“Guys” isn’t gender neutral

I wrote this post because when I was looking recently, I couldn’t find a good article that communicated this point. Presumably my search-fu wasn’t working that day, because I’ve just found several, which I’ve referenced below.

The word “guys” isn’t gender neutral.

I don’t know many people who use “guy” singular, to refer to somebody who doesn’t identify as male. Yes. I know that progressive, descriptive dictionaries like Merriam-Webster state that both “guy” and “guys” are gender neutral, while Oxford still states that the singular form is male.

Yes, I know that many people treat it as gender neutral, even people who don’t identify as male. I am aware of plenty of women who will say “guys” when referring to a mixed-gender group. Some might even use it to refer to a group of all non-male people.

I invite you to consider this, though. Just because some, maybe even many, people who don’t identify as men consider “guys” to be gender neutral, that doesn’t mean everyone does. What if one person in that target group being referred to as “guys” does consider it to be a gendered term, and as a result, feels othered by your language? What if your language, to that individual (and there may be many of them in any given group), tells them “I assume that this is a male-dominated group and anybody else is an anomaly who isn’t important enough to be recognised or addressed?” There’s a good chance that person isn’t comfortable raising this issue themselves, so you have no way of knowing how many people feel excluded by the word “guys.”

I work in IT. Like many other fields, it’s male-dominated. If we want to diversify our workplaces (and who wouldn’t, given so much evidence that diversity is a Good Thing?), we need to stop using language that may make people feel excluded or uncomfortable. In my opinion, it’s a needless microagression.

So, let’s put aside the argument of whether or not you consider “guys” to be gender neutral, and ask a different question:

If you knew that your language, this single word, “guys,” was making a person you’re addressing uncomfortable, wouldn’t you want to change it?

It’s not that hard! there are plenty of alternatives:

  • folks
  • people
  • peeps
  • y’all
  • everyone

Those are just the few I came up with off the top of my head. I’ve just done a quick search, and found this blog post, which adds, among others:

  • friends
  • team
  • pals

(check out that post for more), and that post references Ways Men In Tech Are Unintentionally Sexist, which I’ve only skimmed, but which is an amazing resource and links to heaps of other amazing resources, such as A Guy Is A Man Is A Guy, and Geek Feminism.

If you still would like to be convinced that “guys” isn’t gender neutral, A Guy Is A Man Is A Guy offers three exemplary thought experiments:

Thought Experiment #1: Imagine a room full of men and women. Someone stands at the front and says, “I want all the guys to stand up.” What happens next?

Thought Experiment #2: You are with a woman. You tell her you think she’s such a guy, a great guy, the smartest guy you’ve ever known. Note the expression on her face.

Thought Experiment #3: You turn on cable news and the first thing you hear is someone saying, “Everyone knows it’s a guy’s world.” Picture in your mind what he’s trying to say.

I love these examples so much.

Now, back to the matter at hand: changing your language. Yes. It requires time and effort, to stop using “guys” as a collective noun for a group of diverse genders. I have largely settled on “folks” as my replacement word, and I still slip up after at least a year of trying. There are certain situations that I’m so used to saying “guys” in, that I have a lot of unlearning to do. But the important thing is that I’m trying, and after just a couple of months of conscious effort, 90% of the time, I was not using a term that some people may find exclusionary.

So pick a new word to replace “guys” in your everyday vocabulary. There are plenty of them. It won’t take all that long to get used to if you keep at it, I promise you, and most people won’t even notice the change.

But for those that do notice, it’ll mean the world to them.

That’s all, guys folks!

Advertisements

The pain of passwords

This post may get a bit rambly and is kind of self-indulgent, but some might find it an interesting story. There’s a tl;dr at the bottom.

I use a password manager to manage passwords to the majority of services and websites I have accounts with. Most of these sites have unique and complex passwords that I have no hope of remembering. I like it this way.

Password managers can’t help with everything. You still need to remember the password/phrase to unlock the password manager, and the phone and/or computer you access it from. If you host the password manager’s data file on a cloud storage service, like I do, you need to remember your password to log into that too. Further, given that, that in my case, my cloud storage service of choice, ownCloud, is self-hosted, I need to remember all the passwords pertaining to the server that runs that service. This includes local Linux passwords and SSH key passphrases.

Now, sure, I have a copy of the passwords on removable storage somewhere safe so I’m not dependent on all this infrastructure. But guess what? That copy is PGP-encrypted. With a passphrase. That I have to remember.

So let’s recap. The passwords I currently have to remember include:

  1. Local workstation computer password
  2. Smartphone PIN/password/pattern
  3. Password manager passphrase
  4. Cloud storage password
  5. GPG key passphrase
  6. SSH key passphrase
  7. Server login password

Now I’m going to put aside the questionable design decisions I’ve made here; I grant that I could just use a single encrypted password file on a USB key (with backups elsewhere), that I can plug into any computer I trust, and access my passwords. And that’s great for a fallback which I could easily implement, but it’s not exactly something I want to do on a day-to-day basis. Let’s say I simplified this system, though, so I wasn’t worrying about the cloud-hosting of the file. I’d still need to remember 2-3 passwords:

  1. Local workstation computer password
  2. Smartphone PIN/password/pattern
  3. Password manager passphrase

Yes, that’s better, and more manageable. Say, though, that I have multiple computers. Do I use the same passwords for all of them, or should I be a good security-conscious person and use different ones everywhere?

I will tell you right now that in the longer list of passwords above, several of those services shared a password. I hate remembering passwords, as everyone else does, so naturally, I try to remember as few as possible and put as many as possible in my password manager. It got to the point that the aforementioned shared password was one that I’ve used for a long time. By long, I mean at least 10 years. Now before you start yelling at me for being careless and insecure, in my opinion, it was a pretty good password. It was reasonably long, contained non-dictionary words and different character classes, and for the most part, the services that used it were not directly exposed to the internet, so you’d likely need possession of one of my devices to try to crack it.. I had no reason to expect that it was compromised.

Monday last week, I typed that password into a group chat. You know how it is; it could happen to anybody. You see your computer screen is blank, and, given how unlikely it is that you’re within the 5-second grace period, you assume your computer is locked, so you sit down, and blindly type in your password while your screen wakes up. You hit Enter, switch to the window you want to be in, and get on with your day. Then your colleague leans over quietly and says “perhaps you want to delete that message you just posted,” and, confused, you take a look at the channel, and feel the ground fall out from under your chair.

Not just because you remember that the password you’ve been typing from muscle-memory for a decade without really thinking about can actually be interpreted as a rather juvenile set of words that your present self would never use, but also because now you’ve got a problem: you have to relearn a new password or passwords, for the machine you type the password into about 50 times daily.

Bother.

Because of the nature of passwords, ones like this one have existed since before the jury came back on what a good memorable password looked like. My general passwords that I’d drop into a password manager look something like this:

$pyf|?u?'yB7pCNW~$y:yv;Kc*^<c,%U

The length I use has increased over time, as I’ve found less occasion to have to type these manually. There’s no way I want to remember a password like this, let-alone have to type it, fingers moving all over the keyboard, hitting Shift every second character. I don’t even want to contemplate having to regularly type something like this into my smartphone.

So after some deliberation, I took a leaf out of Randall Munroe’s XKCD comic

password_strength
Pictured: A comic contrasting the struggle of memorising low entropy passwords like “Tr0ub4dor&3” with high entropy passwords like “correct hors battery staple” (CC-By-NC Randall Munroe, XKCD 936)

This, combined with a handy shell script, written by a past colleague, which assembles a password from several words from Linux’s /usr/share/dict/words file, gave me a password that I just had to start remembering. I quickly set the password on my laptop, while storing it in my password vault accessible from my phone (which I could access with other, different passwords that I already knew and didn’t need to change right now) for the inevitable moments I forgot it.

I probably had to look it up about a dozen times, and about two dozen other times I had to sit at my computer for several seconds while I (a) typed my old password before remembering it had changed, and (b) remembered which words comprised the new one, getting it wrong the first couple of times. So all it all, it’s taken almost a week, but I think I’ve got it embedded in my memory now. I still want to have a backup of it somewhere safe in case I have a lapse of memory, but I’m pretty pleased.

There are still a couple of services that shared my old password that I haven’t changed yet (a reason I was reluctant to publish this post yet, but decided wasn’t a big deal), which I’ll do shortly, after I’m a bit more confident in my memory. My main remaining question is whether I get ambitious and try to use different passwords for each of these services. I suspect that if I leave some time between changing each one, I’ll be able to sufficiently remember them all, but it’s a bit scary to think that I could forget one of them and then be completely locked out. I will consider this further.

In summary: Passwords are hard. Brains are fallible. Computers are the worst.

Tl;dr: I typed my very old workstation password into a work chat room and had to go through the pain of choosing a method to generate and remember a new one, then change that password in all the places I used it.