Welcome

You have reached the blog of Keith Elder. Thank you for visiting! Feel free to click the twitter icon to the right and follow me on twitter.

Organizing Passwords, Credit Cards, Web Sites and other Secure Data with LastPass

Posted by Keith Elder | Posted in Howtos, Internet, Security | Posted on 20-02-2011

Tags: ,

4

How many passwords do you have memorized? 5? 10? 20? 50? 100? Most people I know of simply memorize a couple of passwords and then use those passwords among all of their websites. This is bad for many reasons. The first reason is if someone found out just one password think for a minute as to what they could get into (bank, email, Facebook, Twitter, etc.).  To be truly secure each and every password you need to know should be different and it should be randomly generated. How does one track all of that data, keep their sanity, and simplify their life all at the same time? There is a better way to manage all of this data and it is really simple and it is secure.  I’m talking about LastPass.

What Does LastPass Do?

LastPass is a secure password or e-wallet manager that plugs into any major browser and supports a variety of mobile devices that lets one carry their data with them wherever they go. What this means simply is there is only one password to remember from now on.

For more *geeky* details and a full list of features visit their site.

LastPass Example: Shopping Online

Instead of me explaining all of the features LastPass has to offer (which would take 20 articles to cover everything) I thought I would simply do a walkthrough of a common scenario all of us do which is online shopping. Of course this could just as easily apply to signing up for a discussion board, Facebook or whatever. 

Pretend for a minute it is Christmas time and the perfect gift was found on a website never visited. As with most websites when going through the checkout process the site requires a username and a password to be created. Typically it will look something like this:

image

Upon opening a new account the next page shown requires an email address and a password. Here is where LastPass comes into play. As soon as your cursor is placed in the password field, LastPass detects a new account is being created and automatically prompts to generate a password.

image

Pressing the “Generate” button in the LastPass window then brings up the password generator.

image

This screen displays the strength of the password and allows advanced options to be selected when generating a new password. Most of the time the advanced options isn’t needed but there are times when creating an account in a website that certain characters aren’t allowed. This is how that would be adjusted.

image

Above you can see I included more options for this password and increased the length to 12 characters. The strength indicator shows a really strong password.

To be honest I really don’t care *what* the password is and with LastPass I don’t have to.

Pressing “Accept” then stores this password in the password Vault as shown here.

image

And the random password is inputted into the password fields on the form. Yeah!

image

Upon saving this information and creating the account the next page LastPass displays a menu at the top of the browser indicating whether or not it should save the site.

image

When pressing “Save Site” there are other options that can be set like should LastPass auto login the next time this site is visited and which group the site should be placed in.  The groups in LastPass allow sites and different notes (more on notes later) to be stored in folders essentially allowing better organization. For example a group may be *work* or *financial* or *shopping*.

image

Once the site is saved your work is done. You never have to remember your login information for that site again and you have a random password for that site.

Oh and did I mention this is all free?

Life Before LastPass

I’ve used what have been traditionally called “e-wallets” or “password managers” for several years. Before using LastPass I used several other password managers and wallets that helped organize my information. I am not going to mention any names but if you are reading this article and are currently using one now that *may* be it as I’ve used a lot of them.

The problem with other password managers and e-wallet type applications is the burden is placed on the user to remember to generate a password and copy it into that program. Most of these managers have desktop applications and because they are not integrated with the browser there is a lot of copying and pasting. Simply put they just aren’t efficient and productive. Better than nothing though.

The other problem with these password managers is they do not sync across mobile devices really well, nor allow access to information from anywhere. LastPass solves all of this since it syncs back centrally (although your data is stored locally) and supports multiple mobile platforms including Windows Phone 7.

My Favorite Features of LastPass

Having used LastPass for the past several months I thought I’d share some of the things I really like about LastPass.

Importing Existing Data

The first thing I had to do before moving to LastPass was import my data. Doing so turned out to be easier than I thought it was going to be. Here are the current imports LastPass supports.

image

The import for me was flawless. I did have to tweak a few things to get it better organized but all in all very happy I was able to move from another product to LastPass so easy.

Multiple Accounts

The biggest and best feature for me with LastPass is the ability to login to a web site easily with multiple logins. Let’s just take Twitter for example.

For Twitter I have my personal account @keithelder and I also have one for our podcast @deepfriedbytes and one for our local .Net user group @hubcitynug.

Here’s how it works. 

I browse to Twitter and I’m immediately prompted at the top of the page to login.

image

(ok so I have 4 twitter accounts, but one is a secret right now Smile )

And now I can easily sign in.

image

This is huge because before I’d have to open my other program, search for the account I wanted to login with, copy the password, type in the username, paste the password and then login. Not very simple and a little bit of a pain, especially for a novice user. This is a win for LastPass.

Secure Notes

When I first started using LastPass I almost didn’t keep it around because I couldn’t *easily* find a way to store my credit cards, bank account info, etc. Now while this may be scary to some of you I’ve been doing it for years and it has paid off numerous times.

For example I’ve left credit cards in restaurants by accident only to go back and find the card was missing. Having all of my credit card details including phone number of who to call and PIN in one secure place has paid off numerous times.  I bet most reading this have no idea what their PIN number is to their credit card either.  Not only that but if I’m buying something online I *hate* to have to get up and go find my wallet and type the number in. Again it is about convenience.

Secure notes is what LastPass uses to store various types of information in LastPass including bank account, credit card, server logins and so on.

image

Most all of the competing products offer this feature as well but it is a feature that I have to have. And mainly I included it because it isn’t *obvious*.

Sharing Information

Since LastPass stores encrypted data *in the cloud* this opens up other possibilities such as sharing. LastPass allows the sharing of information with other users. Here is how it works. First login to LastPass.com and select the item that is needed to be shared and press “share”.

In this example I’m going to share the information I use to login to Allstate with my wife. This is a perfect example because she obviously needs to know how to get at this information but the password and login info is random. Not only that, but if something were to happen to me or her we both have access to our vital accounts.

image

As you can see there are several options for the amount of access granted to a shared item. And it even will track changes made by others. The only thing required to share is the other person has to have a LastPass account.

Form Fill Profiles / Identities

Other features of LastPass that I am just not getting comfortable exploring are form fill profiles and identities.

The form fill profiles allows personal information to be stored  for example when visiting a check out form on a web site. The information will be auto populated. Definitely a time saver when filling out form data. And since there is different data for different uses this is where the profile part comes in. For example you may have your personal profile but also a profile from work or from a side business.

Here is the scoop on identities as taken from the LastPass web site.

LastPass Identities allows you to create different views of your LastPass account.

The Identities feature is most commonly used to hide some of your sites when you log into LastPass from a particular location. A common example might be that you create a ‘Home’ and a ‘Work’ Identity.

Conclusion

LastPass is a fantastic tool and I plan on using it for awhile. If you have some concerns over the security of LastPass I welcome you to review their FAQs on the site as well as some information from Security Now about LastPass.

Honestly after converting about 10 friends to LastPass I decided I should take a more formal approach and just blog about how awesome this product is. Seriously no matter what you are using now give LastPass a try.

Bing – It Does Way More Than You Think

Posted by Keith Elder | Posted in Internet, MVP10 | Posted on 21-02-2010

0

No doubt you’ve heard Bing marketed as the “Decision Engine”.  I’ve watched and used Bing over the past several months and the one thing that has impressed me the most is how quickly it has been advancing.  If your perception is that Bing is only good to find answers to programming questions you couldn’t be more wrong.  It does so much more and we are only seeing the beginning. 

Cards

Right now the Winter 2010 Olympics are underway.  A lot of people are no doubt traveling to Vancouver, Canada for the event.  If you go to Bing and type in Vancouver you will see something presented on the results page that is quiet interesting.  Below the ads is a box which has a culmination of things in it like pictures, weather, attractions and so on.  Now you may think that someone at Microsoft went in and created this section on the site.  Here is what I am referring to.

image

(red box is mine)

This highlighted section is called a “Card” and it is completely auto generated. In other words, no one at Microsoft created that section of the page. Everything is automatic.  These cards are created entirely by the decision engine.  If you see this in the future now you know what it is.

Maps – There’s an App For That

Most people know that Bing has maps support.  But what many don’t know is Bing is doing all sorts of neat things to take online maps to a new level.  One way Bing is doing this is using Silverlight to bring a much richer experience to the online map experience.  When you visit http://bing.com/maps look for the following on the page:

image

When you click “Try it now” the user interface will be switched from HTML/JavaScript to Silverlight.  This opens up more possibilities for a richer online experience.  Let’s look at some of the things you may not be aware of when you turn this feature on.

Once the new version is loaded look toward the bottom of the screen on the left.  There is a “MAP APPS” link.

image

This is where things start to get real interesting. Like for example you are able to view maps of the recent Haiti earthquake before an after.

image

I’ll let you explore around on your own but one of my favorite apps is from Microsoft Research.  The app is called “Destination maps”. The app is simple, you enter an address and highlight around the area of the location.  Press go, and viola! You have a map to your party, anniversary or bar mitzvah.  For example, let’s say I was going to host a crawfish boil at my house for friends. I go to this app and enter my home address.  I then select the surrounding area to cover enough roads leading to my house.

image

Once satisfied press the continue button and Bing will generate your map in a variety of styles.

image

Once done your map will appear.  In this example I left the hand drawing version.

image

I have to say this is really accurate for a simple map to get someone to my house.  And it sure beats drawing it by hand.  There are other applications as well, play around and see which one you like the best.

Future Innovation

Does augmented reality sound interesting to you?  Bing is doing a lot of work in capturing data and adding even more data to put on top of that data.  The best thing to do is just show you.  Check out Blaise Aguera’s talk at TED located at http://www.ted.com/talks/blaise_aguera.html.  It is only about eight minutes long and you won’t be disappointed. 

image

Hopefully this gives you just enough reason to look into some of the other Bing features I haven’t even mentioned.  The best way is to just head on over and start playing.

Deep Fried Bytes Episode #41: Developing Better User Experiences with Internet Explorer 8 with Jon Box

Posted by Keith Elder | Posted in Internet, MVP10, Podcast | Posted on 05-12-2009

0

 
http://deepfriedbytes.com/podcast/episode-41-developing-better-user-experiences-with-internet-explorer-8-with-jon-box/

 

 

Want to learn why you should look at the Internet Explorer 8 for developing better user experiences? We have just the guy to explain and give ideas around the new features of Internet Explorer 8. In this episode, we sit down with Jon Box, Microsoft Architect Evangelist, to get the scoop on how to use Accelerators, Web Slices and Search Providers in IE8 to keep users informed and updated.

.Net 4.0 – Start Reading Between the Lines – Learn Silverlight and Entity Framework

Posted by Keith Elder | Posted in .Net, Asp.Net, C#, Internet, Mobile Devices, MVP10, PC Software, Smart Clients, SQL Server | Posted on 30-11-2009

11

I started writing this as a general recap of PDC for team members but the more I thought about what was announced at PDC, the longer the email got.  Ultimately I decided to put it out so you dear reader could also gain some insight from things announced at PDC. 

For starters listen to the podcast we recorded with Scott Guthrie or “The Gu”, or “His Guness”, or “ScottGu” about Silverlight 4 announcements among other things while at PDC. 

The big stories out of PDC that I think everyone should take note of are Silverlight 4, Entity Framework 4 and Windows Mobile. Wait Windows Mobile 7? Yes.  Wait… I didn’t hear anything about Windows Mobile 7? Well I didn’t either and that is why this post is called “read between the lines”.  Call it speculation or whatever, but I think I can bring you up to speed on what is about to happen (and no I have no official behind the scenes information, I’m just a guy with a brain).  Before we get to Windows Mobile 7, let’s start with Silverlight.

Silverlight

Silverlight 4 had tons of announcements including:

  • Camera and microphone support
  • Trusted out of browser support.  This means one can access COM (for example, an application could access Outlook APIs)
  • Lots of line of business app controls
  • Added support for drag and drop
  • WCF RIA Services (this is basically what I’m calling the new CSLA, if you listen to the podcast you’ll find out that Rocky worked with the team closely on RIA Services)
  • Print natively
  • More…

Tim has a great recap of all the Silverlight announcements here with links to videos:

http://timheuer.com/blog/archive/2009/11/22/pdc-silverlight-resources-link-dump-learn-silverlight.aspx

Now what does this all mean? It means the line is blurring between client and server applications. It also means we are coming back full circle to “Smart Clients” (which were hot in 2005/2006 but were forgotten due to the Web 2.0 hype.  The only difference is this new breed of application (Silver Clients?) can run directly from a web site, or on a client’s machine.  It also means that Silverlight is going to finally fulfill the vision we heard about a long long time ago that was called WPF/e (WPF Everywhere).  A lot of people have forgotten this but we are seeing it take full shape now.  For businesses that are writing applications internally, I think we are going to start seeing a huge shift away from writing Asp.Net/MVC apps and a move towards the rich model with Silverlight.  I mean seriously, why wouldn’t you? If you get cross platform compatibility, rich data binding, write once and work in any browser, why would developers that are trying to build internal business applications continue to kill themselves writing JavaScript, fighting CSS and browser compatibility?  I can’t think of a reason either.  In my opinion this is just a waste of time (and always has been).  There is something extremely powerful putting a variable in memory and having it be there when you need it without having to worry about sessions, state, etc.  Yes we are FINALLY getting back to the client programming model, just coming at it a different way. 

Entity Framework

Let’s talk about Entity Framework 4.0 for a moment.  This is another big piece of news.  It is big because as .Net developers we will finally have one true way to access data that fits the multitude of ways we have to work.  Here’s a recap of announcements (not a complete list, watch the videos from PDC):

  • POCO – supports plain old clr objects
  • EDM designer enhancements
  • Better stored proc support
  • Model first (then gen database model)

Doug Purdy (who we also interviewed for Deep Fried Bytes while at PDC) has a list of the sessions that cover the Entity Framework 4.0.  Just start at the top and work your way down as far as you can.  At least watch the first video as it shows off all the features of EF.

http://www.douglaspurdy.com/2009/11/22/pdc-2009-data-and-modeling-talks-2/

With the number of features that were announced in EF4 I think we are on the verge of seeing the demise of NHibernate usage by developers in the .Net stack.  For those that have used NHibernate in the past, it is worth another look at the Entity Framework to be released in .Net 4.0.  About the only thing EF4 doesn’t do that NHibernate does do is built-in caching (which hey, there’s this caching thing that AppFabric does, hmm, wonder if they’ll use that? Why not! 🙂 ).  But the big thing to note between EF4 and NHibernate is we are starting to see where this whole modeling thing with OSLO is going (edm files are m fles and so on).  And of course there is the bigger picture of reusing this model in report services, BI and other areas (although we haven’t *seen* that really working yet, it is coming though see next sentence).  As EF4 makes it way into other products throughout the Microsoft ecosystem it is going to be extremely hard to avoid the Entity Framework.  Read between the lines, the writing is on the wall, LEARN THE ENTITY FRAMEWORK.

Just a side bar here because I know someone is going to ask me this at a later time.  Will the Entity Framework kill NHibernate? Answer: Nope I’m not saying that. 

Out of band developers that seem to have a knack for yelling the loudest will continue to use NHibernate but a much larger ecosystem will leverage the out of the box Entity Framework in .Net 4.0.  Think back for just a bit.  History is about to repeat itself all over again.  Remember when we got MSTest and or MSBuild?  Same thing is happening again. There is now an out of the box product for standardizing data access.  Are their alternatives? Sure.  Just as MSTest didn’t kill NUnit or MBUnit and MSBUILD didn’t kill NAnt, EF4 will not kill NHibernate.  However, if you look at the number of developers using MSBuild or MSTest it is high. Extremely high.  Why is that? Answer: pain, ease of use, integration, documentation.  MSTest is not the best testing framework out there (this is a proven fact), but it is good enough for 90% plus test cases.  Entity Framework 4.0 is going to put an ORM in the hands of developers.  And you know what, it doesn’t suck either. 

Windows Mobile 7

And now onto Windows Mobile 7. 

Is this WinMo 7 above?  I honestly don’t know, I found these screen shots on http://windowsphonemix.com/ web site.  BTW, notice that URL?  Mix? Yes Mix.  Mix is the first of the three major conferences Microsoft puts on each year.  The very last slide at PDC during the last keynote said, “Come to Mix 2010 for Windows Mobile 7 futures”.  A lot of people missed this because they were tuned out from the SharePoint demos and already packing to leave.  But there it was on the big screens.  Thus we know Mix is when we’ll see Windows Mobile 7.  Again, listen to the podcast to get some other insight. 

Here’s a quote:  “Three screens and the cloud”

We heard this over and over at PDC.  Let’s read between the lines a bit shall we?

I have three screens:  Windows Desktop, Web, Mobile.  Ok, if I want to write an app that will run on all three what do I as a developer have to do today?  Let’s see, well, we could write a ClickOnce deployed Smart Client for the Desktop that uses WPF.  For the web, well, we would have to switch gears completely and rewrite our app in Asp.Net or Asp.Net MVC to get that screen.  For mobile, even tougher, we have to rewrite the app again to get the mobile version.  Let’s think about this differently again.  Think about it, how many technologies would a developer have to know in order to an application for these three different screens;  WPF, JavaScript, HTML, and CSS will be used just to name a few.

Now, let’s switch gears.  What if I used Silverlight 4 to write my app?  Well, it could work in the browser no doubt.  Hmmm, it could also work on the Desktop using the out of browser experience with elevated permissions.  What about mobile? 

“Wait, didn’t you just say Keith that at Mix we’ll get to see Windows Mobile 7?”

Yes! 

“And hasn’t there already been talk of using Silverlight for mobile?”

Yes!

“Aha! Three screens with Silverlight, I get it!”

That’s right my friendly .Net developers the writing is on the wall. The vision of WPF/e (WPF Everywhere) is about to come true.  We’ve waited for years but it is just around the corner as I predicted would happen years ago.

http://www.keithelder.net/blog/archive/2007/01/12/Microsofts-Response-To-The-iPhone-Is-Right-Around-The-Corner.aspx 

(ok, so it wasn’t right around the corner but 3+ years later)

Moral of the story?

LEARN SILVERLIGHT so you can make millions of dollars building Mobile applications just like the iPhone devs.  There, I just made you rich by putting this puzzle together for you, please send me 20% of all profits.

You are welcome.

I Don’t Get The Hype – Google Wave is Discussion Forums Web 2.0

Posted by Keith Elder | Posted in Internet | Posted on 23-11-2009

2

I’ve been using Google Wave for several weeks now, and I just don’t get it.  All Google Wave appears to be is discussion forums Web 2.0’ified.  Oh, and then inverted.  What I mean by inverted is typically in a discussion forum you have to join in a discussion, usually by joining in on the site or whatever.  Think of it like at a party where some people are discussing topic X.  You want to participate so you walk over and join in.  With Wave, you are “pulled” over into the discussion (like an email forward). Both forums and wave have topics and then a bunch of threaded replies.  The horrible part of it all is making sense of where a user replies.  It is crazy hard to “follow” the discussion in Wave.  I used the term “discussion” there on purpose because that is all that is happening in Waves, I mean discussion forums, I mean Waves are people discussing something.

Someone could reply after a thread, but keeping track of what is read where is a nightmare.  Right now I’m calling Google Wave a “Wikussion”.  A hybrid of a Wiki and a discussion forum.  Basically there is nothing new here, just a twist on existing technologies.  If you haven’t seen Google Wave, here is a real live wave that is going on right now.  (Looks like a discussion forum to me too don’t worry).

image

Honestly, I don’t get it and I cannot see this killing email.  For starters how do I know I have a new wave to read? Email? Text? Check it constantly like Twitter or Facebook?  Sure to many people Wave is a new shiny toy but I’m looking for real world value. Right now I don’t see it.  Maybe things will change, but until it passes the “mother” test (which means my Mom is using it), this pretty much sums up Google Wave.

zVn91[1]

Maybe I’ll get to write one of those “I was wrong about Wave” blog posts down the road and I look forward to doing so if things change.  But right now I’m still waiting for the Tsunami to hit me.