Tuesday, June 16, 2009

chrome revisited

In my last post I talked about switching to Google Chrome. One thing I didn't mention though was its password manager.

I can't talk about password management in Internet Explorer because I don't use that program for anything but updating windows. I do use the password manager in Firefox though so let's talk about that and password managers in general.

Although you can get password managers that run as stand alone programs, most people need to manage passwords for various accounts on the web so it's much more convenient when your web browser provides this functionality. Whenever you enter a password on a web page with Firefox, you will be prompted to have your password remembered for next time. You can also have Firefox show you your stored passwords which can be handy too.

Now, here are some rules about passwords and how a password manager can help.
  1. Passwords should be as long as possible, use more than just alpha-numeric characters and not be composed of words you will find in the dictionary. Since a password manager will remember the password for you, you can use really complicated but secure passwords.
  2. You shouldn't use the same password for more than one account/website. Again, since your password manager is doing the password memorizing, go nuts.
  3. Passwords should be changed regularly. Sounds like a job for a password manager.
  4. The last rule is important. Passwords should be kept secret. Firefox offers the option of setting a master password. This does a couple of things for you. First, it allows the password manager to encrypt your passwords so that if anyone ever gets access to your stored passwords, they won't be able to read them. Secondly, if anyone has access to your computer and runs Firefox, they won't be able to use the passwords you stored without knowing your master password.
The last rule seemed to be a problem with Chrome. Chrome's password manager does not offer the option of setting a master password. Bad. And without a master password, there is no reasonably secure way for the password manager to encrypt your passwords. Very Bad. Google is usually pretty good about things like this so I decided some investigation was in order.

The first thing I did was do a search for "google chrome master password" and one of the early hits leads to a google message board where there is a lengthy discussion about the lack of a master password. It looks like there may be some plan to add such a feature but I couldn't discern anything concrete.

Some further digging though turned up a very good blog post that went into detail about how Chrome's password manager works. This is possible because Chrome is open-source so anyone can look through the source code.

It turns out that Chrome uses a windows system call to encrypt your passwords. It is a very reliable encryption and it is based on your windows login/password. It is also tied to some system/install identification too so what this means is that if the stored passwords can only be recovered using the account/password combination on your particular machine and install of windows.

Some argue that this isn't good enough protection as it means that if you are logged into your windows account, somebody could fire up Chrome and get access to your passwords. Sometimes it's not that mischievous and a friend is over and wants to use your computer for a second.

The correct response to this is "don't just let people use your computer while you are logged into your personal account". Seriously, create a second, limited account for people other than yourself to use, that's why that feature exists. You don't even have to shut down all your apps and log out, use the 'switch user' feature.

Some will still argue though and say "Hey, I don't want to have to logout or switch users". Well that's fine, but you still have to remember to shut down your browser first and relaunch it so that the master password will be needed the next time a password needs to be entered. That doesn't seem significantly harder than switching windows logins, leaving your own browser context intact. Even if your web passwords are safe, whoever is using your windows login still has access to whatever other personal info and files you have.

Should every program you use prompt you for a password? I don't think so but in the end, it's a matter of preference. The bottom line is that Chrome does a more than adequate job of protecting your passwords and encourages best-practices. So don't let password management stop you from enjoying Google Chrome.

Sunday, June 14, 2009

moving to chrome

Some of you may already know that Google released their own web browser some time ago called Chrome. They have been making regular updates to it and it is coming along quite nicely. Their main motivation for releasing their own browser is clear. Most of their products are browser based so it is in their best interest that people have access to the best browser technology they can get.

Even though their main focus was stability and speed, they still managed to introduce some great new features to the boring old web browser.

One main feature they lacked at introduction however, and still lack, is an addon framework like Firefox and at the time this was the major deal breaker for me. There are a couple of key Firefox addons that I find it difficult to live without and the main one is Adblock Plus.

I was very happy today though, to discover a convenient way to block ads (and other intrusions) for Google Chrome. It's a neat little proxy server called Privoxy. The basic idea is that you run Privoxy in the background and then configure your browser to use it as a proxy. This will work with any of the major browsers too (IE, Firefox, Opera, etc.) not just Chrome. You can find detailed instruction for getting it working with Chrome here.

The second addon I find indespensible is called GMarks. GMarks allows Firefox to have a drop down list of bookmarks that are hosted by none other than Google on their bookmark service Google Bookmarks. By keeping your bookmarks on the web, you can access them from any computer you happen to be at. Very useful, but Google didn't think to make this service part of Google Chrome which I think was a missed opportunity.

The solution to accessing my bookmarks from Chrome isn't optimal but it will do. I am a fan of yet another Google service called iGoogle. When you go to Google search page, you should see a link to it in the upper right corner of the page. This is essentially a customizable version of Google that lets you add little 'gadgets' to your page. And one of these gadgets allows you to view and manage your Google Bookmarks.

With these two important pieces in place, I'm ready to start using Chrome more and more in my daily browsing. Check it out.

Saturday, June 13, 2009

from DVD players to central home computers (part I)

I bought a new DVD player today. I didn't want to buy one, but I did. I prefer to move forward whenever possible and if I can't move forward I at least try not to move backward. This is true with life and especially true with technology.

"Technology!" you say, "We don't need no stinking technology!" Well don't fool yourselves. The world's population is rapidly closing on 7 billion. We need technology. We are on a path we chose long before we developed writing and we can either stay on it or get off. If we stay on it, we need technology. If we want to get off it alive, we need technology... anyway, that's a topic for another post. Back to DVD players...

When dealing with technology, you want to keep moving forward, it just makes sense. So if I needed a new DVD player, why did I buy another DVD player instead of a Blu-Ray player? Blu-Ray represents a lot of new things but none of them are a step forward unfortunately.

Higher resolution? We already have that on our computers. Higher capacity? Ditto. Greater freedom? Well, no. Blu-Ray has even more severe copy protection than DVD did. It is so severe that some of the earlier Blu-Ray players can't even play the latest DVDs because they changed the spec after their first attempt at copy protection was broken. This is something that will likely continue so if you have aBlu-Ray player now, get ready to replace it before too long. There's more but suffice it to say I'm not too fond of Blu-Ray.

So the title of this posts mentions central home computers. How do we get from DVD players to central home computers? Hopefully I'll get to that in part II.