Tag Archives: Facebook

You should use online password managers

October 3, 2011 by LCMilstein 0 Comments

Sincere apologies for the long delay in getting this post out, and thanks to @justinlamo for the question: “Are on-line password storage sites safe?”

Per my promise to all of you to get to the point first, the quick answer: Not 100%, but you should use them anyway.

And the longer response:

How many times have you received an email saying, “Please ignore that odd post/email/request, it seems my account was hacked”?  Or worse, how many times have you had to send one yourself?  Hacked accounts are a reality of the modern digital age.

Absent turning into a Luddite, your best protection is a strong password for all of your accounts.  A strong password is long, nonsense, and composed of a variety of different types of characters (including upper and lower case, numbers, and punctuation like #, !, @, &, etc.).  There is a lot written about why you should use a strong password, and you’ve all heard the horror stories, but also check out one man’s explanation as to how easy it is for him to crack your weak passwords.  Hopefully that’s convincing enough so I don’t have to dedicate time to hammering the point home.  To create your own strong passwords, reference this clear, concise article by Eric Wolfram.

Still, even the strongest of passwords can be compromised.  Unsophisticated companies can mess up and store your passwords in plain text, where they can be stolen from the servers; you can expose yourself by falling for a fake site asking for your password (known as a “phishing attack;” or perhaps you simply log in from a public computer and forget to log out.  Having your strong password stolen or hacked for one site can cause enough damage, but if you’ve used the same password for all of your social networks, bank accounts, blogs, email and more, the results could be disastrous.

So, the best practices recommendations for strong password protection is actually to use a DIFFERENT strong password for EVERY site (or at least every category of sites).  But, you ask, how can you keep dozens or hundreds of passwords straight?  The answer, of course, is that you can’t.  That’s where password managers come in.

Password managers in general are pieces of software that store and organize all of your passwords and the associated sites and accounts you use them for.  The most rudimentary are simply protected spreadsheets or databases stored as files on your computer; if you can remember one password (the one to open that file), known as the “Master Password,’ you can look up all the rest of them as you need them.  The trouble with the rudimentary form is that it is a tremendous hassle.  Taking time to log into a site is already a barrier to what you are trying to do and no one wants to make that harder.

So, a new breed of password managers emerged.  These new password managers were also form fillers and often came as browser extensions or add-ons.  In other words, these password managers work in coordination with your web browser, recognize the site you are on and automatically fill in the needed password.  You still need to remember the one master password, but after that, your browsing is much smoother.  But, there are problems with this set of managers as well, chiefly:

  1. If you’re computer crashes or you delete the files, you’ll lose ALL of your passwords; and
  2. If you’re away from home you either need to bring the files with you (on a thumb drive, by using Dropbox, or some other way), which can be hard to remember.

SO…  online password managers were invented.  Like the others in the new breed, the online password managers fill your forms and work with your browsers to save you time, but now, instead of storing all of the information on your own computer, you now keep copies online in ways that are accessible across multiple devices.

The concern with keeping this level of sensitive data online is that it too risks being compromised.  On the one hand, you’re using a password manager so your sites are more secure, but on the other, you’re storing your sensitive data in the cloud so that it risks being stolen.

There was recently a threatened attack on a reputable online password manager, but the threat was largely overblown.  Back in May (when Justin first asked this question), LastPass was attacked, but the CEO has since explained why there was little cause for concern in an article posted by PC World.

The reality is that the risk of your password manager data being stolen, given how securely it is encrypted and the protections the password manager companies have in place is very small.  The tension between privacy and convenience is an ancient one, and convenience always wins.  If one option for convenience is a system with dozens or hundreds of attack points (i.e. ANY of your accounts) and the other is a system with one attack point that is heavily guarded (i.e. your online password manager’s server), I recommend going with the latter.

Thus… yes, you should use online password managers.  I don’t have a recommendation as to which one is the best as I haven’t tried them all, but LastPass does a very good job.  For some other suggestions and help choosing the one that’s right for you, check out the following links:

  1. PC Magazine – Six Great Password Managers
  2. LifeHacker – Five Best Password Managers
  3. TopTenReviews – Password Management Software Review
Regardless of what you choose, you need to keep your passwords safe.  Think about how you do it.
Tech
, , , , , , , , , , , , , , ,

Why Google+ should publish to Twitter & Facebook, and You Should Too

August 30, 2011 by LCMilstein 2 Comments

The walled-garden vs. open architecture approach to the web has been raging since the early days of the Internet.  AOL perfected the walled-garden with its keyword search while we were all on dial-up access, but the web (and AOL) have since moved on.  Which is why it was a bit surprising to see Google+ (still in project mode, admittedly) launch without an ability to pull in from, or publish out to, our other existing social networks.

That Google+ is first and foremost an “Identity Service,” according to Eric Schmidt, makes it even more baffling.  Another “Identity Service,” run by my employer, About.me, takes quite the opposite approach.  Even other social networks enable cross-posting.

But, I’m not arguing that Google should do it because others do, my argument is simpler than that.  Cross posting encourages discussion that might otherwise be missed.

This weekend, in a fit of annoyance at having to boot up my laptop after not being able to get information about Irene on my iPad that was hidden behind some Flash coding, I posted the following to Twitter:

LCMilstein Lee Milstein
After a year with the iPad, I can honestly say lack of Flash support is debilitating. I love it so much I don’t want to need a laptop too.
It got no retweets and the only reply was a spam message clearly picking up on “iPad” as a keyword.

But, because of how I have my accounts linked, the same post appeared on my Facebook wall.  24 hours later, there is a 15-comment string discussing the longevity of Flash as a web standard, Apple’s approach to controlling the user experience on its products, and whether next generation Android tablets will be able to compete with Apple’s dominance.
I never intended to engage my Facebook friends.  I thought Twitter was where the tech folks followed me and that I’d see traction there.  I was wrong.  Without this cross-publishing functionality, Twitter would have been unaffected, but Facebook would have lost out on this engaging experience.  As a one-off on my account it is meaningless, but taken to the natural conclusion, this is what makes a social network work.  This is what keeps people coming back.

Google, you may have other things you’re planning to build on Google+, and I am certain I line up to use them (Gmail, Picasa and Android are 3 of my all-time favorite products, so you have credibility with me), but I think you’re making a mistake here.  Who knows what kind of conversation my circles would have engaged in.

EDIT:
[I received feedback from some of you that this post didn’t really fit the blog; that it was industry analysis and not personal recommendation.  You’re right, but only because I ran out of time.  Here’s the last bit.]

For the rest of you, take this into account and take advantage of the linking capabilities built into your social networks.  For me, I have my Twitter publish to Facebook and LinkedIn, and I have my blog and Tumblr page post into Twitter which then pushes out to Facebook and LinkedIn as well.  I recommend you do the same.  And, as if on queue, a tweet from the Twitter team today:
twitter Twitter
#protip Have a Facebook account? Try hooking it up to Twitter for a little multitasking! Here’s how: support.twitter.com/articles/31113… 
So, to learn how to get started and link your Twitter account to Facebook to publish into both locations at once, check out their article, and see how your followers and friends engage.  You just might get more social out of your social networks.
Tech
, , , , , , , , , , , ,

Facebook is for Birthdays

July 11, 2011 by LCMilstein 0 Comments

[Note, I apologize for the delay in real posts.  They will pick up again, but in the meantime…]

Many of you have been emailing/texting/calling asking about Google+, and you’re not alone.  The web seems to have shifted focus overnight and Google has once again become the darlingof the industry.  The frantic, nightly, “Invites are open!” messages followed by the “aww, sorry, too late” jeers only served to enhance the perception.  At this stage, however, it seems most people who want to get on to the new service have found a way, and commentary is shifting to compare the service to other social networks.

While I don’t intend to argue that you should or shouldn’t use Google+ at this point, I did feel the need to share a couple of observations

  1. No one on Google+ wished me a happy birthday this weekend.  Perhaps this is because the number of users is so limited, and
  2. More interestingly, no one on Twitter wished me a happy birthday either.

Now, I’m not actually big on the whole “it’s my birthday” thing and don’t seek contact for it, but I received a LOT of wall posts, messages and emails wishing me a happy birthday as a result of Facebook making the event prominent on my friends’ pages.  By contrast, I received 0 tweets/DMs and 0 Google+ comments.

This really highlights the difference between the existing social networks.  Facebook is where people with real world connections connect, and Twitter is where information flows between acquaintances.

What’s really interesting about Google+, though, is that it could be both:

Google already maps my real-world connections with gmail, chat, and other services that haven’t been considered a “social network” in the past, and now Google+ makes it easy for me to follow acquaintances.  As I posted to my plus.google.com profile page:

Being able to change your stream just by clicking a circle is a GREAT feature. Works better than lists on Twitter and far surpasses Facebook’s current implementation of Groups. And I love that “Following” is a default circle.

By creating circles and switching the stream of news flowing onto my Google+ page, I can see updates from my friends, influencers, news sources, business colleagues, etc. and not get lost in too many posts.  It is an exciting feature.

I’m looking forward to seeing what happens when Google starts telling me about my friends’ birthdays.  In the meantime, check out the service and let me know what you think.  Start with my page.

Tech
, , , ,

%d bloggers like this: