How To Escape A Sinking Car

For some time, I’ve kept a window breaker / seatbelt cutter in my car in case of emergency. I don’t plan on using it, but I was a Boy Scout, and I try to be prepared.

An orange hammer looking device with a pointy metal tip, and an enclosed cutting blade recessed within its handle.

Old Wisdom

For decades, the prevailing wisdom was that if your car is sinking, you have to wait until it’s submerged for the pressure to equalize before you can open the door to escape.

Mythbusters demonstrated this:

I can’t hold my breath that long and you probably can’t either.

Good thing there’s a better approach.

How To Escape A Sinking Car

The real key to surviving a flooding car is to get the window open and get out before the car submerges. This requires quick thinking and some preparedness.

Having the right tools on hand can be critical, especially if you have power windows. Also, don’t forget to shield your eyes.

Knowing how to swim competently can save your life in quite a few scenarios.

Avoidance is Best

Finally, if you see pooling water of unknown depth, consider not driving through it. It’s probably not worth killing yourself and your passengers or wrecking the car.

Not all escapes are recreational or fun.

Have Your Digital Accounts Been Compromised?

Solving puzzles is the fun and games side of cryptography and security… but there’s a serious side to this stuff that we like to point out from time to time.

With a few seconds of effort, you can do a simple check to see if any of your online accounts are known to have been compromised.

Red neon lights arranged like a password with a "? $ skull # @ %"

have i been pwned?

haveibeenpwned.com aggregates the data of known security breaches and allows you to search their database for your email address(es).

Steps to Follow:

  1. Go to haveibeenpwned.com
  2. Input your email address to see what, if any, accounts have been compromised.
  3. Change every password that shows up on their list.
  4. Change any other account that you own that uses the same compromised password. This is really a important step.

Password Managers

If you aren’t using a password manager, I highly encourage you to get one. I wrote a longer piece on them a few years back.

tl;dr

  • Password managers are vaults that encrypt and store your usernames/ passwords.
  • They have browser extensions and mobile apps that make them easy to use.
  • They have the ability to generate and save unique, long, random, alphanumeric passwords.
  • Having unique passwords for every single account means that the compromise of one doesn’t compromise them all.

I am partial to 1Password and LastPass. They both offer affordable systems that include tons more benefits than I have delved into here.

“I’m not a target”

If you’re thinking something along the lines of:

  • “I’m not special, no one is going to target me.”
    • Most accounts are attacked by automation. Bots don’t care who you are.
  • “Meh, if my accounts get hacked, ¯\_(ツ)_/¯ .”
    • You say that now. You’ll feel different if you’re a victim.
  • “I’m don’t have anything to hide.”
    • Yeah, you do. You have credit card numbers, bank accounts, ecommerce accounts, social networks, and all sorts of other things that are way juicier and more valuable than you’re imagining.

Please, invest the time to handle your passwords properly.

Practice safe computing.

Exploring the Lockpicking Rabbit Hole

I’ve been picking locks since high school. For me, lockpicking has never been a nefarious thing, in spite of the stigma surrounding it. This activity is about knowledge, dexterity, and skill.

If you’re looking to commit a crime, then a bolt cutter, crowbar, and hammer will likely be your most effective breaching devices.

The benefits of lockpicking

We live in a world of locks and most of them offer very little protection… and most people don’t even know it.

When it comes to security, physical or digital, I think that the best way to defend oneself is through understanding.

Plus, the mechanisms are really cool and I enjoy developing finesse skills.

Ethics, common sense, & the law

One more thing before we get into specifics: There are a few ethical and common sense rules that all lock pickers should follow, regardless of skill level:

  1. Don’t pick a lock unless you own it or have permission to pick it.
  2. Don’t pick a lock that you need to rely on.
  3. Be aware of the laws in the countries, states, counties, and municipalities that you visit. Most places in the US are lockpicking-friendly, but a few are not (especially Tennessee).

In short, don’t be a criminal and don’t be an idiot.

A bonus rule for escape room players so that our readers who also own escape rooms don’t mail me a bomb: Don’t bring a damn lockpick kit into an escape room. That is not the point of the escape room… and that’s not the point of this post.

How pin & tumbler locks work

While not succinct, this video provides a through explanation of how your typical pin & tumbler lock operates.

 

A good starter lockpick kit

There are a ton of junk lockpick kits on the market. Any lockpicks that you find on Amazon are crap.

If you want to dabble in lockpicking, here are the tools you’ll need to start out:

North American locks generally have a wider, more open keyway than European locks, so you can get into them with thicker picks. This is great for pickers because the heftier metal is less likely to break (although they will eventually).

I recommend North American newbies pick up the Kick Start from Sparrows.

kickstart-lock-picks

This comes with a triple peak (for raking), a city rake (for rocking), and a pair of hooks (for single pin picking). That’s enough to get anyone started. If you’re looking to drop a little more money, you may want to add on a worm rake and a classic snake rake as raking is the first skill you’ll want to learn.

If you’re a European, you’ll need thinner picks to maneuver in tighter keyways. I recommend that you explore lockpicking on American locks first because it simplifies some of the early skill-building.

How would I go about using this stuff?

LockLab’s “Bosnian Bill” is lockpicking’s YouTube star.  If you think I’m being facetious, he has over 338,000 subscribers and more than 96,400,000 views on his more than 1,100 videos.

Bill is an incredibly talented picker, but his real superpower is explaining stuff in an effortlessly engaging and entertaining way. Most of what I know about picking I’ve learned from his videos… Lisa will confirm… I watch them daily on 1.25 speed.

Bill has an old, slightly politically incorrect video that walks you through all of the standard lockpicking attacks for a typical pin & tumbler lock. These are the basics:

 

 

A few locks to learn on

Some of the most common locks are also among the easiest to learn lockpicking on. This may shock some of you, but the following are locks openable with minimal training by beginners:

Master Lock 141D

Also known as the escape room locker lock (because they are cheap and look official), the 141D is fun to learn on because it’s a trivial pick. “But don’t worry, your phone is secured.”

Masterlock No.1, 3, & 5

This exceptionally common lock comes in a few sizes and all of them use the same core (locking mechanism) in different sized bodies (except for the itty bitty Masterlock No.7, which uses an even smaller, junkier core, but it’s a harder pick because it’s tough to maneuver in it).

I recommend the Masterlock No.3 because it’s affordable and comfortable to hold.

If you get serious, you should buy a bunch of locks that all look the same but are pinned differently, so that you can rotate through them and really learn how to manipulate the lock (rather than memorize how to open one particular lock). This is a tip that I’m borrowing from The Lockpicking Lawyer.

I do want to make sure that this is clear: these locks offer little to no security. While these Masterlocks are incredibly common, that does not make them strong. If there’s interest, I’ll do a follow-up on more serious locks.

Resources for diving down the rabbit hole

For additional information, I have three go-to sources:

(If you purchase via our Amazon links, you will help support Room Escape Artist as we will receive a very small percentage of the sale.)

Password Management For Escape Room Companies & Individuals

Information security and operational security are issues near and dear to my heart.

When I am not escaping rooms, I do digital strategy and user experience work for large web applications. I have designed some life or death systems.

Whether you’re dealing with a major organization’s mission critical software or an individual on the internet, basic password security is important.

A black & white closeup drawing of a computer keyboard.

Passwords & escape room companies

At the Chicago Room Escape Conference, Dave Ferrier of Trapped PHL gave a talk on the “nuts and bolts” of running an escape room. He dropped a ton of knowledge on the audience in a very informative talk.

One issue he raised, which I hadn’t even contemplated, was the volume of usernames and passwords that a room escape company needs to operate the business:

  • Email
  • Facebook
  • Twitter
  • Instagram
  • Pinterest
  • Website administration
  • Ticketing system
  • Groupon / Livingsocial / other marketing platforms
  • Payroll system

Among many others.

He recommended that companies maintain a Google Doc with all of their accounts, usernames, and passwords.

I loved his talk and his point was well taken… but the recommendation to use Google Docs broke my heart. I don’t blame him; account security isn’t common knowledge. I regularly have to teach people who should know better about this stuff.

Storing account credentials unencrypted is never safe.

Why password security matters

“Hacking” isn’t generally what Hollywood portrays: the nerdy guy or the tattooed punkish sexy geek girl clacking away on a computer in a monitor-lit room, then saying “I’m in!”

Yeah, that shit is fake.

The easy way to do real damage and make money is through social engineering and exploiting leaked password data. This requires no technical skill and no code.

Here’s how it works:

Some asshat wants to seize an account and do some bad stuff (make fraudulent purchases, add a computer to a botnet, steal naked selfies, whatever…). All this nefarious putz needs to do is get their hands on one good username and password combination and they can generally own all of their victim’s systems.

Why? The tragic magic of password reuse.

Far too many people reuse passwords. When a major password leak happens — and they happen all of the time — these criminals can grab username/ password combinations and try them in other accounts. This works because the username/ password that many users use in Dropbox is the same as their Amazon or Gmail credentials.

As soon as a set of credentials works on an email account, the whole ballgame is over. They can reset passwords on your other accounts because password resets filter through email.

How to properly handle password security

First, stop reusing passwords. Every account you own should have a unique password.

But how are you supposed to remember all of this? Easy. You don’t.

Get yourself a password management system. I recommend:

These are systems that will generate large, random, alphanumeric, symboled passwords… and store them for you. As LastPass & 1Password’s names imply, you only need to remember one password to gain access to the system.

These things will allow you to:

  • greatly diminish the risks of password reuse
  • store your passwords in an encrypted format
  • privately share passwords with people who need access
  • allow easy access on desktop and mobile

They offer a lot of additional benefits. I use LastPass and 1Password (work and personal), and they are the best investment I’ve made in paid software (something like $12 a year).

LifeHacker has a great writeup of password management software. They also offer a superb starter’s guide for LastPass.

It’s really important that your password for your password management software is really good.

Please, take the time to handle your passwords properly.

Practice safe computing.