Is Your Mobile Device Your Most Secure Password

PasswordThere was a lot of news recently about the most commonly used passwords of 2013 (which are “123456”, “password” and “12345678”).  If you’re familiar with dictionary attacks, you know that a computer can quickly figure out your password.  And if you’re like most people who use the same password across sites, having your password compromised on one site is extremely dangerous.  Now how can your mobile phone make this more secure and easier to use?

I saw some great news for a group of guys I met in SF last year who were trying to solve this exact problem and got bought by Google.  Their start-up was called SlickLogin and they were using mobile devices to provide two-factor authentication.  So even if your password does get compromised, if the hackers didn’t have access to your mobile phone, they wouldn’t be able to access your phone.  Let’s think of the following situation…

Let’s say you use your super secure password “password123456” on some new Instagram-like site, the site is some new site created by some 20 year-olds who aren’t being too secure with your password and store it in plain-text in a publicly accessible database and hackers are able to get in, download everyone’s email address and password.  These hackers then start using the email/passwords they stole at some of the major banking websites and are able to access your account.  They then get enough information to start opening up credit cards in your name and start a buying spree. So how do you keep your information secure and not create a million different passwords? There is really no easy answer to solve this problem. But the guys from SlickLogin say instead of coming up with different passwords, make your mobile phone your system of authentication. So before you even try to enter your password, you use your mobile phone to authenticate who you are.  This is done simply by having your phone next to your computer when you’re logging in.  There is no need for SecureID, a text message pin-number, or anything else.  You simply have pull your phone out of your pocket and place it next to your laptop as you’re logging in.  This sounds like magic, but the guys from SlickLogin have come up with some cool technology that allows your computer to broadcast a unique sound that humans can’t hear but your mobile phone will and it will relay to the website you’re accessing that you are who you say you are.  That’s the super-basic and simple explanation of how it works.  So I’ll be curious to see what the guys do now that they’re a part of Google and how this technology will be integrated into Google.  I wonder if we’ll see this technology rolled into Android in the near future.

Of course, this technology won’t be available anytime soon, so until then, we all have to deal with passwords. I’ve heard of different tactics and they basically trade ease of remembering for security.  It’s either easy to remember and insecure or hard to remember but secure.  For instance, you could have a base password of “password” that you use, but you always append a different set of characters or numbers depending on the site you visit.  It could be as simple as appending the first character of the site, so if you’re logging in to Amazon, your password would be “passworda” or if you visit Facebook, it would be “passwordf”.  You could get more complex and append the number of characters in the name of the site, so the password for Amazon becomes “password6” and for Facebook, you get “password8”.  A simple trick, but this does give you different passwords for different sites thereby making it a little harder (not impossible) for hackers to access other sites if your password does get compromised.

Again, security is only good if you remember to use it, so you have to figure out a system that works for you.  Also, you need to asses your own risk levels, if you’re a millionaire that gets lots of press, you’re at a much higher risk than a random person who only goes online to check email.  But you also shouldn’t assume no one is trying to hack you because everyone is a target, so keep your password safe.

A Mobile Kill Switch for Everyone

Mobile Kill SwitchI heard about the legislation being passed in CA to require phones to have a mobile kill switch that would make it less desirable to phone thieves to steal phones since they would be useless once they’re reported stolen. There’s lots of third-party software that allows you to remote wipe you phones, but this would be something that is built into the hardware and controlled by the carriers probably.  While it sounds great for consumers because fewer thieves would be trying to steal your phone, what about hackers who once they hack the manufacturer or the carriers would be able to access anyone’s phone.  This makes a very large target for hackers and a single point of failure.  I also wonder what would happen if false reports of stolen phones start becoming normal and your jealous ex or even if buddies jokingly report your phone stolen and you lose everything on your phone and it becomes a brick.  Kind of scary sounding, right?

So according to the article, they are trying to make this a federal law.  I really don’t know if it’s a good idea, but luckily we all know how slow the government is and it would take a while for manufacturers and carriers to implement something.

Excerpt from the article:

On Thursday, US Senators Amy Klobuchar (D-MN), Barbara Mikulski (D-MD), Richard Blumenthal (D-CT), and Mazie Hirono (D-HI) introduced national legislation to require a way to disable smartphones remotely. The goal is to deter theft and protect consumers, but this defense against thieves might come with greater vulnerability to hackers, according to a mobile industry trade group.

Introducing AddThis Pro

AddThis ProHere is a snippet from my blog post on introducing AddThis Pro…

Have you asked your customers what they want from you? The answers might just surprise you, or in my case, completely change my outlook. After the launch of Smart Layers, the team here spent a lot of time brainstorming ideas on what to build next. We had all kinds of ideas, including one about starting a mobile-run pizza food truck.

Luckily for everyone, we then did some surveys and talked to bloggers (special thanks to Julie from Table for Two), news sites, brand sites, and even some e-commerce sites. Among the feature-specific feedback, we heard a resounding “give us more AddThis.” That meant more social tools, more recommendation tools, and more control over the tools. But most importantly, they asked us to “make it simple.” That’s the foundation of AddThis Pro.

read the rest here.

How Not To Make Decisions

Decision MakingIf you have a task to do that takes 12 hours by yourself and you have 3 friends, you assume that it will take significantly less than 12 hours if those 3 friends help you, right? Decision making is a task, so logically, the more people involved should speed up the decision. But in reality, it’s quite the opposite.  And when it comes to a decisions about a product, time is extremely critical – the sooner you make a decision, the sooner designers can start doing mocks and reviewing them with devs and making prototypes that can be used to determine if the decision was the right decision. Delaying a decision or worse, constantly changing your mind can be the death of an idea/product. You learn nothing from stalling and changing your mind without new information is simply letting the wind in the air change your direction. I am a firm believer that you should trust your people to make decisions – good or bad. Smart people will make good decisions that will help you succeed, they will also make bad decisions and learn from the mistakes and help you succeed. But if you prevent them or delay them from making decisions, you are preventing them from helping you succeed. So my recommendation is let your people make decisions and act or make the decision yourself and let them execute, but preventing them from making a decision is the worse thing to do. I was actually thinking about this recently and if multiple people are needed to make a decision, no more than a hour should be spent to make the decision.  In fact, a hour is enough time for 2 people to come to a conclusion, but if you add 3rd or 4th person, you should actually have less time, let’s say 30 minutes for 4 people.  This will force people to focus less on their reasons and listen to the decision maker and hopefully understand and support their decision.  Not to mention, if you took up the full hour with 4 people, you’ve just used up 4 man-hours vs 2 man-hours, but if you shorten to maximum time to 30 minutes, 4 people would still use up a total of 2 man-hours. Of course, this is all in an ideal world and people are rational/logical.  Unfortunately, we know people are emotional and people have egos and sometimes people care more about being heard than the end result.  Just my 2 cents…

How to build a specific SVN revision in Hudson/Jenkins

This was surprisingly easy to do, but difficult to find, so I figured I would do a quick write-up to help others who might find themselves in the same boat.  All you need to do is specify the revision number you want to build using the @ symbol at the end of the SVN URL, for example:


12345 would be the revision number you want to build.  There are also a number of SVN plugins you could install to do this as well, but if all you want to do is test a specific revision, this is an extremely easy way to do it.  In my case, I was hunting down an issue that I could reproduce locally so I was going through the trac history revision by revision to find the culprit behind the issue.  It luckily took less than 10 tries and the builds were relatively quick, so I didn’t waste too much of my night finding the issue.  And luckily, when I found the bad commit, it was a one-line change, so it was easy to figure out what went wrong and make a fix.  Here’s a screenshot to help you if you’re more a visual learner:

Jenkins SVN Revision

Slow News Day When Flappy Bird Makes Headlines

Flappy BirdI know, if I don’t like the news, I should just turn it off and ignore it.  But just like all press an iPhone with a bigger screen got, I can’t believe how much press the guy behind Flappy Bird is getting for simply saying he’s going to pull the game from the app stores.  In the big picture of life, a game not being available doesn’t seem like a big deal to me. And we’re not talking about removing an iconic game from history like Super Mario Brothers or Halo which are cult franchises.  We’re simply saying an inexpensive mobile game that is highly addictive (I’m assuming it is since I never played the game) won’t be around anymore.  I know the press is trying to speculate why Dong Nguyen is pulling the game when it’s been such a success generating $50K a day in revenue from ads.  Ultimately, I don’t really care why he’s pulling the game, it could range form the most genius marketing move to the fact that he just doesn’t want to support it anymore. Or maybe Rovio is holding his family hostage and making him take down the game – who knows (but at least a hostage situation seems more news-worthy).  Mobile platforms and app stores have made the distribution and consumption of digital content (games, apps, music, movies, etc) so easy and simply that anyone can become a digital content creator and more important, anyone can become the next Dong Nguyen and create the next smash-hit game with hard-work and a lot of luck (I have to caveat a lot of luck because the Internet is not always fair and the best product can and will be beat by the product that has a better marketing strategy and gets in front of the right people).  So why am I writing all this?  Good question… I don’t think I have a good reason… maybe I’m just bitter that something so innocuous gets so much attention… maybe I’m jealous and wish I was his position… maybe I’m just bored on a Sunday morning and got irritated with all the top stories on every Tech site I went to was about this Flappy Bird game… yeah, that’s it… I was hoping for something for interesting…

On a side note, I have to mention Ingress as a really interesting location-based game of capture the flag that’s owned by Google and played world-wide.  I’ve been playing it a little bit at a time and it’s getting pretty addictive and I find myself pulling out my phone in random places to see if there’s anything I can capture around me for my team.  I’ll have to do another write-up on the game, but just thought I would mention it since this was a post about addictive mobile games… not to mention, I wanted to end on a positive note rather than a negative note.

Bigger Screen + iPhone = Who Cares

iPhone 6So looking at my news feed (here, here, here, and even more here), you would think the concept of making a phone with a bigger screen is some new revelation that no one had ever thought about.  I’m hoping that the real reason this is somehow considered “news” is because no one else is doing anything interesting. I think that makes a lot more sense than people actually getting excited by the concept of an iPhone with a bigger screen.  Wasn’t the extra row of icons Apple gave you with the iPhone 5 enough?  You people are just greedy.  Come on, Apple is a tiny mom-and-pop shop with limited funds trying to make you all happy.  It’s not like they purposely hold back features to get you guys to buy a new phone less than a year after you just bought one.  And it’s not like there are other phones out there with a bigger screen, so you can’t just walk into a store (or order one online) – you’ll just have to wait until the generous people at Apple get around to making a phone with a bigger screen.  Because ultimately, that’s what the iPhone needs… end sarcasm…

I wonder if I’m the only one that is pretty disillusioned with Apple lately.  I switched to my Moto X (mostly because of Google Glass) and I haven’t missed my iPhone at all.  I know some people think switching would be tough, but it took virtually no time at all and there hasn’t been anything that I’ve missed.  I will say that I had to re-train myself to know where things were like where to change notification settings or getting used to having a back button (which is super nice in my opinion).  But otherwise, it wasn’t a big deal leaving the Apple world behind and going back to Google.  I know they just did a report where Apple has something like 50-60% of the US market, but I’m hoping things change because I just don’t understand why everyone likes Apple so much.

Twitter Data Grants – Lots of Micro Data

Twitter EngineeringTwitter announced a new program called Twitter Data Grants that allows research groups to request access to raw extracts of Twitter data.  This basically means that researchers can analyze and process billions (possibly trillions) of tweets.  In their blog post they mention possibly analyzing the data to find patterns in influenza.  This sounds like a great idea, but I do wonder how valuable the data contained in tweets are.  Looking at my own stream of tweets, most are just links to news articles.  Then there are a handful of the “look at me” tweets that are simply people posting their personal thoughts like “it’s cold outside” or “I feel fat” or “here’s what I ate for lunch”.  Maybe someone else can come up with a way to process those into something useful, but I personally just see them as people wanting to share all their thoughts with the world (I do wonder if people post these thoughts out of vanity or because they people to interact with them or maybe both).  And then there’s all the bots and automatic tweets that get published from various sources.  I can’t imagine what value automated tweets would provide.  Of course, you could probably look for very specific things (like the flu thing) and try to analyze the timeline of tweets related to specific topic and possibly the geo of the tweets to figure out a pattern.  I wonder if Twitter will share some of the proposals because I would be curious to find out what people are going to try to do with just a raw dump of data.

Well, I’ll end this post with an idea I did have about using Twitter data to identify when users do things like get a hair-cut, an oil change, go grocery shopping, get gas, etc. – things that people do at specific time intervals (like I get a hair-cut every 4 weeks).  I thought if you could mine that data and then maybe a week before they’re supposed to do something, you could try to sell them on a Groupon/LivingSocial deal for a hair-cut, oil change, etc. – I figure it could be a useful marketing tool, just a lot of work and I’m not sure if you message people on Twitter like that, if they would respond.  Thoughts?

Robots, Violence and the 80s – RoboCop is Back

RobocopSo this definitely isn’t tech related… well, this could be our future… so maybe it is tech related, just not my normal analysis/op-ed of a new emerging/popular technology.  Anyways, if you were alive in the 80s, you probably saw one of the RoboCop movies – if my memory serves me, there were 3 movies back then.  The first one was the best, the second one was super violent and the third one was awful, but it did have RoboCop flying around with a machine gun for a hand fighting samurai cyborgs (okay, that sounds pretty awesome actually).  So I’m definitely excited for another RoboCop movie and RoboCop himself looks bad-ass and the previews also show him on motorcycle, so whats not to love.  It also seems like they made RoboCop much more nimble and not quite as stiff as the original movies, so I’m hoping for better action sequences, maybe more akin to Iron Man.  Now that I think about it, RoboCop is the less cocky and more tragic version of Iron Man.  RoboCop isn’t a rich playboy, he can’t take off his suit and hook up with models and he’s truly self-less and only serves the people.  But on the other hand, Tony Stark is a super genius nerd, so I do relate with the nerd aspect more than a self-less cop.  And these days, the media is more likely to promote a self-made genius nerd turned billionaire and criticize crooked cops abusing the system.  But I’m starting to go from talking about what will hopefully be a great movie with lots of action and special effects to an editorial on the media and their portrayal of certain working class/groups.  So basically what I’m saying is that I can’t wait to see this movie.  I might even be willing to cough up the ridiculous amount to see a movie these days.

How Android Takes Over The World

ChromecastWe all know that there were more Android phones shipped this past year than iPhones and now we’re going to see Android start to take over your television.  The Google Developer Blog posted that they’re opening up the Chromecast and giving developers access to the Google Cast SDK.  This means developers can build apps that stream content to any Chromecast.  And if you already have an app, you can add support for the Chromecast and they also have support for iOS as well as Android.  This is in stark contrast to the Apple TV which is basically a closed box that can only run apps that Apple builds and wants you to run (and the Apple TV is over twice as expensive as a Chromecast).  So Google is obviously making some big moves to take over the TV.  As search on the desktop moves to mobile and be less lucrative and people spending more time in apps like Facebook and Twitter, changing how people use their TV’s and giving start-ups a new channel to innovate is a great way for Google to diversify their portfolio.  And if anyone can displace traditional TV commercials and instead provide targeted advertisement to TV viewers, Google would be the company to do it.  Instead of random ads based on whatever show you’re watching, imagine an ad for items that you were looking at earlier in the day… and how would Google know this, well, they could be tracking what sites you visit or they could tell from the Google Glass you’re wearing or they could tell because your phone placed your location inside a retail store.  And just think if you actually see an ad you’re interested in, all you need to do is pull out your Android phone and use Google Wallet to buy whatever you see on the screen.  This could be the future of a truly connected, always-on world where everything you do generates digital data that companies use to target you.  It sounds scary, but in some ways, we’re already moving in this direction, so instead of fighting it, we should figure out how to put consumers first and only provide data that we’re comfortable sharing.  Anyways, this was originally about new SDKs available and somehow morphed into a Minority Report like future.  I’m excited to see what people build with the SDKs… and who knows, this might be enough of a reason for me to actually get a Chromecast… wonder if a v2 is coming anytime soon?