The Economist’s data team has today published a blog post called “How much would you pay to keep using Google?” Unusually for The Economist, the headline isn’t really an accurate representation of the contents, which actually discuss research findings related to the amount people would have to be paid to give up using search engines in general.

But the original question got me thinking. A couple of years ago, I’d have responded with a fairly substantial sum. These days, I’m not so sure. I wonder what that says about the state of the company?

Google used to be the only decent search engine. That is no longer true. A couple of years ago, I decided to see if it was possible to go all-in on Bing. Ironically, this was somewhat inspired by Matt Cutts, formerly of Google, who gives himself 28-day challenges to test assumptions and better himself. Surely, I reasoned, it can’t be as bad as people make out, nor as bad in daily use as an occasional search to try it out makes it seem. I switched my default search engine to Bing in Chrome and on my mobile.

And do you know what? The vast majority of the time, it is perfectly competent. On very rare occasions when I’m struggling to find something I also try searching on Google: I’d say 75% of the time, I also fail to find what I’m looking for there. I’d also say, without any proper data to back up the assertion, that Bing’s results seem less replete with spammy useless links than Google’s. And Bing’s rewards scheme buys me an occasional coffee. I don’t think I’d pay for Google search.

But of course, Google provides more than just search. Would I pay for other components of their offer?

Would I pay for Gmail? There are perfectly decent alternatives to Gmail, and I rarely use my actual Gmail address but forward stuff to it from elsewhere, so redirecting future mail wouldn’t be a problem. Moving the archive would be a pain. I’d probably pay a small fee—a pound a month?—just to avoid the hassle.

One service I would definitely pay for is Google Maps. I use Google Maps every day and have not found anything that can even begin to compete. Back in December, Justin O’Beirne wrote a great essay on Google Maps’s moat—the content and time barrier which keeps it well ahead of competitors. On these terms, I guess Google Maps is probably the most “valuable” bit of Google to me.

Google Drive is great, but OneDrive is pretty great too. Chrome is my current default browser, but I’d happily switch to Firefox. Google Calendar is actually quite irritating (especially since ‘quick add’ was removed) and I use it only because it’s handy. I like my Android phone, but I’d get by on iOS. I’d be sad to lose my Chromebook, but Windows laptops aren’t quite the horror shows they used to be.

I enjoy watching occasional Youtube videos, but I wouldn’t really miss them if I couldn’t watch them any more. I use Google Photos, but I also upload all of my photos to other cloud services, at least in part because I don’t trust Google not to shut down Photos when it turns its attention elsewhere (à la Google Reader or Google Notebook, both of which closed while I was an active user).

More recent Google developments (Home, Assistant, Allo, Duo, Now) have totally passed me by.

Jeff Jarvis used to talk about “livin’ la vida Google” to describe his complete immersion in the Google universe. A couple of years ago, I’d have put myself in a similar category, but no longer. I am only one person, and I’ve no idea how ‘typical’ I am in this context, but I wonder if my change in behaviour represents a wider portentous shift for Google’s fortunes?

The photo at the top was posted on Flickr by Sigurd Magnusson, and is reproduced here under its Creative Commons licence.

The Washington Post’s Hayley Tsukayama recently pointed out out that in the latest version of Windows,

if you go through setup as recommended, you’ll never get a password option.

Passwords, we can surely agree, are the bane of modern digital existence. On a big-picture level, insecure passwords cause an estimated 80 percent of breaches, according to a 2017 report from Verizon. On a human level, they’re paralyzing; right when you need to access your utility bill, you can’t remember if you replaced the “a” with a 4 or an @ symbol.

Indeed, we certainly can agree: passwords suck. I seemingly have quite a few more online accounts with passwords than the average person. It’s simply impossible to have unique passwords for all these accounts and have any hope of remembering them. So for many years, I used Lastpass to manage my passwords (though I moved elsewhere after their significant data breach), and turned on two-factor authentication wherever I could. I even used a YubiKey for a bit, until I got fed up with having to fetch my keys to log in to stuff. Despite this, I was still pretty lazy, and typically used the same password (or a simple derivative of it) to sign up for new services, which meant that–despite all advice to the contrary–many of my accounts ended up with the same password.

I thought this was “alright enough” security. I had unique passwords for accounts I saw as “high risk”, such as banks and email accounts, but “so what” if some loyalty card account shared a password with some other account. I didn’t think I cared. Even when I knew that various company’s data breaches had exposed my information, I didn’t think I needed high security on most of my accounts.

Then, in a matter of months, three things happened that changed my mind.

First, somebody used my details to spend a couple of quid on my Greggs app. I don’t actually use the Greggs app very often, so it took me quite a while to notice that my account had been drained of the small change it contained. And I wasn’t all that bothered: I was mostly amused that someone had gone to some effort to steal a small amount of money to spend on pastries. I didn’t even report it, I just closed down the account. (Sidenote: yes, I’m a public health consultant, and yes, I had an account on the Greggs app. Deal with it.)

Second, I noticed that dodgy advertising text had been inserted into a number of posts on my blog. This did irritate me. It turns out that I had both used a frequently repeated password to secure the database that runs the site, and also left this in a publicly accessible place. I’m fairly certain that it was the former rather than the latter that led to the problem. In some cases, the miscreant had also deleted the backups of posts, so I couldn’t do a simple restore to overcome the problem: I had to do it manually. And I still occasionally come across bits of inserted text that I missed when cleaning up.

Third, someone knicked £8 of Costa points from my loyalty card. This also annoyed me–albeit slightly irrationally given that I rarely bother to redeem the points, hence having £8 built up. Again, used a password that I’ve often used elsewhere to secure this account. I did report this, and Costa refunded the points and (so they told me) investigated the fraud.

What’s the point of all this? I suppose I realised that I cared more about many of my accounts than I thought I did. The convenience of using an easy password meant that my security was a bit lax around the edges, and I lost out around those edges. The system of using passwords to secure accounts inappropriately rewards lax behaviour on a day-to-day basis, as it is less hassle than securing things properly.

I’ve since used my password manager properly, changing all of my accounts to long random sequences of numbers, digits and symbols that even I don’t recognise, and got into the habit of generating new secure passwords every time I’m asked to set one up. This takes a very small amount of hassle, but certainly more hassle than a go-to easily remembered reusable password… until the account is breached, of course.

There are still settings where I maintain that a long string of characters as a password is not particularly helpful. For example, I was at a conference at the Royal Society of Medicine the other day where the delegate wifi password was long and complex. Who were they trying to keep out? Why was any password even necessary? But at the same time, it’s becoming clearer to me that lax security is no longer really good enough, even for seemingly insignificant accounts.

It seems to me that ‘password management’ has gone from being something that ‘techy people’ need to think seriously about, to something we all need to think about. And let’s be honest, most of us won’t, at least most of the time. So it’s always good to hear that passwords are being ‘phased out’. The sooner the better, as long as the alternative isn’t too much hassle!

The image at the top is by Christiaan Colen on Flickr, used under Creative Commons licence.