Wednesday, January 16, 2013

Lumia 920 win

My Samsung Focus rather unceremoniously bit the bucket today - it decided suddenly to stop accepting a battery charge. Thankfully, this occurred to the day of my upgrade cycle with AT&T, so I decided to upgrade to the Nokia Lumia 920 (black), one of the new Windows Phone 8 devices.

Admittedly it's hard to say I'm unbiased, but Windows Phone 8 is truly a work of genius. Ecosystem be damned, this thing is way better than even the mighty iPhone.  Nokia also adds a respectable amount of value.

A short list of why the Lumia 920 (and Windows Phone in general) is the best phone ever:
  • Nokia Drive. FREE MAPS, and not the crappy homebrew ones from Apple, but proper Navteq. Of course, with voice turn-by-turn. The big surprise - OFFLINE maps - now I can finally navigate in Canada! Did I also mention "completely free"?
  • Free ringtones. None of this charging for ringtone nonsense from iTunes; just drag a song from your computer to "Ringtones".
  • Forget re-buying all the accessories (*cough* iPhone 5 *cough*), my Lumia plugs in with *gasp*.... micro-USB. Wherever will I find a cord that fits?
  • Skydrive sync. Zune was always behind iTunes in terms of phone syncing... but now it's irrelevant. Windows Phone 8 just does away with Zune entirely. Your texts and app list are backed up, and your photos back up directly to SkyDrive.
  • Uberscreen. 4.5" of HD, with jet black blacks (both bigger and higher resolution than iPhone 5).
  • Really fast - noticeably faster than the Focus.
  • Childproof. Now with a "Kids Corner", a mode where kids can access games or apps you choose, but not dial Russian sex lines.
  • Resizable tiles. Yes, it may sound like a dumb thing to get excited about, but once you start customizing your start screen, you realize how satisfying it is to turn your start screen into a proper information hub.
  • Ready for business. Mobile Office pre-installed; automagic sync to both SkyDrive and SkyDrive Pro (didn't even have to set them up). Email and calendaring to Exchange (and Google, and Hotmail) retains the utter perfection achieved in Windows Phone 7.
... and I haven't even tried some of the best stuff yet, like the "Lens" feature (or the camera in general), tap-sync, or the legendary pillow charger. I suspect the next few days will be fun.

While I'm disappointed with the loss of Zune sync support, the fact that you can simply copy stuff with Explorer or a variety of other sync apps more than makes up for it. While the new Windows 8 "Windows Phone" app is obviously primitive and feature-anemic, it did copy media to the phone as advertised with no issues.

For my token negative comments... seriously, AT&T, is the crapware really necessary? Why would I pay monthly for your navigation, TV or music, when it's given away for free by apps built in to the phone? You cost me entire minutes deleting it all!

UPDATE 1/23:
More cool stuff discovered while using the phone.
  • Separate volume for each Bluetooth device. This was a complaint I had with WinPhone 7.0, and its resolution makes my morning commute way easier.
  • Visual voicemail. About time!
  • Emotion added in text-to-speech! It's pretty minor, but you can hear that the 8.0 voice actually sounds happy that you've received a text message, while the 7.5 voice is carefully neutral.
  • Nokia Music. Actually pretty good - perhaps redundant to Zune Pass holders, but you can offline your "mixes" with less effort than Xbox Music.

Monday, January 07, 2013

How do I protect my Paypal account?

A friend of Amber's recently asked an interesting question - how can you protect your Paypal account from being hacked?

Well, I may not work for Paypal (or any Internet finance company), but I do know a thing or two about security, so I figured I'd give a shot at providing some tips to keeping your account secure. The same tips can apply to just about any valuable Internet account you want to protect.

1. Use a unique password.
Your password should be something:
  • NOBODY else knows. Yes, not even your spouse, your kids, your tech support guy, or even your Mother. The more people that know, the higher the chances that at least one person will abuse the access, or even if they don't, will make a completely unintentional mistake that ends up exposing your password.
  • Is not used at ANY OTHER WEBSITE. It turns out that financial institutions (usually) do a pretty good job of protecting their users' passwords. However, FarmCityVampireTownVille, written entirely in Edgar's Mom's basement, is likely not quite as careful. Any two-bit hacker cracks the game's password file, then tries those passwords on more valuable websites like Paypal.
  • Is not blatantly obvious. While hackers may not know the name of your dog or your birthday, that angry ex-girlfriend probably remembers it acutely, and is eager to use that knowledge to steal every cent you have.
  • Is not written somewhere easy to access. Sticky notes (the real world kind) on the monitor are bad. A Notepad file on your desktop (the virtual kind now) is worse. Having the browser remember your password is just asking to get robbed. If you really want to save your passwords somewhere, there are specialized applications, eg. 1Password, which will allow you to save your passwords encrypted on your computer or phone. These applications can be a mixed blessing - the idea is that saving all your passwords under a single master password is worth the risk because it is then practical to use unique passwords for every website.
I specifically omitted any tips about having a "strong" password. While your password shouldn't be excessively short or common ("abc" or "dog" are probably not good choices), the gains from adding a bunch of numbers and punctuation are modest at best, and changing a password frequently (more than once every few months) is often more counter-productive than helpful. In my humble opinion, it's more important to have a unique password you can remember than what some security experts consider a "strong" password.

2. Use only computers you trust.
A compromised computer or device can easily steal your password.
  • Run anti-virus, and keep it up-to-date. You are susceptible to computer viruses. Period. I don't care how safe you think you are. I don't even care if you only surf news sites, or if you don't even have the Internet. You WILL eventually be exposed to a virus, and an effective anti-virus can protect you from most of them (blocking rates for most good anti-virus programs are in the mid-90%'s).
    If you don't have an anti-virus (or let your subscription lapse on the one you have), and don't feel like paying for one. Microsoft gives away a free anti-virus. Alternatively, if you have Windows 8, you already have anti-virus built in.
  • Don't use anyone else's computer to access your account. Don't log into Paypal from your friend's computer. Or your Mom's computer. Especially not an Internet kiosk, or at a store. I'd even warn against using your account on a shared computer at home, if you can avoid it. It is simply too hard for you to be sure that the computer you are using is trustworthy to not steal your passwords.
  • If your computer is behaving strangely, don't access your account. This is a bit more subjective - computers can often seem to act 'strangely' in completely normal circumstances. However, if your computer is displaying unexpected pop-ups, redirecting your Internet searches, running (unusually) slow, you should consider at least a virus scan before using your account. If you have been told that you have a virus, *never* use your account until your computer has been successfully cleaned by anti-virus software - and if possible, inspected by a professional.
What I didn't say here is "trusted networks". Go ahead and use your account on any Internet connection you can get - home, work, your hotel room, even public wireless. Any credible financial website these days will use encryption ("https"... usually indicated by some sort of padlock icon in your browser address bar). This means that, assuming your computer is otherwise trustworthy, that even if somebody is listening in on your connection, they can't see your password.

Note: while Paypal protects your entire session using encryption for privacy, other websites (eg. Gmail) only protect your password, then switch to an unencrypted connection. This means that anyone listening in will be able to see whatever you're browsing (for example, your emails), particularly on a wireless connection. If you value privacy, the EFF makes a great tool called HTTPS Everywhere that turns on encryption automatically for many common websites.

3. Protect your email account.
It turns out that your email account is one of your most valuable assets for security. When you click that "I forgot my password" link on your favorite website, usually they send you a password reset email. Even worse, your email likely has enough personal information (friends/family information, birthdays, account numbers, sometimes even passwords or security questions) to crack most every account you own, even ones that aren't on the Internet!

Take similar precautions with your email account as you would with your Paypal account, because the former may provide the keys to the latter.

Anyone else have good tips to protect your Paypal or other valuable Internet accounts? I'd love to hear about them in the comments.