Beyond password managers and into a passwordless era ramblings

Now that I have caught your attention I should start by saying that no, password managers aren’t useless, in fact I want everyone to get a password manager as soon as possible. Do away with the repetitive passwords and insecure passwords. I personally use 1Password and have been 3 years with it now. It’s one of my most used services of all time, without it I don’t know how I would have secured all my credentials to be unique and ready to take on anything.

I think the world is moving into a passwordless era. We have seen the slow adoption of YubiKeys which are quite passwordless themselves. The key itself, to be redundant, is the key. It’s all you need to unlock things. It has no password, but internally there’s a lot more going on that meets the eye. In a sense it doesn’t mean explicitly that you need a password to use it.

I personally don’t own a YubiKey myself. I’ve been on the fence for a while for one of them but at the same time I have found myself that I am okay using my fingerprint or face recognition. I think what I fear the most is losing the physical key and not knowing what to do.

Microsoft and the Windows Hello team are also moving into a passwordless era. I wouldn’t be surprised if Apple also be the first ones to fully go passwordless in a near future just for the sake of being the “first bringing the real change”, even though things like YubiKey have been around for a long time. But, Apple provides the influence and that’s the key for everything. The sooner people realize the importance of going passwordless, the better.

Things like using your smartphone’s NFC to unlock your computer, using whatever YubiKey with NFC to unlock things is becoming more common now. Have you ever thought about the contactless credit cards so you don’t have to go take the risk of swiping your card into a questionable card reader or a card reader that has been tampered with?

Of course, all these changes takes a while. These changes will take a decade to actually take place and I think that’s the most depressing part of this. You can have Apple and Microsoft innovating and change things but the reality is that not everyone is going to have the money for the latest technology.

YubiKey needs to become more accessible than $50-$70 bucks. Devices that provide access to these technologies also need to become more widely accepted and provide secure chips that can secure fingerprint/face recognition functionality and not compromise anything else.

At the same time this technology is also for people that manages important data. Servers of any type, sensitive documents, sensitive audio, sensitive videos, any archive that has any sense of confidentiality all falls into the need of passwordless solutions. Why? Because bruteforcing password is becoming easier or will become easier.

Because all the sites and applications all around the world does not do security the same way.

All things security are not equal. I could create an application right now and use md5 to store my passwords and in a month have a leak and get those passwords cracked.

In security, everyone is involved. Security teams, server administrators, database administrators, network teams from all different departments and yet it’s really hard to keep things secure.

I’m actually still waiting for Equifax to have any accountability for the massive leak. But everyone has forgotten. 147 million people were affected, and Equifax got away with a slap and that’s it.

Anyway that’s enough of my ramblings. Do dig more into passwordless solutions if you are interested! I’ll probably bring more entries related to that.

Upgrades: Hello, Ubuntu Server 20.04 LTS

It’s been a fairly busy day of multitasking on my end. I’ve been waiting to upgrade the servers to 20.04.1 once it was out and today I felt like it was the best decision to do this.

Maybe because I don’t have a lot going on my servers it was just easier for me. The thing that really stuck out for me were the configurations I have done, you don’t really want to go around overwriting things with the maintainers configuration. Not because they are “bad” but because they will return things to its vanilla form.

I think the only thing I’ve been disappointed so far has been the PHP 7.4 performance. It’s been said that it was a huge leap over the previous versions so I thought that once I upgraded to that version everything would be lightning fast… but that’s not really the case… things aren’t lightning fast they are just… normal fast and not really different from PHP 7.2.

That said, there are some things I want to do but it requires networking knowledge… and that’s something that I don’t really have sadly because I just suck at networking.

Anyway, here’s to future-proofing!

Development Notes #5 Getting organized a bit more for execution

Over the three weeks there’s been a lot of questions on my mind on how to execute and do the presentation on some things. These things, they take time, because first impression is at best one of the first thing I have to focus on.

If there’s one thing I could say is very taxing is the user experience. The first impressions, the never-ending testing of things and the sheer insecurity and impostor syndrome that develops along this journey. I want my project to be successful, like anybody else. Sometimes it drives you a bit crazy on I hope I hope that it’s a hit around the world because who doesn’t want to slack off a little bit and get some vacation. Of course, technically speaking we can’t…. really do much about vacation with the COVID-19.

Truth is, developing a product is itself a gamble. No matter how much you study you can’t quite penetrate the market as you would hope because either the presentation is done poorly or the execution of the project is done poorly.

Documentation and presentation are keys that I have identified. I need to prepare a lot of documentation or a modest amount of documentation for the people to develop software.

I honestly don’t know how things are gonna go. But, we’ll see in the future. For now I’m just continuing working on this and hoping for the best.

Today I was able to finalize the environment for development on my new laptop. This wasn’t really a slow thing to do but bringing my laptop up to date and preparing everything did take a while… or most of my evening.

Now that everything is ready I think I can finally proceed on what to do next. There’s been a lot of things that I’ve been setting up in the background… working slowly through the items.

In a weird sense… I did complete a major portion of it. Now I’m just making sure that the following items are represented well enough.

Now, I know I haven’t said what I’m working on. It’s too abstract to understand at the moment but eventually I’ll be able to talk more about it.

Development Notes resuming

My MacBook Pro broke down and I switched over to a Dell XPS 9500. I didn’t go over for the 4k screen because I prefer having a better battery life overall and I mostly do programming with a side of gaming. The thing that I mostly miss about the mac is having good font support it seems that on Windows 10 if you are on 1080 or 1200 it means that fonts gets pixelated a bit.

The font being pixelated a bit doesn’t really bother me much. This machine is a bit of a bit. Anyway, I’m happy to say that I’m back on Windows 10 and I’m back to continuing my development.