4.040 meeting, passwords, covid

Tuesday 01/10/2023

Did the gym machine round. Then sat around waiting for the writers meeting to start at 10:45 and wishing I had written something, because I didn’t on the two prior weeks. The cue was “opportunity”. Well I decided to write about a very current opportunity, and put together something in the 20 minutes before the meeting. I’ll append it below. What I did in the afternoon was to follow through with that activity, looking at the first 120 or so entries in the exported list and marking about half for deletion. Aside from feeding hummingbirds, that was about it for the day.

Oh! Almost forgot. In the daily covid email from staff? We have no, zero cases active, among either residents or staff. Yay us!

Change as opportunity

For a decade I have used the LastPass password manager to, um, manage my passwords. It sits inside my various web browsers and whenever it sees a user name or password field, it happily fills in the correct items so I don’t have to. The only password I have to remember is the master password to my my LastPass “vault”. It has been very convenient, and, I thought, safe.

I adopted LastPass at the recommendation of Steve Gibson. Gibson is a widely-known expert in the field of computer security, and I’ve been listening to his podcast, Security Now, for more than a decade. He was an early adopter of LastPass. Joe Siegrest, the founder and original programmer of the LastPass app, was a guest on his podcast in 2010. He had allowed Steve to review the code of the app. Gibson praised the security and privacy built into its design, and recommended it. So I started using it.

As so often happens in the world of software, the original founder sold the product to a corporation and moved on, presumably a wealthier man. LastPass the product is now under its second corporate owner, one that, it seems, pays somewhat less attention to good security practices. Over the past year LastPass has suffered two serious security breaches in which unknown intruders exfiltrated significant amounts of user data. Encrypted data, but still. As a result, in a recent podcast, Steve Gibson said he no longer recommends LastPass, and described in detail the process of how to transition to a different password manager.

So I must, reluctantly, do that. (Here, picture the angel with the flaming sword sending Adam and Eve out of Eden into the wilderness.) But every change is an opportunity! If only an opportunity to learn how you might have done a better job earlier. The first step in changing password managers is to export your current “vault”. LastPass makes that easy; and in about 30 seconds I was looking at a spreadsheet listing all my saved passwords, row after row of URL, user-id, password; URL, user-id, password…

This presents two opportunities. First, the opportunity to review one’s on-line history. There are over 400 rows in the exported vault! Among them are many, many URLs that I haven’t visited in years. LinkedIn, for example; I killed that membership in 2016. So I get to relive my enthusiasms of the past. And then the opportunity to tidy up and delete the deadwood.

No doubt on a chilly night in the wilderness, Adam and Eve cheered themselves with thoughts of the new opportunities they faced outside of Eden.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s