About me
Bookshop

Get new posts by email.

About me

Passwords suck

The Washington Post’s Hayley Tsukayama recently pointed out out that in the latest version of Windows,

if you go through setup as recommended, you’ll never get a password option.

Passwords, we can surely agree, are the bane of modern digital existence. On a big-picture level, insecure passwords cause an estimated 80 percent of breaches, according to a 2017 report from Verizon. On a human level, they’re paralyzing; right when you need to access your utility bill, you can’t remember if you replaced the “a” with a 4 or an @ symbol.

Indeed, we certainly can agree: passwords suck. I seemingly have quite a few more online accounts with passwords than the average person. It’s simply impossible to have unique passwords for all these accounts and have any hope of remembering them. So for many years, I used Lastpass to manage my passwords (though I moved elsewhere after their significant data breach), and turned on two-factor authentication wherever I could. I even used a YubiKey for a bit, until I got fed up with having to fetch my keys to log in to stuff. Despite this, I was still pretty lazy, and typically used the same password (or a simple derivative of it) to sign up for new services, which meant that–despite all advice to the contrary–many of my accounts ended up with the same password.

I thought this was “alright enough” security. I had unique passwords for accounts I saw as “high risk”, such as banks and email accounts, but “so what” if some loyalty card account shared a password with some other account. I didn’t think I cared. Even when I knew that various company’s data breaches had exposed my information, I didn’t think I needed high security on most of my accounts.

Then, in a matter of months, three things happened that changed my mind.

First, somebody used my details to spend a couple of quid on my Greggs app. I don’t actually use the Greggs app very often, so it took me quite a while to notice that my account had been drained of the small change it contained. And I wasn’t all that bothered: I was mostly amused that someone had gone to some effort to steal a small amount of money to spend on pastries. I didn’t even report it, I just closed down the account. (Sidenote: yes, I’m a public health consultant, and yes, I had an account on the Greggs app. Deal with it.)

Second, I noticed that dodgy advertising text had been inserted into a number of posts on my blog. This did irritate me. It turns out that I had both used a frequently repeated password to secure the database that runs the site, and also left this in a publicly accessible place. I’m fairly certain that it was the former rather than the latter that led to the problem. In some cases, the miscreant had also deleted the backups of posts, so I couldn’t do a simple restore to overcome the problem: I had to do it manually. And I still occasionally come across bits of inserted text that I missed when cleaning up.

Third, someone knicked £8 of Costa points from my loyalty card. This also annoyed me–albeit slightly irrationally given that I rarely bother to redeem the points, hence having £8 built up. Again, used a password that I’ve often used elsewhere to secure this account. I did report this, and Costa refunded the points and (so they told me) investigated the fraud.

What’s the point of all this? I suppose I realised that I cared more about many of my accounts than I thought I did. The convenience of using an easy password meant that my security was a bit lax around the edges, and I lost out around those edges. The system of using passwords to secure accounts inappropriately rewards lax behaviour on a day-to-day basis, as it is less hassle than securing things properly.

I’ve since used my password manager properly, changing all of my accounts to long random sequences of numbers, digits and symbols that even I don’t recognise, and got into the habit of generating new secure passwords every time I’m asked to set one up. This takes a very small amount of hassle, but certainly more hassle than a go-to easily remembered reusable password… until the account is breached, of course.

There are still settings where I maintain that a long string of characters as a password is not particularly helpful. For example, I was at a conference at the Royal Society of Medicine the other day where the delegate wifi password was long and complex. Who were they trying to keep out? Why was any password even necessary? But at the same time, it’s becoming clearer to me that lax security is no longer really good enough, even for seemingly insignificant accounts.

It seems to me that ‘password management’ has gone from being something that ‘techy people’ need to think seriously about, to something we all need to think about. And let’s be honest, most of us won’t, at least most of the time. So it’s always good to hear that passwords are being ‘phased out’. The sooner the better, as long as the alternative isn’t too much hassle!


The image at the top is by Christiaan Colen on Flickr, used under Creative Commons licence.

This post was filed under: Posts delayed by 12 months, Technology, , , .

Why I won’t subscribe to Kindle Unlimited

Amazon has just launched Kindle Unlimited in the UK. I read a lot of books – but won’t be subscribing. Here’s why.

Man reading book surrounded by falling letters

Amazon launched Kindle Unlimited in the UK a few hours ago. Kindle Unlimited, which has been available in the States since July, allows subscribers to pay a monthly fee (£7.99) to access 650,000 eBooks and an unspecified number of audiobooks without further payment.

I read a lot of books, mainly on a Kindle. I dread to think how much I spend each month on books, but it is most certainly more than £7.99. So, when Kindle Unlimited launched in the US, I was pining for a UK launch. This came up in a conversation over a drink with a non-techy friend: “What, like a library?” she asked, as I described the service.

The question was as barbed as it was sarcastic, and it struck a nerve. Some sliver of my Council Tax already funds the ability for me to borrow from an enormous collection of physical books, eBooks and audiobooks via my local library. It is vaguely absurd to pay a second time to access a more limited library.

So I set myself a challenge: ditch the Kindle and start using the library.

The first barrier was to discover that I don’t own an eReader compatible with the formats available from my library. But this wasn’t really a problem: I chose to read eBooks mainly because they are cheap, available ‘over the air’, and take up no space in my house. Library books are almost as good: they’re free, take up no space in my house, and are available to collect from the library.

My local library, in common with others, has a great click-and-collect service: I request a book online; they dig it out from whichever library branch or store it is in, whack it on a ‘collection’ shelf near the door in the most convenient branch for me, and notify me that it’s ready to collect. I can then pop into the library during my commute and swap books using a self-service machine. It takes less than sixty seconds from entering the library to exiting.

Of course, not all books feature in the library’s stock. Rather than have the library source these from elsewhere, I’ve bought my own copies; the joy of reading physical books from the library has convinced me to buy paperbacks. So much for saving shelf-space.

The last ten books I’ve read would have cost, in total, £66.89 in Kindle format. Only two of them appear to be among the 650,000-book Kindle Unlimited selection. All but two were within my library’s selection: I paid £9.09 for one of these two in paperback, and borrowed the other by post from the BMA library. Hence, I saved £57.80: an 86% discount.

And so (tl;dr): Amazon’s Kindle Unlimited package made me re-evaluate how much I spent on books. It made me realise the value of my local library, and has lead to me using Amazon far less, and saving myself a small fortune in the process.



If you fancy reading this same post in a slightly different format, it's also available on Medium.

This post was filed under: News and Comment, Technology, , , , , .

Amazon’s Fire Phone is about the ecosystem, not the phone

FirePhone_Hand_Firefly-Icon

In 2013, Apple sold something of the order of $10bn of apps, making profit of the order of $3bn. Estimates suggest a further $2bn profit from iTunes sales. These figures suggest that these two classes of digital content alone account for nearly 14% of Apple’s profit.

As is widely reported, the Google Play store on Android has higher download figures, but brings in only about a third of the revenue of Apple’s App Store (though revenue is growing faster for Google than Apple). The trajectories suggest that Apple’s closed ecosystem will become decreasingly relevant in revenue terms over the coming decades – though I’m sure Amazon would open an iOS app store in moments if permitted to do so.

I suspect that Amazon is playing into the smartphone market with an eye keenly trained on these figures. I buy Kindle books, rather than iBooks or Google Play Books, because I can read them anywhere, on many devices. For Android users, this is already partly true for Amazon’s App Store: apps bought on Amazon’s store can be used across Android, FireOS, and Blackberry devices, yet Google Play or Blackberry app sales are limited to their own ecosystems. Since I own a Kindle Fire, I tend to buy on Amazon’s store even if buying for my Android phone.

Amazon’s move into the smartphone market makes this all the more compelling: if I might, at some point in the future, own a non-Android phone, then I would be crazy to buy apps for my Android device from Google rather than Amazon… especially as Amazon Coins generally make the same apps cheaper via Amazon than via Google.

Amazon’s strategy for digital content has (almost) always been to capitalise on cross-device compatibility. I doubt Amazon expects huge sales for it’s phone: I think it is the digital content market it wants, and that the phone is merely a means to an end.



The image at the top of this post is an Amazon press shot.

This post also appears on Medium.

This post was filed under: News and Comment, Technology.




The content of this site is copyright protected by a Creative Commons License, with some rights reserved. All trademarks, images and logos remain the property of their respective owners. The accuracy of information on this site is in no way guaranteed. Opinions expressed are solely those of the author. No responsibility can be accepted for any loss or damage caused by reliance on the information provided by this site. Information about cookies and the handling of emails submitted for the 'new posts by email' service can be found in the privacy policy. This site uses affiliate links: if you buy something via a link on this site, I might get a small percentage in commission. Here's hoping.