Month: May 2013

More secure passwords are hard to remember.

Memorable passwords are easy to crack.

All passwords should be unique (one for each site/service).

Why the heck, in this day and age, are we still attached to the password? I’m sick and tired about hearing stories of mass password dumps from popular websites, of having to deal with people relentlessly trying to guess my password on different sites (and having to deal with the fallout). I’m fed up with having to have a password manager, of trying to remember so many different pieces of information, of feeling constantly jeopardised if some major site announces another leak.

The industry has resolutely failed to tackle this properly. We have half-baked ‘solutions’ like password managers and two factor authentication. We end up with identity managers: Persona, OpenID, Google and Passport come to mind, but these ultimately fall foul of the same password issue as before: you still need a bloody good master password.

Why is my device not authenticating me directly – Web of Trust and all that? Whatever happened to all those fingerprint scanners on laptops – did they not work? If my tablet, laptop or phone can absolutely confirm my identity, that should surely be available to all services and sites that I use on that device – just a thought. This is not a new idea in enterprise networks.

I might not give the ‘right’ solution (I have ideas), but I can observe that I think the current one is wrong. We continue to be failed by a lacklustre and ultimately lazy industry. Every time I see a relative or non-technical friend struggle with passwords, I despair. We collectively need to find a solution that will once and for all rid us of this awful mess of passwords.

After some decidedly choppy performance from the Nexus 7, I decided to factory reset it. Shouldn’t be a problem I thought … everything is saved up in the cloud.

Sure enough, once the tablet is restarted I am presented with a login for my Google account. I give my username and password, however I have two factor authentication enabled. This is a mechanism whereby, once typing your password, you are asked for a six digit code which rotates quite frequently. The app runs on your tablet, your phone or you can receive text messages for the same. It dramatically improves the security of your account.

The sign-in procedure for the tablet can’t cope with two-factor, and redirects me to another (slightly dodgy looking) page where I have to type my password again (it’s not easy – intentionally cryptic, and a pain to type accurately on a tablet).

So, I temporarily turn off two-factor authentication, forgetting the multitude of programs which can’t cope with it need their own passwords (and will undoubtedly complain).

This isn’t right I remind myself We need to be secure about this, so after some progress on the tablet I re-enable two-factor authentication. Now, the tablet complains again – understandably – but I’m met with the same system that can’t understand its own servers … I’m redirected back to the odd-looking webpage (this is genuine Google, it just looks awful).

To make matters more interesting, Authenticator was installed on the tablet before, so I also need to re-enable that. Curiously, selecting the Google account didn’t work (after asking for the password yet again), so I resorted to the 16 character keycode.

Finally, it works. However, I’m left frustrated by the performance. It is concerning that those who might benefit from two-factor the most, the less technical user, are expected to run through the same hoops. Not a chance.

As we stampede ever closer to online lives – our creations in the cloud – the idea that Product A works well with Product B must surely be a fading one?

Why do I care that your app syncs with Dropbox and Box.net? I do care that it doesn’t sync with Google Drive – a service I’d prefer to use.

Your timesheet app sends its data to Freshbooks? Great, but I use Kashflow and I rather like it.

We see something of a solution with Intents, both on the phone and on the web, but I’m sure there are plenty more iterations to come. Like the proprietary file formats of yesteryear, the idea that your app operates by product, not by protocol, means that it’s both limited by scope and complexity.

Incidentally: I don’t necessarily wag the finger at product designers here.

It’s quite evident that shops will up-sell over-priced accessory items when selling a large item at a lower price.

Every type of trade seems to have them. IT people are aghast at the prices high street chains charge for USB cables, those in the know will shop online in technical stores. What might cost you £20 in a well-known purple world of PCs can be bought online for less than £3, often including delivery.

We sometimes have to be careful not to buy too low. I tried some incredibly cheap USB cables (think 50p each) and they were useless. There is a quality associated with these things; high street names will pick good enough and up-charge. You have no such guarantee online – cheap really can be too cheap.

The usual accessories seem to be:

• Camera shops and lens protectors (the little glass add-ons you put in front of your expensive lens);
• Computer chains and USB cables;
• Audio/visual shops and ‘gold plated’ HDMI/audio cables;
• Most high street shops and batteries;
• Printer companies and ink;

Some are about being in the right place at the right time. Computer devices curiously come without cables; many electronic devices come without batteries. Of course, you’re in the shop and you’re likely to buy them irrespective of the price.

For the canny shopper, though, it’s quite possible to buy online or through smaller traders for the accessories while getting the main item in-store. The usual choice might be Amazon, but is this always the best? I’d like to imagine a website where a user could select the accessory they’re looking for and be pointed in the right direction by reviews. Need batteries? This place is brilliant.

My usual choices for cables (computer and audio) are eBuyer or Amazon. I haven’t bought batteries online yet but I suspect Amazon will again be a good choice (well-known brand or are there lesser-known ones that work fine?)

If you have any suggestions please let me know and I’ll put them on here.