Don’t Make it Easy – A Look at Securing Your Data

“You’re password will expire in 5 days. Would you like to change it now?"

Sound familiar? This annoying practice, which inevitably results in you simply incrementing the number at the end of your current password by one, really was meant to bolster security. The thing is passwords are really not the most effective way of securing data. Despite the fact that they seem a corner stone to the current security models, there really are much better solutions. Perhaps the way we understand security needs to change.

The problem begins with the fact that a human have to remember these passwords. This leads to passwords that are not secure, random, lengthy, or difficult to crack at all. Then there’s the presumption that your password is secret, and that it somehow confirms your identity. The whole point of security though is to establish identity, to shake hands. When you speak to someone in confidence there is a trust because you know whom you are speaking to. On the Internet it’s difficult for us, and the servers, to confirm with whom the data is flowing between.

Enter the world of Two-Factor Authentication. First making its appearance in corporate remote computing, then in increasingly difficult to secure Massively Multiplayer Online Games (MMOs), adds an extra step. When logging in, you need both your password, and a number - which is only valid for a minute or so. First there were key fobs, now most have applications for your smartphones. Those text messages that you get from your bank are a similar implementation of this model. Would be attackers will have a tough time even with the simplest of passwords with this additional layer of security. It’s far more unlikely that the same person with malicious intent, and skill, to gather your password, also happens to be able to lift your phone from you while you’re out on the town.

Two-Factor Authentication is no longer just for those wishing to thwart Chinese gold farmers on World of Warcraft (WOW), or corporate espionage. Google implemented Two-Factor Authentication a number of years ago, complete with both the text message solution, mobile apps for both Android and iOS, and backup codes for you to stash at home in case your phone is lost or stolen. I strongly encourage you to turn this on1! It’s requires a little bit of effort, but secures what is easily one of the most crucial parts of your personal data – your e-mail. If someone can gain access to your e-mail it’s literally a Pandora’s box… The ability to reset all of your passwords is just the start. In most cases all someone would need is access to your e-mail and the ability to answer some simple questions (using information which is most likely publicly available) to change your password and lock you out of your online world, with very real world complications.

Yet another piece of the puzzle are those ‘security’ questions we just talked about. Answering, “What is your mother’s maiden name?” may be the easiest way to get to the continue button, but it’s also the easiest way for someone with nefarious intent to gain access. There are many strategies for making these answers more secure, though I must admit these schemes seem a bit hard to adhere to, and leave one scared that they will be locked out of their account.

I’ve made several mentions of Blizzard’s security protocols and that is because they are presented with a very serious security problem. Play them or not, their massively multiplayer games are an important part of many peoples lives. So important in fact, it is a lucrative business for many oversees hackers to exploit customers’ accounts and sell them for real money. When someone has spent years building his or her account and then it is stolen and sold the highest bidder, people get upset. Aside from the authenticator and text messages, if you loose access to your account somehow, you will be sending blizzard your drivers license and various other information to confirm your identity before they let you back in. This is a painful, yet important piece of the puzzle. Resetting your password is often the weakest link in the chain. Don’t take my word for it, check out the eye opening hack of Matt Honan of Wired.

What’s the solution?

Well, for one, make every password you have completely unique, as long, complex, and random as possible… but how does that work when you have 100 different accounts? I’ve been using a solution called 1Password for a number of years. You can store your passwords all in one place, along with various other login information, secure notes, and personal data, using one overriding password. 1Password has the ability to store this in the cloud via an encrypted file, and has plugins for all the major browsers making it possible for you to have passwords so complex, even you don’t know them. This is a bit scary, I admit, but take the leap; your security is worth it. There are several alternatives of course, most notably LastPass – an open source solution with a very similar feature set. Each of these programs has generators to create completely unique and random passwords for you and recognize when you’re at a login screen, and fill in all the fields appropriately.

You’ve secured your passwords, enabled Two-factor Authentication wherever possible, what’s next? Encrypt your hard drive. OS X makes this incredibly simple. Just turn on File Vault, and if you’re worried about performance dings, don’t be. Especially with SSDs, it’s completely seamless. Many don’t realize how much is stored ‘in the clear’ on their hard drives. This becomes even more important for laptops, or any computer that is leaving your house. Unless your hard drive is encrypted, they won’t need to login to your computer to pull all your personal data off.

If you don’t have a password on your phone, or laptop you are insane - completely bonkers.

A password on your phone means, in most cases (e.g. iOS), that it is then encrypted. More importantly your phone has so much personal data, countless other accounts, not to mention unprotected access to your e-mail. Forget the time delay, make in instantly require a password! It may require a few extra milliseconds to respond to a text, but the security gains are far to great to ignore. Also, why people set their phone down without hitting the lock button is beyond me (I’m looking at you 40+ year old). The button is there for a reason; do yourself a favor and click it before you set it down or throw it in your purse. Your screen is the largest battery killer. I understand that it’s a bar phone, and you can’t flip it closed when you’re done, but the lock button performs the very same function. Press it. All the effort in the world wont make a bit of difference if they can just pick up your phone and take over your life.

All of the above are good solutions, but they certainly add an extra layer that most people fail to see the importance of. The trick is to make security easy. Consumers are inherently lazy, they don’t want another road block between them and what they want to get done. This is why Apple’s new iPhone 5s and its fingerprint identity sensor is so important. Sure the tech has been around for a long time – I remember visiting the tanner and using my fingerprint back in ‘05, but making it easy to identify that you are who you say you are is a game changer. Especially because of the reach of their iPhones, Apple has the critical mass to make it work.

I hope it takes off. I hope an API is released allowing you to authenticate with all of your apps using the touch of your finger. Fingerprints are a fairly good biometric, worse than DNA, better than hand geometry. Biometrics are really just a more natural form of Two-Factor Authentication – no random number generator required.

Tin Hat

The real solution would seem to be some encrypted key that is stored in your body; similar to PGP, but a biotech implementation. Forget wearable, I want implantable! Frankly, the lack of progress on that front is disappointing to me. Much like self driving cars, I fear the ‘creepy’ factor gets in the way of true innovation, simply because we’re not willing to think about things differently.

Things are getting better though. One of the most basic problems in security is obtaining a truly random number (the basis of all encryption schemes) – which is a surprisingly difficult task. Though quantum computing may seem like science fiction, Intel is now shipping a new, processor level, random number generator that your computer can call. It takes advantage of the on processor entropy source… Yes, I am talking about that shifty concept you learned about in physics. Essentially, we’re talking about the random emission of electrons, that the processor usually ignores, being used to generate random numbers at blazing fast speeds.

I’m still waiting for the stuff of science fiction to materialize. Considering that computers were invented inside the lifetime of some of societies’ oldest members, it’s difficult to speculate on where we’ll be in 50 years.

My Switch from the iPhone to Android [Part 2]


I’ve now had this phone for sometime. I love Android. I’m glad multi-tasking is finally making it’s way over to the iPhone with iPhone OS 4.0, because I don’t think I realized just how much I missed or wanted it until I had it again (Blackberry’s also have it). The Nexus One is fast, and nice to look at. By nice to look at I mean both with respect to the screen and the physical phone itself. The trackball, while I hardly ever use it for navigation around the phone, is very usefully as it doubles as a notification light. This was something that I always missed about my Blackberry when I switched to the iPhone for the second time, the ability to look at the phone and know if there is something new there waiting for you is nice. Also the charge light indicator is very handy, something also missing on the iPhone. I will say the strobing trackball is a bit obnoxious in a dark room... it's very bright. I'd be happy if the charge indicator light just flashed a little red, like the Blackberry. As far as voice quality goes, great. I have not, however, had someone on the other end ever say, "Hey are you using noise canceling techknowlegy, you sound so clear?" I don't know how effective or noticiable the noise cancelation micraphone really is.

The process of answering calls I find to be a bit shaky, and a bit annoying. You swipe, simalar to the iPhone, to answer a call but I find there is a delay from when the phone starts vibrating and ringing to when the call informatin shows up, and that sometimes you don't swipe 'well enough' and have to do it several times before the call is answered. Often I find myself wondering if I'll be able to answer it before the caller gets sent to voicemail.

While the screen is far birghter and easier to look at than the iPhone, it really does kill the battery. I've yet to determine which is more to blame, the multi-tasking or the screen, but battery performance seems significantly impacted by something. This is coming from someone who has been used to charging his phone every night and maybe sometimes once during the day; it's been a long time since I've had a phone I didn't need to charge at least once a day. It's also possible that my phone finds itself searching for signal too often, as coverage with AT&T in my area is spotty. Whatever it is, my battery life is short, annoyingling so. The upside is that it charges very fast. Even still, I'd like to have to plug in my phone at most once per day.

I've tried all sorts of things to help the battery... tried making sure that tasks are killed automatically and regualary, that the screen timeout is short, that bluetooth and wifi are off... nothing seems to be helping. I've even tried not running widgets, and if I do run them making sure that they aren't using the network or gps that often (12 hours instead of 3) - still, nothing. Feeling like I shouldn't have widgets up everywhere because it might drain the battery is very similar to not having widgets at all.

The softkeys (Back, Menu, Home, and Search) seem to be less responsive than I'd expect. If I want to go to the home screen I find myself automatically pressing home many many times to get the desired result - expecting the first press not to work properly. Typing on the touchscreen I don't see this problem at all, I don't know why the softkeys are any different. Maybe I haven't figured out the secret way to touch them?

I like the camera. I find it takes pretty decent pictures, and the LED flash is great. However, the LED flash really seems overly bright, and washes most subjects out completely at times, better than no flash at all though. There is also a significant lag from when you ask it to take the picture and when it's taken, do to the auto focusing and the LED flash. I also find myself wanting the camera app to recognize I have the phone in portrait and change the orientation of the app to match, but it seems to want you to shoot exclusivly in landscape. Not that it matters much, but I find taking a picture blindly is harder on the N1 than on the iPhone because of where the shutter release is placed and how awkwardly that makes you hold the phone if you and your subject are in front of the lens.

I'm pleased with my Nexus One. I wish that it worked on AT&T's 3G network. They now have a version that works on AT&T, but it seems to me that the discrepancy in 3G frequencies negates the advantages to GSM and being unlocked...? Why not either have the carriers decide on a standard frequency, or be the cell phone manufacturer producing phones that work completely on either network? It will be interesting though, to see what happens when the Nexus One becomes available on all networks in the United States. I think we'll start to see that as a growing trend. Blackberries are available on all netwroks, but each seem to have their own flavors and revisions. I would persoanlly like so see us get away from a place where the cariers are impacting the user's experince so much and into a place where they have to compete on a network strength and pricing alone, and leave the phone's up the the people who do phones.

Meanwhile no contract plans are becoming more and more available from all carriers... It's looking good for the consumer.

All this said, I can't wait to see what Apple has done to the iPhone with the new revision, most probably coming out this September.

My Switch from the iPhone to Android [Part 1]

I'll have to admit, I came about the switch rather abruptly... But after finding myself without any phone at all, I decided that I might as well give Android and the Nexus One a try. Here I am, less than a week later, and I am more than pleased with my decision to ditch the familiar iPhone and dive into Android.

What was/is my initial impression? Well, I've tried to organize this a bit...


The first thing that becomes obvious from the moment you boot it up (after painfully waiting for it to finish it's first charge at the behest of Google I might add) is the ridiculously well integrated use of all of the Google Apps and the cloud model. This is to be expected on a mobile OS made by Google I suppose, but it truly is the single biggest strength of the platform in my opinion. Seeing as how I'd just recently COMPLETELY switched over to Google Contacts, Calendar, GMail, and basically every other Google app the experience was amazing. I'd always been using the Google cloud for GMail and had switched between Google Calandar and iCal over and over. Sometime in the last couple months though, I'd set up Google's Sync with my iPhone, and all of my computers also pulled all of my information, my life, from the Google cloud. Having all of my stuff on in the cloud made setting up my Nexus One as easy as entering my Google credentials, which is the first thing that it has you do.

In a matter of minutes everything I would expect, productivity wise, was there. I must also say that the Nexus One being an unlocked GSM phone was amazing... I didn't have to spend any time at a wireless store getting them to switch my service to a new phone (a usually lengthy process). It was almost surreal, to be honest. There was a sort of "this just works" feeling to it.

The next most noticeable thing was the vast degree to which I could customize the device. On an iPhone there are only a handful of settings. You can choose a ringtone and a sound for text messages. There really isn't much else there... On Android one can set up specific sounds (of which there are many to choose from) and methods of being notified about just about anything - including application specific notifications. When I say that, I really mean everything... One can adjust how often syncs are performed for each individual application, as well as things as specific as if the track ball will light up, if it will vibrate, if there will be an audible alert, and if so what. As if that weren't enough, the only way the iPhone can alert you is through a pop-up, there is no collection or organization of various notifications. On android there is this notifications bar, where you will find iconic representations of all of your notifications. If you'd like more information you can pull the 'blind' down and see all of the details. Fantastic.

All of this customization started to remind me of my Blackberry days, where I more controlled my user experience, not Apple...

More on the hardware to come later.

Ehm... Android Handset I Suppose.

My posts have become significantly less frequent... Several reasons really, no longer being on vacation being a large one, but also I've found myself bogged down with some larger articles regarding the iPhone and must have apps. I'm going to go ahead and shelf that, perhaps indefinitely, and turn instead to the Nexus One.

My iPhone is, presumably, in the possession of some cab driver in Chicago at the moment. A Nexus One has been purchased, but yet to arrive on my door step.

My next several posts shall almost certainly revolve around my experiences with the new device.

I'm excited to see how this goes. Less than excited about the nature of the new purchase, but what can I do... Tech reviewer by circumstance?

Nexus One

I've been talking about this phone since I first heard about it and Google finally announced it today. Some of the roomers were true, and some weren't...

This phone is fast! This is one of the most notable points from many of the reviewers who have been able to get their hands on it. It is much faster than the Droid, hands down. It has a 1 GHz mobile processor (this laptop I'm using is only 2.5 GHz). It boasts a brilliant 3.7 inch OLED screen, a technology that has yet to make it to the iPhone. It also posesses a 5 megapixel camera with LED flash, compared to the iPhone's 3 megapixel camera - with no flash. This beefier camera will be great for use with Google Goggles... something that has yet to make it's way to the iPhone (weather it ever will being questionable at best). No tactile keyboard, though the number of tactile keyboards winning rave reviews is dwindling. Software keyboards are in and the terrible inconstancies of qwerty keyboard design and layout have left the general consumer's fingers in a state of utter confusion.

Though the Nexus One IS an unlocked GSM phone, and has the capability to accept SIM cards of any type, it does not possess the required frequency to operate on AT&T's 3G network though... So you can use it on both T-Mobile and AT&T, however it wont work on AT&T's 3G network (which has VERY limited availability compared to Verison and Sprint's 3G networks), only on EDGE. Also of interest, is that Google's planning to release a CDMA version of the Nexus One this Spring that will be available on Version's network.

So the real question is why is the Nexus One significant, if at all?

Well, the honest answer is that it's significance really is not yet that apparent. However, subtlties like Google selling the phone themselves, and T-Mobile having such a loose affiliation with the entire project may prove more significant later in the game. Android does offer a few things that the iPhone does not though... Google Goggles, as previously mentioned, is a prime example... the ability to take pictures of anything with your phone and have Google anticipate what you're attempting to find or figure out. Google Voice works swimmingly with Android and is only available on jail broken iPhones. The Google Maps app on the Android platform is far and away better than that of the iPhone's. Even though this was one of the core apps on the original iPhone, Google has added turn-by-turn, voice guided directions to it's Android app. It's obvious that Google would have no incentive really to add these capabilities to the iPhone, when they can use it to enhance their own platform. Understandable.

What's keeping me from getting the Nexus One? The lack of 3G on AT&T's network, which I'm currently attached too via contract, and the inability to play protected iTunes music. For those that do not have the intention of using their phone as their iPod as well (and I said iPod not MP3 player, because if you were looking for an MP3 player, the Android OS can do that...), there is nothing keeping you from switching to Android and the "Google Experience". I did fail to mention the large difference in apps for Android vs. iPhone, but really the apps are there, it's just a matter of a smaller selection, and that will change with time, especially with the Android platform being open source, and Apple's restrictions on the app store being so restrictive.

I'm excited.

The Google Phone: Nexus One

Okay, I’m really excited. Not only is Android a really fantastic operating system, but the devices that it’s been coming out on have been interesting as well. One thing I really don’t like is that the whole world seems to have gotten confused with the Droid thing. Here’s the deal: Droid is a phone, it runs Android (Google’s operating system), Android is on several other devices, and the Droid is not the only ‘Google’ phone out there...

That aside, the reviews on the Droid are fantastic. I’ve gotten a chance to play with one as well! My initial impressions when I saw it were that that little square on the inside was hideous... and it remains so. The funny part is that most of the reviewers seem to have disregarded the QWERTY keyboard in favor of the soft keyboard. Still no multi-touch, however the real star isn’t the hardware, it’s the Android operating system.

This is the only operating system that has anything against the iPhone. Windows Mobile has sucked since it’s conception, and lets face it, Palm just decided to update their operating system from the same crappy Windows 3.1 style they had back when I had a Palm III in 7th grade. Android has apps, which are very in, of course not as many, but who could really expect that? One of the great things that it has going for it, besides the ridiculously amazing ascetics, are the Google apps. The Google Maps app for example has turn by turn audible directions... for free. There is also the search feature that is right on your home screen which is outrageously helpful and amazing. (It secretly does way more than just a web search...)

My opinion is that Google got upset with how Apple is with it’s apps, and how closely it governs what goes on the iPhone (case and point Google Voice). Because of this, they seem to have abandoned the iPhone in a sort of way. They started making their own OS and developing their own apps for their own OS, which are all better than the apps for iPhone. Notice how the apps for the iPhone the maps and earth apps are great, but incomparable to the Android versions? Of greater note, no other Google apps exist besides the catch all Google App, for the iPhone. This app is really just a list of links to web apps, however the Android OS can sync all of your Google stuff, or information you store in the cloud... seamlessly.

More and more people in the tech community are transitioning almost exclusively to things like, Gmail, Google Docs, Google Wave, Google Contacts, Google Calendar, GChat - all of this stuff - and it all works with your Android phone as soon as you put in your google username and password.

I want one.

Good news, Google seems to be developing their own phone... with a newer, faster, better Android operating system. The Nexus One. I want this device. And I’m not going to lie... I’m probably going to get it when it becomes available. It’s rumored to be an unlocked GSM phone (works with AT&T and T-mobile). They’ve supposedly given one to most all of the employees in an all hands meeting. I got a pen at my last all hands meeting, it had some horrific smelling hand sanitizer though, so that’s good

I have to say though... my apps really are keeping me glued to my iPhone. Also keeping me on my iPhone and with a MobileMe subscription is the ability for everything to sync over the air from my laptop, desktop and iPhone. But... Android can do the same, I just don’t yet have one.

My iPhone

I love my iPhone. I had the original iPhone, I was one of those people that stood in line four hours, intending to buy a phone I hadn’t even actually seen in person yet. I had it for some time, but there were so many problems with the original version. One of the first things that I noticed was because I had intended my iPhone to be an iPod replacement. The original though, had a recessed head phone jack, so you could plug just about nothing into it besides the headphones that it came with. I can’t even tell you how aggravating this was. Have you ever heard of such a thing?

Of course this was pre apps, this was before being able to text multiple people at once, before copy and paste, before being able to buy ringtones even. Even more ridiculous problems included it being just about the quietest phone one could ever imagine. You could hardly hear it ring at all on full blast. The e-mail access at the time was also significantly more flawed than it is at the moment. You had to tell it to check for e-mails and regular intervals (something you still have to do), but I realized later that whenever it was checking e-mails, if an incoming call came in, it would send it straight to voicemail...

Long story short I opted for the Blackberry, and sold my first generation iPhone. I continued to use the Blackberry for the next few years. I liked it a lot and I became amazingly addicted to the instant e-mail access.

I’ve switched back though... They’ve managed to fix just about all of the problems I had with the device and I think the current iPhone 3G S is just about the best phone that I’ve ever had.

I can’t wait for MMS to start working in September.