First Pass at LastPass

by Rafi Kronzon on October 8, 2014

RLjWnWhile we sometimes recommend online password managers to our clients, I was always too busy to take the plunge. I finally did it, and want to share my experience.

Password managers are programs that store your usernames, passwords, and web-form data for you, so that you don’t need to remember and type them every time you log into a website. The main security benefit of a password manager is that you can choose different, complex passwords for each online service you use, without having to remember those passwords.

While password managers take different approaches to securing your passwords, the ones that store your data online are, in my opinion, the only ones worth considering (more about this later). Out of the most established apps (LastPass, Dashane, PasswordBox), I chose LastPass, which has been around the longest.

A common criticism of password managers is that if the password manager itself gets hacked, all your passwords will be exposed.  While true – in fact, LastPass has been hacked at least once in the past –  the passwords are encrypted, and are useless without the master password, which only you have. For this reason, security experts recommend using a complex master password that’s not used for any other sites, and known only to you.

After spending some time with LastPass, here’s my pros and cons list.

Pros

  • LastPass, and a password manager in general, is very useful. I’m already saving lots of time and frustration.
  • LastPass support two-factor authentication, meaning that accessing LastPass from a new computer requires entering an additional security code sent to your mobile phone -a great security feature.
  • The premium version has a family vault you can share, which is great for families that share various accounts such as banking, etc.

Cons

  • You need to spend a lot of time to reap the main security benefit, which is having different complex passwords for every site you visit. You can, however, get started with LastPass and change passwords afterwards.
  • For services for which you have multiple accounts (e.g. Gmail), you need to do some manual editing of your LastPass entries so that it’s easy for you to identify which entry to use.
  • Two-factor authentication isn’t standard. You need to use a third-party app such as Google Authenticator, which is free.

The verdict? The pros greatly outweigh the cons. And while LastPass is certainly not the only, and may not even be the best password manager, it does most everything you can ask for. Highly recommended.

Share

{ 0 comments }

Does the End Justify the Means? OKCupid’s Experiment

by Louise Pope on October 8, 2014

Red heart shape brokenThough I’ve never used OkCupid, I can imagine what kind of feelings are involved. Meeting someone, putting yourself out there, can be a scary thing, even under the best circumstances.  I was troubled when I read that OKCupid had secretly used its customers for a social experiment, deceiving them with bad matches, hiding photos, and deliberately suppressing good matches in order to “see what would happen.”

Facebook recently admitted to a similar experiment in which users were exposed to emotionally charged messages to elicit reactions and drive mood. The backlash was swift. Users felt betrayed and manipulated, as though their privacy had been invaded. In fact, after many months of users’ anger, Facebook was compelled to finally change its policy.  What will the backlash be for OK Cupid, if any? What should it be? To me it raises a larger question about the relationship between providers of digital services and their customers.

The executives at OK Cupid were unapologetic, glibly stating they needed the information and claiming it happens all the time. That’s not reassuring. When we use such services as OK Cupid or Facebook, isn’t there a minimal level of trust involved? An assumption that there is no ulterior motive? If not, then what, exactly, are we signing up for? Shouldn’t users be informed or compensated for becoming test subjects?

In the “real world” such things are not acceptable. Most businesses are held to a higher standard.  Intentional deception of that nature would inevitably lead to loss of business, or worse. For example, what if food manufacturers lied about ingredients or calorie content of products in order to test the affect on its customers’ future purchases? This information would, no doubt, be hugely valuable to them. It would also lead to  lawsuits and severe legal action. If businesses can’t play with customers’ bodies to achieve a hidden agenda, how is it OK to play with their minds? Further, I would argue that something as personal and important as an individual’s feelings and states of mind is about as “real world” as it gets.

Perhaps because it is the digital world, and the users made no payment, somehow real world expectations and ethics are not applicable?  But users already pay with their attention, and without its base of attentive users, OkCupid and Facebook wouldn’t exist.  Don’t these services owe their users the product and experiences they have been lead to believe they are getting?

Deception on the internet is nothing new.  I understand the thinking behind OK Cupid’s and Facebook’s experiments, but I don’t think that end justifies the means. I also worry about the nonchalance with which such betrayals occur, and how the feelings and trust of customers is a non-issue.  With so much of our lives connected to our digital world, I wonder if, in a larger sense, a foundation of deception is being created that will ultimately have an impact many will come to regret.

 

Share

{ 0 comments }

One mistake you make all the time, and how to stop

by Rafi Kronzon October 1, 2014 Articles

That stock was a sure thing! Now that’s it down 40%, you’re still holding onto it; thinking that you need to make your money back before getting out. Feeling down about your trading losses, you remember that you have tickets to the ballet that same night. You really just want to stay home, but since […]

Read the full article →

Why you should still trust the Cloud

by Rafi Kronzon September 4, 2014 Alerts

The recent celebrity nude pics are being used by the media to expose (yes, pun intended) the cloud as “fundamentally insecure”. These types of sweeping generalizations show a lack of understanding of what the cloud is, what it is not, and most importantly, good old statistical logic. To illustrate the problem here, I’ll compare storing […]

Read the full article →

Pop Goes the Kozmo

by Rafi Kronzon September 3, 2014 Articles

What really pushed me over the edge was the recent news about yet another food delivery service launching in San Francisco. My favorite quote from the article reads like a satire of venture capital funding; “…with competitors like Sprig taking on funding alongside competitors like Chefler and Munchery….” Munchery? Really? These businesses all run food delivery services. They pick […]

Read the full article →

The End of The Password?

by Louise Pope July 23, 2014 Alerts

Ask anyone what their biggest fear about using their computer is, and the most common answer you are likely to get is being hacked.  With reports of viruses that target passwords impacting industry big shots like eBay and Amazon, it’s easy to see why people may be nervous.  Like many, much of my identity is now […]

Read the full article →