I wish the New York City police would notify me of the details of any elevated threats by email alert in real time.
It’s never a good feeling when you turn the corner into a train station and find a group of police officers who obviously know more about the safety of the area than I do. It seems unethical to not share the information and let me make an informed decision about whether I believe the risk is significant, and decide whether I should take a different route.
This post was inspired by the following blog post on Digitwirl: The password manager that hackers hate
LastPass is a great product, and a very useful tool. But now that it’s been available for a while, and probably really starting to cross over that line into mainstream consumer usage, I think there are a few “tweaks” needed.
- Your master password is a “single point of failure”. If someone gets it, you are done. LastPass offers two-factor authentication, but I think that, particularly for ordinary consumers, the importance of two-factor authentication really needs to be drilled home, again and again. While they offer a few forms of two-factor authentication, my preference is to use the YubiKey option.
- LastPass is great at storing and retrieving your passwords, but the tool could start to move into a higher-level password management role – perhaps by allowing you to setup groupings of passwords, where you could set expiration dates and be notified on your most critical passwords to change them at certain intervals.
- Similarly for the fantastic Security Challenge tool, which does an audit of the overall security of your passwords – I’d love to see an option to get nagged periodically to run it, so I would remember to run it more frequently.
- Finally, sharing passwords is a great feature, but it would be nice to be able to manage the sharing with a dashboard of some sort which might allow you to share large groups of passwords very quickly, and easily audit which passwords were currently shared.
Image credit: jhnri4 from the Open Clip Art Library