LastPass, You’re Still Making Security Worse

The thing about password managers is that a security issue there tends to be significantly more severe than with most another applications on a device. Even if you all you get is data exfiltration…well, you’re still exfiltrating some pretty fucking important data.

Which is why this story about trackers in LastPass for Android…is less than encouraging.

Continue reading “LastPass, You’re Still Making Security Worse”

Notification Qverload

(No, that’s not a typo.)

There’s an infamous notification box from the dark days of Internet Explorer 6 that “warns” the user that they are “about to view pages over a secure connection” — in other words, they get a big security alert when they were about to do something secure.

The IE6 "you are about to view pages over a secure connection" alert, placed next to a screen from The Simpsons showing Homer demonstrating his "Everything's Okay" alarm.
“Corporate needs you to find the differences between this picture and this picture.”

The problem with this sort of thing should be obvious: it’s training people to either ignore alerts and notifications entirely, or overreact to each one they see. And while that’s more of a UI/UX problem, it’s one with some pretty major implications…both security and otherwise.

Continue reading “Notification Qverload”

Random Code: Pokémon of the Day Python script

Wrote this while bored, figured I’d toss it out there for anyone who cares. Gives you a different Pokemon, and its Pokedex entry, each day. The specific Pokemon is randomly chosen, with the current date as the seed value.

There are probably ways to make it better, but I’m heavily constrained by the JSON that I’m retrieving from pokeapi.co on this one and I don’t feel like putting in the effort.

Continue reading “Random Code: Pokémon of the Day Python script”

LastPass, You’re Making Security Worse

Apparently the free tier for the LastPass password manager is taking away the ability to use both the desktop and mobile apps. If you want your passwords to be available on both your phone and your computer, you’ll have to start paying. Which I don’t think is a good thing overall. So, I’m going to use this opportunity to scream into the void at LastPass* and pretend they’ll notice, let alone care.

Look, LastPass, I get it. Until we finally usher in the glory that is Fully Automated Luxury Gay Space Communism, you’ll still need to pay your employees so that they can keep themselves in craft beer and fancy pizza. But yanking away features like that unless people pay you isn’t good for anyone long-term. Not if you’re removing those features from a password manager.

Continue reading “LastPass, You’re Making Security Worse”