Password Managers Are Too Difficult

Justin O'Boyle — Wed, 19 Jul 2017 05:26:00 +0000

Password managers have done wonders for users by creating a single password to secure all of their passwords, preventing a data breach from unlocking every one of their accounts.

The original problem

People re-use passwords, and the passwords they reuse are generally awful. According to Sophos, 55% of users re-use passwords!

The solution to the original problem

With something like 1Password or LastPass, a master password is created and the user simply has to remember one password (get it?) to access all of their passwords. And then, the password manager can generate random passwords for you, so you don't have to think about it.

Simple, right?

The problem with password managers as they stand

They're still too difficult. Think about how it works right now:

The user has to know about password managers and how to use them.
The user has to buy a password manager and install it on all of their devices

After they have it installed, and want to sign up for a site, the user must,

Click Register
Fill in the personal information not filled in by AutoFill, pretty hit or miss
Remember to not just fill in their usual password
Remember to click on the password manager
Enter their password / authenticate (biometric)
Fill out the rest of the web form
Answer the confusing "save your password?" dialog boxes from both the browser and the password manager

Why is this so complicated? Why don't we have a workflow like this?:

Click Register/Login
Authenticate with fingerprint or password
Check the boxes with what they wish to share with the site

Congrats, you never have to login again. Oh, and a little bit of work with Authy and it could automatically setup 2FA as well.

This is so do-able. A push from Google through Chrome or the like would most likely get websites up-to-speed on this. Also, then we don't have to worry about clickjacking the password box or other weird stuff like that. Also, users will be more tempted to use their password manager because it's just so much easier.

Mockup

What tech blog post would be complete without a mockup?

I hope we can get to something like this soon. Until password managers are easier to use than typical passwords, password and hunter2 will still be extremely common and reused.

Switching to Android: A long-time iOS user's perspective

Justin O'Boyle — Sat, 15 Apr 2017 20:15:53 +0000

Recently, my friend passed me his old Nexus 6P so I could try out Android (and also because my iPhone 6 was getting unbearably slow).

I've pretty much always been a tinkerer with smartphones; I pretty much always have had a jailbroken phone and have been happy. Jailbroken iOS was the perfect balance between tweak-ability and usability for me. However, after Apple's "courage" to kill the headphone jack last year in favor of wireless or Lightning earbuds, as well as the constant neglect for older devices' battery life has peaked my curiosity into building up the "courage" to try something else.

I didn't get an out-of-box experience with the Nexus 6P, but the first thing I did was flash ElementalX and PureNexus (as well as Magisk for root). I was guided through the setup process and was all set up. The first thing that jumped out to me was the beautiful screen on the Nexus 6P. Coming from an iPhone, 1440p AMOLED screens aren't something I was used to.

The good

As a software developer, I really appreciated the attention to app integrations as I started to install more apps from the Play Store. ("What app do you want to use to open this Maps link?", the Share button directly taps into conversations in Telegram and Twitter DMs, etc).

Let's face it: most of us have tons of apps on our phones that we use enough to keep, but not enough to warrant a place on the home screen. Android (well, most launchers) solves this problem well by allowing you to have an "app drawer" (for the stock iOS users out there, think of it like an "applications folder" on your computer) to hide away all your half-used apps. No one needs their Watch app taking up valuable space on their home screen. (Seriously, how often have you ever opened that? Once, to repair your watch because some sketchy online guide told you it would fix some problem?)

The Android community is great. That's not to say the iOS community is any less great (though /r/jailbreak could chill out a bit), but I have noticed that the Android community seems to value open source projects – something the iOS community is just coming around to value more often (still, not so much). Plus, Google doesn't lock you into the latest two or three minor versions. Theme engines like Substratum are slightly buggy at times but seem to do a better job than most iOS theme engines (with the exception of Eclipse 4, but that's more of a tweak than a theme).

Notifications on Android are actually pretty cool. At first, I was confused by the need to dismiss notifications for them to disappear on the lock screen, but I have come to really find persistent notifications (as well as the grouping!) a very neat and useful feature.

All of the arguments about apps being "less developed" than iOS or the arguments about apps being better than their iOS counterparts are, in my opinion, invalid. They're basically the same. You really won't have any problems with any third-party apps being compatible. (except Snapchat)

The bad

This isn't Android's fault, but iMessage really is a big miss. SMS is buggy and slow at best, and asking people to switch over to something like Telegram or Hangouts sometimes isn't an option. (I really wish we could have one messaging standard that's actually encrypted and not carrier or vendor beholden, but alas, we still don't.) This also isn't Android's fault but getting Snapchat to work on anything except stock Android is a nightmare (I've documented here how to do it by the way).

Unfortunately, I don't think the vast majority of Android users are going to have the same experience as I have. Android has a massive issue with patches and getting people up to date. As of April 2017, Google reports that only 4.9% of users are using Android Nougat, the latest version of Android (7.0 or 7.1).

Compare that to Apple, where 79% of devices are running iOS 10.

This fragmentation is a large problem for Google- and they seem to be addressing it with the automatic Pixel and immediate Nexus updates. However, cheaper smartphones suffer from being able to be attacked and exploited easily.

In summary

iOS and Android are great platforms. I will continue to use both, but right now my faster phone is an Android device, so I'll stick with that. I will post updates.

Forem: Justin O'Boyle