Weekly output: password managers, exposure-notification apps, talking tech with Mark Vena

Six months ago, I expected to be busy tonight packing for the IFA tech trade show. But although that conference in Berlin is proceeding on a drastically-scaled-down basis, I’m not flying to Germany tomorrow because of the European Union’s ban on Americans traveling to the EU. Given how thoroughly we’ve botched this pandemic, I can’t blame them for imposing that restriction.

8/24/2020: Extra security or extra risk? Pros and cons of password managers, TechRepublic

I shared my experience with password managers–mainly LastPass and 1Password–with TechRepublic’s Veronica Combs for this overview of the advantages and disadvantages of these services.

8/25/2020: COVID-19 tracking apps, supported by Apple and Google, begin showing up in app stores, USA Today

Writing a lengthy report for O’Reilly about contact-tracing apps did not mean I could write this much shorter piece from memory and my existing notes. In addition to getting useful adoption data from Virginia’s Department of Public Health about its COVIDWISE app, I also reported that VDH plans to support a national key-server project from the Association of Public Health Laboratories that will let these state-developed apps relay and receive warnings of potential COVID-19 exposure across state lines.

8/28/2020: SmartTechCheck Podcast (8-28-20), Mark Vena

I talked about exposure-notification apps, the future of tech events like IFA, 5G wireless and Apple silicon with my analyst pal at Moor Insights & Strategy–another tech type who would have been packing for Berlin tonight but is instead grounded. You may notice a break in the recording about halfway through, when I had to get a glass of water so I could resume speaking normally. Note to self: Before sitting down to record a 45-minute podcast, make sure a glass of water is on the desk.

Weekly output: Google’s password help, Twitter suspensions in Egypt

NEW YORK–This evening finds me here for the Ascent conference, at which I have four panels to moderate Tuesday and things to learn all Monday. Yes, that means I will miss both NLDS games at Nationals Park. Since the team hasn’t done all that well when I’ve been in the stands for a potential division-series clinch, maybe that’s good?

10/2/2019: This new Google tool protects you against dangerous passwords, Fast Company

Along with a fair amount of other tech journalists, I got an advance on Google’s announcement Monday of changes to warn Chrome users about exposed, reused or easily-guessed passwords. Having seen how a similar feature in the 1Password password manager has helped make me less stupid about site logins, I think this is a good move by Google. But I also expect that many users will freak out when they see Chrome telling them that their password has been compromised in a data breach.

10/3/2019: Twitter suspensions in Egypt, Al Jazeera

I appeared on the Arabic-language news channel to talk about reports of Egyptian dissidents’ Twitter accounts being suspended. My take: Twitter has a serious problem with being fooled by coordinated, bad-faith campaigns to get accounts suspended for alleged-but-not-real violations of Twitter’s rules. The anchor then asked why Twitter hadn’t answered AJ’s questions, and I said that most social-media companies are chronically bad at explaining their own decisions. Many have hangups with just speaking on the record.

First impressions of 1Password

After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.

I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.

So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.

Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.

Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:

This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.

I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.