Password dress: ball gown edition

I made my first bad password dress back in 2013 — a simple, short, sleeveless sheath, that has become quite famous. After wearing it to give a lot of security talks, it started showing wear and so I made a second one — the original is in the privacy art collection of the International Association of Privacy Professionals. But I finally got tired of wearing it to places like Davos in the winter where everyone insisted that I needed to be photographed outside in the snow and experiencing cold arms and lack of pockets, so I made the long-sleeved version last winter. But now I have taken this whole wearable password game to the next level and I give you the password dress: ball gown edition. So as not to keep you in suspense, I’ll jump right to the photos. But scroll past if you want all the details about how and why I made it.

It’s made from a luxurious custom printed crushed velour fabric from Contrado. It’s vibrant and shiny, especially in the sun. And it feels stretchy and soft and is the most comfortable ball gown ever. All of my past custom password fabric orders have been from spoonflower.com. But they didn’t offer a suitable fabric that was both dressy and stretchy, so I started looking for other custom fabric vendors. Contrado is based in the UK so I was a little bit uncertain about placing an international order, but they offer a ton of fabric options so I ordered a fabric swatch kit. A few days later I opened an envelope with more fabric swatches than I knew what to do with. I didn’t count them, but I think there were over 100. So many fabric choices! I dumped them out on the floor and tested each one for light weight, softness, and stretchability, narrowing down the pile to a short list of scuba variants and crushed velour. They were all nice, but I loved the feel of the crushed velour and the way it catches the light. So with that in mind I ordered some cheap crushed velour to make a muslin of the pattern I intended to make (Sinclair Serena), but at a shorter length. The cheap crushed velour did not feel luxurious at all, but it made a nice dressy summer dress that I have worn several times this summer.

Once I had picked out the fabric and settled on the pattern, I worked on the fabric design. I took the PDF file for the Serena dress in the size 4 petite, and extended the skirt length to be long enough to graze the tops of my feet after hemming. I then created a PDF file the width of the fabric (53.15 inches) by 108 inches long in Affinity Designer. I pasted the Serena pattern pieces into the file, mirroring those that needed to be mirrored. The skirt back at that length was wider than 53 inches, so I decided to add a back seam and print the skirt back in two pieces. I split the skirt back and added a seam allowance to the center back seam. The skirt front is not as full so it fit the fabric width without a problem. I made all the pattern lines red and deleted all of the internal pattern markings, keeping only the outlines. Then I added a solid purple layer under the pattern pieces. The next step was to add all the passwords to the dress. I started with my previous password dress fabric and cut and pasted the passwords inside the pattern pieces (removing the naughty words this time). In some cases I rotated them or scaled them slightly from the previous design. I spent a lot of time rearranging the passwords to fit them all into the puzzle. I also chose some of my favorites for prominent placement. I decided to cover the entire skirt and back of the bodice with passwords but leave the bodice front solid purple.

I could have continued futzing with the password layout for quite some time, but I was not sure how long it would take for my order to be delivered and I had a deadline for finishing the dress, so I saved a giant jpg file and called it done. (I subsequently spotted several small glitches but hopefully nobody else will notice.) I went ahead and placed the order on a Sunday morning in August. Much to my amazement, the fabric was printed in the UK, shipped across the ocean, and was delivered via FedEx to my doorstep in Pittsburgh, PA just TWO DAYS LATER on Tuesday! The custom fabric is expensive. Even with a discount coupon it was $42 per yard. But I paid only $9.95 for standard international shipping.

The Contrado website said the fabric would be machine washable, but was a little vague on whether to expect shrinkage. Given that it was 100% polyester fabric I took a chance that there would be minimal shrinkage (definitely a risk if you print your pattern pieces directly on the fabric) and I was right.

I laid the fabric out on my magnetized cutting mat and cut it out along the red lines with my rotary cutter. I knew from sewing the muslin that crushed velour is slippery and hard to pin in place, so I did a lot of hand basting and then serged most of it, leaving the cutting knife retracted so I wouldn’t accidentally cut anything I didn’t want to cut (since the pattern had 1/4-inch seam allowances there wasn’t really any need to trim as I sewed). The first few steps of the bodice assembly went pretty well, until it came time to join the F1 piece to the F2/F5 piece of the bodice. There are multiple points to line up and after basting and unbasting multiple times I realized that there was no possible way to get everything simultaneously lined up. After about three hours of this I finally gave up and sewed it together so the outside looked good, but the inner lining (purple ITY) looked like a train wreck. But nobody will ever see it, except for the fact that I am showing you this photo right here so that you can see that the inside is a complete disaster but the outside still looks really good. You will see there is a diagonal piece that goes from the top left to the bottom right. There is another diagonal piece that starts in the middle and goes to the bottom right. Those two pieces are supposed to be sewn together on top of each other, but yet there is a bout a 1 inch gap between them. So that nothing would be flapping in the breeze, I sewed the loose edge to the inner lining. I believe the problem has to do with the fact that my fabric stretches only in the horizontal direction and has almost no vertical stretch (going against the advice of the pattern maker). The fabric I used for my muslin was similar, yet somehow I did not end up with this particular problem. I’m perplexed, but it all worked out in the end.

Of course, I chose the pocket option, since Cinderella and I always need pockets, even when we go to a ball. I decided to make the pocket bags out of the purple stretch velour so that they would not show if they fell open. Stretch velour is not really ideal pocket bag material, especially since I stitched the pocket openings up a bit to prevent things from falling out. Sticking my hand in a pocket tends to cause the pocket bag to come out with my hand, but it works well enough for holding my phone and a small wallet. From past experience with this pattern, I know that I prefer the pockets to sit a bit higher than the pattern calls for so they don’t jiggle around when I walk, so I ignored the marks and just tried on the partially completed dress and pinned the pockets where I wanted them to go.

I’m really happy with the end result. It is exactly what I wanted. I was so excited that I put it on and made my husband follow me around my yard with my DXLR camera while I played fashion model and posed for photos. He has no formal photography training but he is starting to get the hang of fashion photography as I explain to him that there is a difference between zooming in and moving closer to the subject.

Did I mention that this dress has some twirlability?

Ok, so why did I make this dress? Well I’m the director of the CyLab Security and Privacy Institute at Carnegie Mellon University. This is our 20th anniversary year and we held a gala to celebrate on Tuesday. Obviously, I need a password ball gown to wear to the gala. (And of course my husband needed a matching tie.)

CyLab 20th Anniversary Gala

As an added bonus, the Carnegie Science Center held their Geek Out Gala on Thursday, and this was the perfect outfit! So many people I didn’t know came up to me to talk with me about my dress.

Alana dresses

Last September I bought my first Sinclair pattern and sewed an Alana dress. I have since sewn two more (and there will probably be more) and several other Sinclair patterns. I’ve found the Sinclair patterns to be well drafted and pretty straightforward to understand. They can be downloaded as PDFs and printed on a home printer, printed in large format at a copy shop, or projected.

I chose Alana as my first pattern mostly because I liked the pockets. I continue to love the pocket style, where the pockets are anchored by two princess seams. I also liked the neckline that used a facing instead of a binding or band.

I obsessed over what fabric to use, and continuing with my privacy research related theme, I selected fabric with eyes on it — evil eye blue by Laura May. I got the same fabric in the small size for the sleeves. I had both printed on Spooflower modern jersey.

Then I printed out the PDF layer for the size 4 petite pattern on the laser printer at work and spent about an hour taping it together and cutting out all the paper pattern pieces. Then I laid all my cutting mats out on the hallway floor and laid out the fabric as shown in the pattern instructions. I quickly realized that I didn’t have enough fabric for that sort of layout. Puzzled, I looked on the Sinclair website for where to ask questions, and discovered the Sinclair Patterns Group on Facebook. This FB group is a great resource for sewing Sinclair patterns. I found you can easily search for the name of a pattern and find lots of photos of garments other people have made with that pattern, including tips on fabric selection and alterations. You can also post questions or show off your own makes. In any case I soon learned that the layout in the instructions is just a suggestion and may not work depending on the fabric width, garment size, etc. I figured out how to fold the fabric to cut it and get it all in. I also learned from the FB group about a YouTube video tutorial for making the Alana dress.

I used large washers as fabric weights and used my rotary cutter to cut out the fabric. Then I followed the instructions to sew the dress. I selected the regular neckline, long sleeves, and knee-length options. On the advice of the video tutorial I extended the length of the front facing so that it would fall below the bust line. I used a very narrow zigzag stitch for all of the seams and a medium zigzag to finish the seam edges. I finished the sleeve and bottom hems with HeatNBond Soft Stretch and zigzagged over the edges.

When I tried on the dress it looked OK, but the waist is not designed to be fitted, and it looked a little baggy on me. Indeed, the pattern explains that there is about three inches of ease at the waist. So I decided to take the dress in at the sides and the back princess seams to remove most of that ease. The dress looked much better on me without the ease.

I made my second Alana dress in December using a rich purple scuba suede fabric. The fabric is soft, stretchy, washable, and pretty easy to sew. I used a lighter ITY fabric for the front and back facings and extended both of them below the bust. I thought about using a lighter fabric for the inside of the pockets but decided to try the pockets entirely in scuba suede, and they worked out fine. A line of top stitching across the top of the pockets might have been helpful, but it is ok without. I did not bother stitching over the seam edges. Once again I ended up removing the ease. Months later the fabric is holding up pretty well after many wearings and washings, although it is showing some slight signs of pilling.

My third Alana dress was another dress in Spoonflower modern jersey. This time I removed the ease in the pattern when I cut it. Cutting out this one took a while because I obsessed over the fabric placement. This was the third version of my bad passwords dress (there’s a whole story behind it), and this time I wanted to have long sleeves and pockets.

New password dress with sleeves and pockets

And see the original passwords dress below

Lorrie wearing password dress at Privacy@Scale, photo by Adam Mason

Password fashion and home decor roundup

Bad password fabric

I’ve been collecting images of all the cool things that I and others have made with my bad password fabric. The fabric is available from Spoonflower in three size and both with and without the naughty words. It has a purple background and includes 501 passwords. Spoonflower offers a variety of different kinds of fabrics, including a performance knit, basic cotton, and faux suede. They also will print this design on wrapping paper and wall paper.

Bad passwords dress (Security Blanket quilt in background)

Recapping for those who are just seeing this, I designed a series of bad password fabrics based on the most popular passwords stolen in a Rockyou.com data breach. First I made a “Security Blanket” quilt printed on basic cotton fabric in pastel colors. This quilt appeared in Science Magazine and was on display at the residence of the Carnegie Mellon University president for most of last year. Then I designed a purple version of the fabric and made a password dress with performance knit fabric. The dress has gotten some nice press on CNET, the Trib, and the Women you should know blog.

Then my friends started requesting other password apparel. Mary Ellen Zurko commissioned my friend Jen Primack of Upcycled Designs to make her a t-shirt from cotton knit fabric. Then Jeremy Epstein asked for ties, and we found Jen Knickerbocker of LoveCrushDresses and got her to offer regular ties and bow ties in her Etsy shop. The ties are made from cotton sateen.

Bad passwords t-shirtbad passwords tiesbad password bow ties (two)

Then Jen Primack bought an old chair and reupholstered it with my passwords fabric in heavy cotton twill. Doesn’t it look great in my living room?

password chair upholstered by Jen Primack password chair upholstered by Jen Primack

Kristin Briney emailed me to tell me she had made a password dress from cotton poplin. And I just made a password infinity scarf from silky faille (a woven polyester).

Kristin Briney's bad password dresspassword infinity scarf

Password baby quilts and couch throws made out of kona cotton are coming soon….

In the mean time, I’ve gotten many requests to wear the password dress to events. I wore it to give an invited talk at the 2014 Grace Hopper Celebration of Women in Computing (where I was referred to as a “password researcher and fashion idol“). I also wore it to a couple of briefings I gave to Congressional staff on Capitol Hill.

Lorrie speaking about passwords at Grace Hopper Celebration Lorrie with Jeremy Epstein wearing password apparel Susie, Lorrie, and Roxana at NSF Congressional briefing

And for those wondering about the different types of fabric. The polyester fabrics are much brighter than the cottons. They are all fairly consistently bright with nice saturated colors. My favorite is the performance polyester, which doesn’t wrinkle and has a little bit of stretch and a nice drape. But it’s not really what you want to use for a quilt or a tie. The kona cotton is a little disappointing because the colors print a little dull. The basic cotton (which is similar to the kona but slightly lighter weight and less expensive), cotton sateen, and the heavy cotton twill produce brighter colors. They aren’t as bright as the polyester, but they are noticeably brighter than the kona cotton. The cotton silk also does not produce bright colors. I think the polyester silky faille might work well for ties and some other applications where you might otherwise use a woven cotton but want brighter colors. It’s a little slippery and harder to work with than cotton though. I got samples of the polyester faux suede and polyester eco canvas. They are both lovely bright fabrics, but I haven’t made anything out of them yet.

1/22/15 update: Von Welch, Director of the Center for Applied Cyber Security at Indiana University Bloomington wore his Password tie for a local TV interview. The reporters loved the tie and commented on it at the end of the interview.

2/6/15 update: Baby quilt in kona cotton finished!

DSCF7245 DSCF7251

7/16/15 update: I made a password bolster pillow for the CMU ECE department head’s conference room.

DSCF0090 DSCF0097

6/28/20 update: Given current circumstances, password masks were required! I printed my design XX small on cotton spandex jersey and lined the inside of the mask with fabric from an old cotton spandex t-shirt (outer layer and lining each cut 10.5 x 5.5 inches; sewn together at top and bottom; left and right sides folded in and stitched to make a casing on each side; long 1-inch strip of stretchy t-shirt fabric pulled through the two casings and tied to make 2 loops to go around the back of the head). Spoonflower also sells masks already made (and lots of other things) for those of you who don’t sew. This link at Spoonflower might work: https://www.spoonflower.com/en/products/2126447-bad-passwords-clean-edition-xxsmall-by-lorrietweet?product=homegoods-kitchen-dining. See also the images and links at https://www.secmeme.com/2020/06/bad-passwords-face-mask.html.

My quilt in Science magazine

IMG_6002I’m really excited that my Security Blanket quilt won honorable mention in the International Science & Engineering Visualization Challenge and is featured in an article in the February 7 issue of Science magazine. No, they don’t have a category for quilts, but that didn’t stop me from entering (and winning).

The quilt is currently on loan to Carnegie Mellon University, and is being displayed in the home of our university president. My daughters and I stopped by a couple of weeks ago to check it out.

Science also did a little profile of me in their Career Magazine.

badpasswordAnd for those of you who want to make your own security blankets, pillow, ties, curtains, or dresses, I now have a few different versions of purple “bad password” fabric available by the yard at Spoonflower.com (update: you can get ties made from this fabric too!). You can order it on wrapping paper or wall paper too. I have small and large versions of the print, with and without the naughty words. (The quilt includes all the naughty words for authenticity.)

Security Blanket, machine quilted, digitally printed cotton fabric, 63.5"x39"

Security Blanket, machine quilted, digitally printed cotton fabric, 63.5″x39″

 

Password dress

IMG_5014This is old news, but just now getting around to posting it. I made a password dress to go with the password quilt. I wore it to the opening of the Computers, Quilts & Privacy show and to give my artist’s talk.  I also wore it to a faculty meeting and disrupted the meeting.

As with the Security Blanket quilt, I generated a Wordle from the RockYou password set, and then edited it in Adobe Illustrator. I selected brighter colors for the dress and had it printed at spoonflower.com on performance knit polyester fabric (UPDATE: You can purchase similar fabric on spoon flower that I created and ties made from this fabric on Easy…. and read about lots of other passwords stuff made by me and other people) I made my own pattern by tracing a store-bought dress I own that fits me well. It is just two pieces of fabric. The only tricky part was finishing the neckline and arm holes. I bought a double needle and used it to do the hem. This was my first foray into sewing with knit fabric.

And here are some more photos from the Computers, Quilts & Privacy show at the Frame. There is also a video of my talk that I will post after it is edited.

Security Blanket

As I’ve been thinking about quilt ideas related to security and privacy during my staybatical at the STUDIO for Creative Inquiry all year, the title for this quilt was obvious: Security Blanket. Less obvious was the design of a quilt that would fit this title. Ultimately, I took inspiration from the research on the security and usability of text passwords that I’ve been working on with my students and colleagues. While this quilt started out as an art project inspired by my research, what I learned from creating it will likely influence my future password research.

Security Blanket, machine quilted, digitally printed cotton fabric, 63.5″x39″

Our research group has collected tens of thousands of passwords created under controlled conditions as part of our research. Among other things, we have compared these passwords with the archives of stolen passwords that have been made public over the past few years. Perhaps the largest such archive consists of 32 million passwords stolen from social gaming website RockYou and made public in December 2009. These passwords are notably weak, having been created without the requirement to include digits or symbols or even avoid dictionary words. Security firm Imperva published an analysis of these passwords. More recent analyses of stolen passwords have found that passwords stolen in 2012 are pretty similar to those stolen in 2009.

The media had fun publishing the most common passwords from the RockYou breach. As with other breaches, password and 123456 figured prominently. But after you get past the obvious lazy choices, I find it fascinating to see what else people choose as passwords. These stolen passwords, personal secrets, offer glimpses into the collective consciousness of Internet users.

I asked my students to extract the 1000 most popular passwords from the RockYou data set and provide a list to me with frequency counts.  I then went through the list and sorted them into a number of thematic groups. I assigned a color to each group and entered the passwords with weights and colors into the Wordle online word cloud generator. I then saved the output as a PDF and edited it in Adobe Illustrator to rearrange them in a shape that I liked, with some pairs of words purposefully place in close proximity. I designed a border, and had the whole thing printed on one large sheet of fabric by Spoonflower. When the fabric arrived, I layered it with batting and quilted it. I bound it with matching fabric from Spoonflower that I designed.

Sorting 1000 passwords into thematic categories took a while. While a number of themes quickly emerged, many passwords could plausibly fall into multiple categories. I tried to put myself in the mindset of a RockYou user and imagine why they selected a password. Is justin the name of the user? Their significant other? Their son? Or are they a Justin Bieber fan? Is princess a nickname for their spouse or daughter? The name of their cat? Their dog? (It shows up frequently on lists of popular pet names and a recent surveyfound that the most common way of selecting a passord is using the name of a pet.) Is sexygirl self referential? What about daddysgirl? dreamergenius?

When I didn’t recognize a password I Googled it. Most of these unknown passwords turned out to be ways to express your love in different languages. For example, I learned that mahalkita means I love you in Tagalong. Love was a strong theme in any language; there seems to be something about creating a password that inspires people to declare their love.

Not surprisingly, the top 1000 passwords list includes a fair share of swear words, insults, and adult language. However, impolite passwords are much less prevalent than the more tender love-related words, appropriate for all audiences.

There are a couple dozen food-related words in the top 1000 passwords. The most popular is chocolate and most of the others are also sweets (and potentially nicknames for a significant other), but a few fruits and vegetables, and even chicken make their way to the top as well. Among fruits, banana appears in both singular and plural.

Animals are also popular. While felines appear on the password list in a number of forms and languages, monkey is by far the most popular animal, and the fourteenth most popular password. I can’t quite figure out why, and I don’t know whether or not this is related to the popularity of “banana.”

Fictional characters are also popular, especially cartoon characters. The twenty-fifth most popular password is tigger (which might also be on the list because it is a popular name for a cat). A number of super heroes and Disney princesses also make the list, as well as another cartoon cat, hellokitty. Real life celebrities also make the list, including several actors and singers. While at first I thought booboo might refer to the reality TV star Honey Boo Boo, I realized that the date of the password breach predates the launch of that TV show.

A number of passwords relate to the names of sports, sports teams, or athletes. Soccer-related passwords are particularly popular. There are several cities on the list that I’m guessing were selected as passwords because of their sports teams, especially soccer teams.

Besides the obvious lazy password password, and also PASSWORD, password1, and password2, some more clever (but nonetheless unoriginal) variations included secret and letmein. And I love that the 84th most popular password is whatever.

Some passwords puzzled me. Why would anyone select “lipgloss” as their password. Why not “lipstick” or “mascara”? Perhaps it refers to a 2007 song by Lil Mamma?  Why “moomoo”? Why “freedom”?

Even more popular than the word password were the numbers 123456, 12345, 123456789. Other numbers and keyboard patterns also appear frequently. When I laid out the 1000 passwords on the quilt, I scaled them all according to their popularity. The most popular number sequence was chosen by more than three times as many people as the next most common password and was so large that I decided to place it in the background behind the other passwords so that it wouldn’t overwhelm the composition.

I made a few mistakes when designing the quilt that I didn’t notice until I was quilting it (quilting this quilt provided an opportunity to reflect on all the passwords yet again as I stitched past them). One problem was that when I transferred the top 1000 password list to Microsoft Excel while categorizing the passwords, the spreadsheet program removed all the zeros at the beginning of passwords. As a result there are three passwords that are actually strings of zeros (5, 6, and 8 zeros) that are printed simply as 0. In addition there are three number strings that start with a 0 followed by other digits are printed without the leading 0. Another problem was that the color I selected for jesus, christian, angel, and a number of other religious words blended in with the background numbers when printed on fabric, making those words almost invisible (even though they showed up fine on my computer screen). I had carefully checked most of the colors I used against a Spoonflower color guide printed on fabric, but had inadvertently forgotten to check this particular color. I reprinted about half a dozen of these words in a darker color and sewed them onto the quilt like patches that one might add to repair a well-worn spot.

There are also some passwords that I colored according to one category, and upon further reflection I am convinced more likely were selected for a different reason and should be in a different category, but we’ll never know for sure. I invite viewers to discover the common themes represented by my color-coded categories and to speculate themselves about what users were thinking when they created these passwords. Zoom in on the thumbnail images above to see all of the smaller passwords in detail.

The colors, size, and format of this quilt were designed to be reminiscent of a baby quilt, which I imagine might become a security blanket. Like the passwords included in this piece, a security blanket offers comfort, but ultimately no real security.