First impressions of 1Password

After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.

I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.

So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.

Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.

Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:

This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.

I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.

Advertisements

Here’s my Web-services budget

The annual exercise of adding up my business expenses so I can plug those totals into my taxes gave me an excuse to do an extra and overdue round of math: calculating how much I spend a year on various Web services to do my job.

The result turned out to be higher than I thought–even though I left out such non-interactive services as this domain-name registration ($25 for two years) and having it mapped to this blog ($13 a year). But in looking over these costs, I’m also not sure I could do much about them.

Google One

Yes, I pay Google for my e-mail–the work account hosted there overran its 15 gigabytes of free storage a few years ago. I now pay $19.99 a year for 100 GB. That’s a reasonable price, especially compared to the $1.99 monthly rate I was first offered, and that I took too long to drop in favor of the newer, cheaper yearly plan.

Microsoft Office 365

Getting a Windows laptop let me to opting for Microsoft’s cloud-storage service, mainly as a cheap backup and synchronization option. The $69.99 annual cost also lets me put Microsoft Office on one computer, but I’ve been using the free, open-source LibreOffice suite for so long, I have yet to install Office on my HP. Oops.

Evernote Premium

This is my second-longest-running subscription–I’ve been paying for the premium version of my note-taking app since 2015. Over that time, the cost has increased from $45 to $69.99. That’s made me think about dropping this and switching to Microsoft’s OneNote. But even though Microsoft owns LinkedIn, it’s Evernote that not only scans business cards but checks LinkedIn to fill in contact info for each person.

Flickr Pro

I’ve been paying for extra storage at this photo-sharing site since late 2011–back when the free version of Flickr offered a punitively-limited storage quota. This cost, too, has increased from $44.95 for two years to $49.99 a year. But now that Yahoo has sold the site to the photography hub SmugMug, the free tier once again requires serious compromises. And $50 a year doesn’t seem that bad, not when I’m supporting an indie-Web property instead of giving still more time to Facebook or Google.

Private Internet Access

I signed up for this virtual-private-network service two years ago at a discounted rate of $59.95 for two years, courtesy of a deal offered at Techdirt. Absent that discount, I’d pay $69.95, so I will reassess my options when this runs out in a few months. Not paying for a VPN service, however, is not an option; how else am I supposed to keep up on American news when I’m in Europe?

LastPass Premium

I decided to pay for the full-feature version of this password manager last year, and I’m already reconsidering that. Three reasons why: The free version of LastPass remains great, the premium version implements U2F two-step verification in a particularly inflexible way, and the company announced last month that the cost of Premium will increase from $24 a year to $36.

Combined and with multi-year costs annualized, all of these services added up to $258.96 last year. I suspect this total compares favorably to what we spend on news and entertainment subscriptions–but that’s not math I care to do right now.

CES 2019 travel-tech report: overcoming oversights

I’ve survived another CES, this time after committing two of the dumber unforced errors possible at an enormous tech trade show.

One was not arranging an update to the Wirecutter LTE-hotspots guide to coincide with CES, such that I’d have to bring a couple of new hotspots to the show. Instead, I was left to cope with intermittently available press-room and press-conference WiFi.

It confounds me that in 2019, anybody would think it okay to host a press event and not provide bandwidth to the press. But that’s CES for you, when either PR professionals or their clients seem to shove common sense into the shredder.

Fortunately, the show press rooms offered wired Internet, so I could fish out my USB-to-Ethernet adapter and get online as I would have 20 years ago. A couple of other times, I tethered off my phone.

On its second CES, my HP Spectre x360 laptop worked fine except for the one morning it blue-screened, then rebooted without a working touchpad. I had to open Device Manager and delete that driver to get it working once again. I also couldn’t help think this doesn’t charge as fast as my old MacBook Air, but I’m still happier with a touchscreen laptop that I can fold up to use as a tablet–and which didn’t gouge me on storage.

My other big CES error was leaving the laptop’s charger in the press room at the Sands. I looked up and realized I had only 30 minutes to get to an appointment at the Las Vegas Convention Center, hurriedly unplugged what I thought was everything, and only realized my oversight an hour later. Fortunately, a call to the Sands press room led to the people there spotting the charger and safeguarding it until I retrieved it the next morning.

Meanwhile, my first-gen Google Pixel declined to act its age. It never froze up or crashed on me, took good pictures and recharged quickly over both its own power adapter and the laptop’s. I am never again buying a phone and laptop that don’t share a charging-cable standard.

I also carried around a brick of an external charger, an 8,000 milliamp-hours battery included in the swag at a security conference in D.C. I covered in October. This helped when I was walking around but didn’t charge the Pixel as quickly, and leaving the charger and phone in my bag usually led to the cable getting jostled out of the Pixel.

The other new tech accessory I brought on this trip made no difference on the show floor but greatly improved my travel to Vegas: a pair of Bose QC25 noise-cancelling headphones that I bought at a steep discount during Amazon’s Prime Day promotion. These things are great, and now I totally get why so many frequent flyers swear by them.

Credit where it’s due: Thanksgiving tech support has gotten easier

I spend a lot of time venting about tech being a pain in the neck, but I will take a break from that to confirm that my annual Thanksgiving-weekend routine of providing technical support has gotten a lot easier over the last 10 years.

The single biggest upgrade has been the emergence of the iPad as something usable as the only computer in the house. It took a few years for Apple to make that happen–remember when you had to connect an iPad to a computer for its setup and backups?–but Web-first users can now enjoy a tablet with near zero risk of malware and that updates its apps automatically.

As a result, when I gave my mom’s iPad a checkup Wednesday afternoon, the worst I had to do was install the iOS 12.1 update.

That left me free to spend my tech-support time rearranging that tablet’s apps to keep the ones she uses most often on the first home screen.

Things have gotten easier on “real” computers too. Apple and Microsoft ship their desktop operating systems with sane security defaults and deliver security patches and other bug fixes automatically. The Mac and Windows app stores offer the same seamless updates for installed programs as iOS and Android’s. And while Google Chrome and Mozilla Firefox aren’t in those software shops, they update themselves just as easily.

But the openness of those operating systems makes it easier for people to get into trouble. For example, a few weeks ago, I had to talk a relative through resetting Chrome’s settings to get rid of an extension that was redirecting searches.

Other computing tasks remain a mess. On a desktop, laptop or tablet, clearing out storage to make room for an operating-system upgrade is as tedious as ever, and it doesn’t help when companies like Apple continue to sell laptops with 128-gigabyte SSDs. Password management continues to be a chore unless (duh) you install a password manager.

Social media looks worst of all. Facebook alone has become its own gravity well of maintenance–notifications to disable to curb its attention-hogging behavior, privacy settings to tend, and propaganda-spewing pages to avoid. There’s a reason I devoted this year’s version of my USA Today Thanksgiving tech-support column to Facebook, and I don’t see that topic going out of style anytime soon.

A different default browser with a different default search

Several weeks ago, I switched my laptop to a setting I’d last maintained in the previous decade: Mozilla Firefox as the default browser.

Firefox took the place of Microsoft’s Edge, which I’d decided to give a shot as part of my reintroduction to Windows before seeing Edge crash too often. In another year, I would have made Google’s Chrome the default instead–but a combination of privacy and security trends led me to return to an old favorite.

Firefox had been my default browser in Windows since February of 2004, when it was an obvious pick over the horrific Internet Explorer 6. But a few years after the 2008 introduction of Chrome, Firefox had stopped keeping up, and I began relying on Chrome in Windows.

I kept Safari as the default on my Macs for its better fit with the operating system–although its memory-hogging habits had me close to also dumping it for Chrome until a recent round of improvements.

Last year, however, Mozilla shipped a faster, more memory-efficient version of Firefox. That browser has since finally caught up with Chrome in supporting “U2F” two-step verification, where you plug in a cryptographically signed USB flash drive to confirm a login. And as I realized when writing a browser-comparison columns for USA Today, Firefox comes close to Safari at protecting your privacy across the Web–especially if you install its Facebook Container extension, which blocks Facebook’s tracking at other sites.

This doesn’t mean I’ve dropped Chrome outright. I almost always keep both browsers open, with much of my Chrome tabs devoted to such Google services as Gmail and Google Docs. (Confession: I only learned while writing this that Google Docs’ offline mode now works in Firefox.) Chrome continues to do some things better than Firefox–for instance, while it doesn’t offer a simplified page-display option like Firefox’s Reader View, it’s been more aggressive at disciplining intrusive ads.

When I set Firefox as the default in Windows, I also switched its default search from Google to the privacy-optimized DuckDuckGo. That’s something I’d done in my iPad’s copy of Safari years ago, then recommended to readers last July in a Yahoo post; it seemed a good time to expand that experiment to a browser I use more often.

Since DuckDuckGo doesn’t match such Google features as the option to limit a search to pages published within a range of dates, I’m still flipping over to Chrome reasonably often for more specialized searches. But even there, I’ve reduced my visibility to Google by setting a sync password to encrypt my browsing history.

All this adds up to considerably less Google in my Web life. I can’t say it’s been bad.

How I inspect laptops at tech events

BERLIN–I’ve spent the last three days here at the IFA tech trade show poking and prodding at new laptops to see if they might be worth your money. That inspection has gotten more complicated in recent years, thanks to some new features I welcome and a few others I could do without.

The following are the traits I now look for after such obvious items as weight, screen size, if that screen is the rare Windows laptop display that doesn’t respond to touch, advertised battery life, storage, memory and overall apparent sturdiness.

Acer Swift 7 close-up

  • Screen resolution: On smaller screens, 4K resolution eats into battery life without making a meaningful difference in picture quality–from most viewing distances, you can’t even see the pixels on a 1080p laptop screen anyway.
  • USB-C charging: Now that I have a laptop and a phone that can both use the same charger, I never want to go back to needing a proprietary power cable for a computer. You shouldn’t either.
  • USB ports: Laptops that only include USB-C ports can be thinner than those with full-sized USB ports, but I’m willing to accept a little bulk to avoid having to pop in an adapter for older USB cables or peripherals.
  • Other expansion options: For people who still use standalone cameras, SD or microSD Card slots will ease data transfer. I also look for HDMI ports, which ease plugging the laptop into a TV. (Since my own laptop doesn’t have one of those: Anybody have a recommendation for a USB-C-to-HDMI cable?) And now that I’ve seen a laptop here without a headphone jack, I need to confirm that audio output’s presence too.
  • Backlit keyboard: Typing without one in a darkened hall is no fun. While I’m looking for that, I’ll also see if the trackpad is governed by Microsoft’s simple Precision Touchpad control or janky third-party software.
  • Webcam placement: Some laptops stash the webcam not at the top of the screen but below it, which leaves video callers stuck with an up-the-nostril perspective of the laptop user.
  • Windows Hello: Fingerprint-recognition sensors are cheap, while having to type in a password or PIN every time you log in imposes its own tax on your time. I’m not so doctrinaire about Windows Hello facial recognition if fingerprint recognition is there.

This list is a little involved, but on the upside I no longer have to worry about things like WiFi or serial ports. So now that you know what I fuss over when inspecting laptops at tech events like this, what else should I be looking for on each new computer?

A travel to-do for Android Pie: enable lockdown

The first new feature in Android Pie that I noticed after installing it on my Pixel 12 days ago was its Adaptive Battery feature, which hunts and handcuffs energy-hungry apps (yes, that seems like a feature that shouldn’t have had to wait for a 9.0 release). The first new setting I changed was Pie’s “lockdown” option.

That’s the feature Google left out of the keynote sessions at Google I/O in May and instead saved for the closing minutes of a more technical briefing on the last day of the conference. Lockdown disables your phone’s fingerprint unlock and hides all notifications from the lock screen–a useful option if, as Android security manager Xiaowen Xin said during this presentation, “you need to hand it over for inspection at a security checkpoint.”

Or as avgeek blogger Seth Miller phrased things in a tweet then, it’s Android’s “airport mode.” It’s how you’d want your phone to behave if you must hand it over to somebody you shouldn’t automatically trust.

But lockdown isn’t on by default or all that easy to find. You have to open the Settings app, tap “Security & location,” tap “Lock screen preferences,” and then tap the slider next to “Show lockdown option” so it’s highlighted in blue.

Turning it on isn’t super-obvious either: Wake but don’t unlock your phone by pressing the power button, then hold down the power button again for about a second. You should see a “Lockdown” button on a menu that will pop out of the right side of the screen; tap that, and your fingerprint’s no good to unlock the device.

Now you know. Whenever you get Android Pie on your phone–yes, I realize that could be many months, unless apathetic vendor support prolongs that timeframe to “never”–enable this option. Then please get in the habit of using it.