other.”

In the last few months, the CAPTCHA systems of several major web sites have been cracked by automated systems:

• January 2008: Yahoo Mail
• April 2008: Gmail and Hotmail
• May 2008: Craigslist

This has resulted in a flood of spam, scams, and fake postings on services around the world. It’s become quite easy to create a fake Web site that can fool many users. Social networks like MySpace and Facebook offer many more opportunities to trick users into revealing their credentials and personal information.

In the last few years, financial service companies and banks have adopted multifactor authentication systems that ask users for more than a password or a CAPTCHA solution. Now organizations in other industries are looking at similar solutions, because it has become much less expensive for scammers and crackers to break these companies’ systems. Several OpenID providers have added multifactor features to their authentication systems, too.

This article called How CAPTCHA got trashed has more details.

Image courtesy of Mess of Pottage through a Creative Commons license.

Related posts and pages on billso.com

• Help
• OpenID
• 13 May 2008: JanRain launches CallVerifID multifactor phone service for OpenID
• 10 May 2008: Why use OpenID?
• 17 April 2008: Virtual keyboards and monitoring software foil keystroke loggers
• 25 March 2008: Digital TV is coming
• 13 March 2008: Avoiding the splogs
• 5 February 2008: The mobile web and billso.com
• 4 June 2007: Email and print links