Scaring you Into Using LastPass

When I posted the following on Facebook:

Make 2017 more secure: use LastPass.

LastPass is a password management app. It saves your passwords for you, so when you log into it, it fills the passwords for the sites you visit.

You could argue that saving passwords on the cloud is not the safest practice, however, statistically speaking, you are probably too lazy to change your passwords often and have a hard time remembering passwords your bank website asks you to remember. You know, the minimum 12 character, 2 special characters, two numbers, one capital letter and one jump in your chair for the hell of it.

LastPass can also change passwords for you and runs a test on your passwords to tell you what needs to be changed. Not only that, it can store your address, credit card information and more so you don’t need to take out your credit card each time you want to buy something on the web.
I’ve been using LastPass for the last 6 years, and it’s been my first extension to install on my web browser upon each fresh installation.

Also (did I mention?) it’s free.
It’s not only safer, it’s also easier. Do yourself a favor, protect yourself. There’s a lot of scary stuff out there.

I mostly got less than enthusiastic comments:

“This sounds like a bad idea. I think my brain is more secure.”

“And then, LastPass database gets hacked by some 15-year-old hacker from Indonesia?…nope, I’m still gonna stick to my IT girl guns and change my passwords every month. if you have too many passwords to remember, be responsible and find a secret place to write them down (that you won’t forget :p)”

These are two common excuses that must be purged from your mind as a new year resolution. I decided to go a bit more in-depth to explain what is so important about having a password manager. Let’s break this down.

“My Brain is More Secure”

First, we assume that what’s in our possession is safer than something in a data center somewhere. Unless you live in a locked room behind two or three high-security gates,  this is not true. Data centers have better physical security than your own home.

Second, the flawed logic that just remembering passwords is safer. This is tricky. In theory, one could argue that remembering passwords is safer than storing them somewhere. In theory. The problem is that in practice, we have too many passwords to remember. In 2007, studies showed that the average user remembers 6.5 passwords. While the number of websites we use every day increased since then, our brain capacity hasn’t. Let’s give you the benefit of the doubt and say you remember 10 unique passwords. This means you have to reuse the same passwords 10 times for about 100 websites. According to LastPass, I stored well over 200 passwords over the last 5 years or so that I’ve been using the service.

Most passwords are not unique; people come up with predictable passwords. Most hacker tools come equipped with password dictionaries. These are files that easily store thousands of common passwords. Here’s a fraction of one such list which I found as I was writing this post:

Why yes, password lists look nice on Terminal.

Keep in mind, this is just a small fraction of the entire list in this file. This list also contains special-character passwords and other combinations. In total, this basic list contains over 3000 passwords. The biggest dictionary files contain tens of thousands or hundreds of thousands of passwords. Besides, a hacker can use several dictionary files at once. Modern computers are capable of going through a whole list like the one you see here in a matter of seconds.

Common, reused passwords is every hacker’s wish. A wish granted far too many times. Databases with passwords get stolen every month. The worst one is pretty recent: December of 2016. That’s one billion hacked accounts alone. Most of these billion passwords are reused in other websites. Here’s a list of additional known data breaches from Wikipedia:

Wikipedia – List of data breaches

This is a list of only major, known and disclosed data breaches. Think about how many more breaches are out there that you have no way of knowing about.  As far as you know, one of the websites you use every day had a breach and your password is on some hacker’s thumb drive. That password will be shared to one of these dictionary files.

So, no. Your brain, which can’t remember more than 7 passwords on average, is not exactly secure.

“And then, LastPass database gets hacked? …I’m gonna change my passwords every month. if you have too many passwords to remember, be responsible and find a secret place to write them down.”

True, LastPass got hacked before. And it’s a good idea to change passwords every month and keep them in a secret place. But who changes passwords every month? All of them for all websites? As a matter of fact, that’s one good reason to use LastPass. Where else will you keep your 50 or so unique passwords so you have them with you? An “encrypted” notepad?

LastPass makes it much easier to change your password. You have a list of all your password in front of you, and now LastPass can change passwords for you if you let it.

OK. So let’s say LastPass gets hacked again and you need to change all your passwords. You use the list, go to the websites, and change your passwords. You can even export your passwords to a spreadsheet. Can you do that with the “safe place” where you store passwords if it gets stolen? Will you even remember all the websites you have a password for? LastPass encrypts your passwords twice. It forces you to create a unique password for your password storage. This is the only password you will need, so it could be something crazy like a 50 character sentence. By the time a hacker will crack that, LastPass will inform you and you will be able to change your passwords many times over.

There’s more to LastPass to like. Not only it makes it easy to change your passwords and create new complex passwords, it also tells you which sites have the same passwords, which have weak passwords (like the ones that might exist in the dictionary file above), and which sites are compromised (were hacked) with links to a proof.

LastPass gives you too much information and tools to care about, but that’s the point. LastPass is the kind of tool that shows us just how much work we need to put into our online security. Work that, lat’s face it, we never do. This is why it’s good to have it around to help us. It is not bulletproof, but it’s definitely a step in the right direction.

Do yourself a favor and try it.

A final note. While this post was written almost as an ad for LastPass, there are other great password managers out there. KeyPass is a long time favorite among IT folks, and there’s also the excellent 1Password known best for Macs and iPhones. These last two work about the same way.

About Ideas and the Importance of Solitude

Ideas need an empty mind to grow. Vacuum. I find that the constant noise of other people can interfere with intuition and innovation. Opinions are all fine and good, but they can affect our fresh ideas and mold them into something, not ours, beat them into submission.

The groupthink threat is real. At the age of social media, there are many people we can relate to and agree with, and less of a need to come up with our own thoughts. Perhaps there’s nothing new under the sun, but the process of learning and discovery is necessary to shape a strong, creative mind.

When we constantly agree with ideas that are not our own our mental filter weakens. We are more remote and care less for opinions that are not our own. With time, we become lazy. We accept ideas not because we agree, but because we trust the source. The context matters less. Our ability to distinguish one situation from the next weakens as we apply the same judgment with a head nod.

As human beings, we constantly crave new things but remain unfulfilled. We stare at a wall. We know it’s a wall because we’ve been told it’s a wall, therefore, it must be true. We don’t even try to reach out to test it. We’re surrounded by borrowed concepts. We can’t make sense of these, so we just accept they are there. We decide we’re depressed. There’s something wrong with us because everything (any everyone) tells us we should be happy with what we have, but what we have is nothing.

My ideas are not better than yours. They are just mine.

My idea factory is my journal. A small place of private space where the only audience is me. My innovation happens best on long walks on cold days when the people I pass are few and far between. These are the best moments of clarity, where I find solutions to problems that have not yet come to pass. My sadness is my temple, where I am allowed to reflect on past inconvenient moments and adjust for a fulfilling future. My happiness is rooted in conquering these moments.

When my ideas are done, when innovation took its course, then it’s time to share. At this point, my ideas have grown enough in their solitude to stand against others’ opinions.


So, Snapchat?

I read an interesting article about SnapChat in NYT. Was thinking, am I getting too old for this? After all, I tried it before, and much like the article linked in the Time’s piece above, it made me feel old. All the new cool kids use it, and I work for a school, which makes it worse.

So I gave it another try. This time I managed to have a better understanding. On the surface, it looks like a silly App meant to just have fun. A teen app indeed. But SnapChat just feels good to use, natural almost. A silly app maybe, but it’s designed by smart people. I took a deeper look at the design intelligence behind it, and here is what I realized:

  • It changes the stickers you can add, based on location. It has it narrowed down  to a neighborhood, time of day, etc. Sure, that’s easy, any app can do it, right? But any app hadn’t just yet.
  • The lenses, the funny face filter, are pretty good at finding faces in pictures. Bonus: SnapChat, unlike any other social media app I used recently, assumes you want to take selfies. Whenever you want to take a picture, the front facing camera is the first one selected first. Now this is what I call thinking about small details.
  • The pictures taken with it have filters, stickers, labels, and can be written over. This is also available for videos. How come no other app I know have such an amazing capability for videos? This is super useful.
  • The “my story” feature is actually not half bad to capture your day in a visual way. It’s meant to share with your friends, and then it’s gone forever (more or less). Your boss won’t find out about how drunk you got on your sick day from your friends on Facebook. The only person who can save these stories is the only one who should: you. Simple. Smart. No other social network thought about this amazing privacy filter.

SnapChat has more gems to explore. I’m actually excited about trying to use it, but none of my millennial friends will use it. After all, we’re too “app snob” to use something so silly, right? “When I was your age, I used Facebook! and it was Da Bomb!”

The guys who made SnapChat know what they’re doing. I hope They won’t hurry to make SnapChat public. History shows this can be a kiss of death to innovation.

Just Jumping to the Heart of it

I don’t want to start with an introduction about why this blog is going to be awesome. I figure I’ll just go ahead and jump right into things. The flow here will make sense later on.

My Tech Wiki (SSTech)

SStech is my tech notebook and wiki. It’s based on the excellent TiddlyWiki wiki application. SSTech should essentially be just an export of my Tech category of my larger, personal Wiki. As I work on the personal wiki, I hope to update SSTech by simply exporting the “Tech” category from my personal Wiki. Each update will overwrite the existing one HTML file on this website. I could include a version number inside SSTech as well, so people could follow the updates. I could even include journal entries in SSTech discussing the entries I’ve added. I should find a way to automate this process so I can export all Tech-tagged entries with one step. This requires it will require research and some Q&A.

Anything outside of the Tech category in the personal wiki will not fit SStech well. Posts of personal nature, such as meditation notes or an about section, means extra editing inside SSTech. I am not sure if I will have the time or energy at this point, I will have to see later.

The New Blog

This is the new blog.

Journal-based content: I should base my posts on my journal in my personal Wiki. It’s a good idea to record issues I tackle at work so I have more content to work with. This first blog post is an example of such a journal entry.

Frequency: One of the things I made a point of right away is that I should write about once a week, no more, no less. This way I push myself to publish content on a regular basis while having some quality control.

The SOP rundown: Technically, I should keep the 5-paragraph outline method. I should also include pictures and screenshots that I collect through my day .

The above does not make sense. Because of the of how  I post, direct copy paste from my journal with editing, my entries are usually long. I don’t want to force a formula that might damage the content. The point, after all, is to create raw descriptions of my thoughts with light editing. Questions, if someone is curious, can always be asked. I don’t want to hold peoples’ hands.

Also, my posts here will go serious chopping with the Hemingway App. I hope this will help to keep the language simple.