Monday, June 15, 2015

Peaches and Scotch

LastPass was just Hacked, Here's Why I'm Still Using Them

A coworker emailed me that my favorite password manager service, LastPass, was just hacked.  I read through the alert and followed the instructions to change my master password.  At first blush, this is bad news.  A company whose primary job is to protect access to every account I have was hacked.   Even if they _say_ nothing was stolen: Oh crap.

But, after a a little reflection, I realized this is still better than no password manager or even rolling my own.   First, I do take them at their word that no credentials are ever stored on their servers unencrypted, and that encryption used is secure.  The only way that somebody can steal my passwords would be to download my encrypted passwords and know my master password.  If you want my bank login so bad that you'd hack LastPass and then torture me to give up the master password, you must be looking at different bank statements than me.  

More importantly, though, LastPass is monitoring proactively and doing the right thing when they detect anomalies.  That to me is way more than any paper or home-rolled service can provide.  If you are not using a password manager, you are likely either writing them down on paper or using the same ones everywhere.  The latter is instant hacksville. The former is as secure as what you are writing them on.  Do you have staff monitoring the post-it notes you write your passwords on?  Do they notify you when something remotely suspicious happens related to your passwords?

No, I still enjoy the bliss of generating random passwords that even I don't know, and letting LastPass ensure they are relatively safe.

That said, there are some things LastPass could do better:  Notification for me came through reading a blog post three days after the hack.  I would have liked earlier notification and to have had it in the LastPass app as well as email.

So, if you are not using LastPass (or _some_ password manager), don't be scared off by recent events. If you are, change your passwords and move on.

Sunday, June 14, 2015

El Cheapo MP3 Players Have Come a Long Way

We recently got one of these Tecsun MP3 players for our 3 year old's birthday. Loaded up with all of her favorite songs, she totes it around all day singing along.  Unlike most MP3 players, this has a speaker built in.  The sound quality is excellent for what it is, the retro design is fun, and most of all she loves it! It doesn't display song names, so it's not what you would want for a personal player (besides, isn't that just our phones by now?). But for a fun beach or poolside player, or for your favorite music-loving munchkin, it's hard to beat an el-cheapo MP3 player.