My Delayed Migration to Authy (and Google Chrome Password Manager)

July 3, 2022 Daniel1password, authy, google chrome, one-time password, otp

For years I was an enthusiastic 1Password user. Then I became less enthusiastic.

Around the time I decided I wasn’t going to pay for any more 1Password updates, I began to research alternatives. Many shared the aspects with 1Password that made me want to leave it.

I decided to try Google Chrome’s password management. Because it is part of the browser, its browser integration is excellent. And it’s free. But it lacks support for One-time Passwords (OTP). Of course, Google offers the Google Authenticator app, which I used before 1Password added support for it. But Google Authenticator has no cloud syncing.

Authy only stores one-time passwords, and it offers cloud syncing. Perfect, right?

Initially I added my Twitch account — which seems to have a specific integration with Authy — and Twitter. I tried to add my Nintendo account OTP to Authy, but it had two problems:

It never worked. It didn’t match the code in 1Password, which did work.
Depending on the device on which I was using the Authy app, Authy would repeatedly insist that I decrypt it. I’d type in the password I believed was correct, but it wouldn’t work.

The second point scared me: Was this my future if I embraced Authy? Codes that don’t work and failed decryption?

More than seven years after creating an Authy account, I had gotten very tired of needing 1Password on my phone to access my OTPs. I decided:

I wanted to move all my OTPs to Authy and
That meant first I was going to have to sort out the problem with my Nintendo account and Authy.

I again tried to decrypt my Nintendo OTP in Authy; No luck. I could see it on my iPhone, but it never worked. So I decided to delete it. I have cloud sync turned on for Authy. I deleted the account on my iPhone, and Authy told me it would take two days before it was gone for good. The account was still visible — but unusable — on my Windows PC, so after a day I deleted it there, too.

I gave it another day or so. Then I tried to copy the working OTP for my Nintendo account from 1Password to Authy. 1Password allows you to edit an OTP (this is handy; 1Password does have some good features). In 1Password, on the screen for my Nintendo account, I clicked edit and then copied the entire string shown for the OTP field. I pasted this into Authy, but it didn’t match the code in 1Password, and wouldn’t let me log in.

I did some Googling, and found this post on Reddit: Move one-time passwords out. The trick is to grab the value after secret=. I tried it and it worked.

I quickly copied all the OTPs that I could remember needing. I then installed Authy on my devices.

Today I’m much closer to retiring 1Password once and for all. It’s a good feeling.

This is a happy ending, but it’s not perfect. Authy isn’t perfect.

I’m currently forced to use Authy’s Android app on my Chromebook. I don’t like Android apps on ChromeOS, and I avoid them. I spent an hour or so trying to get the Authy’s Linux app installed on my Chromebook, and the install appeared to work, but the only Authy I can find on my machine is the Android app.

Authy’s security measures are confusing. There is a backups password, a master password, and a PIN. This is too much. 1Password has a master password and, if you use it on a mobile device that doesn’t have biometric authentication, a PIN. I can think of no good reason why Authy’s backups password — for attaching the Authy app on a new device to your Authy accoung — and master password — for unlocking the Authy app when you unlock your computer or launch the app — could not be combined.

So there are two things about Authy that annoy me. And if Google every combined Google Authenticator with Google Chrome’s password manager, I’d probably ditch Authy. But for now, it’s a free OTP manager with Cloud syncing, and that’s exactly what I was looking for.

Wemo and a New Router

December 1, 2019March 6, 2020 Danieltechnology, wemo, wifi

Cliffs Notes: Delete the Wemo app. Reboot your iPhone. Reinstall the app and go from there.

I got my first Wemo devices at least as far back as 2015. I’ve been happy with them. They work. Yes, they can be occasionally stubborn — but I think that’s mostly due to wifi dead spots in my home. A built-in ethernet port would be a nice option. And yes, the Mini Smart Plugs that never stop broadcasting their setup wifi network? Also annoying, but hardly a dealbreaker.

Today I considered getting rid of all my Wemo devices in favor of a competitor. It didn’t matter which competitor. I was frustrated. I couldn’t get any of my Wemo devices to connect to my new wifi network. (I have entered the world of mesh wifi with a pair of Nest Wifi routers.)

I did some research before I created the new network. Based on what I found, I would have to factory reset each Wemo device in order to get it onto the new wifi network. Fine. Not ideal, but fine.

Wemo devices, like many smart devices, broadcast their own wifi network in order to perform initial setup with help from another device like a phone or tablet. It makes a lot of sense — modern phones have a screen. Things like light switches or doorbells or speakers tend not to.

I was able to get each of my Wemo devices to broadcast its setup wifi network. I was able to get my iPhone to connect to each of these devices (though not always on the first try). But that was where my progress stopped. For each smart plug, I was prompted to use my phone’s camera to snap/scan the plug’s Homekit code, or type in the code manually. But none of my plugs are new enough to have Homekit codes printed on them. For the light switch, I was just shown basic instructions about installing the hardware in wall. Not what I was looking for.

I gave up and moved on. I got every non-Wemo smart device in my house connected to the new wifi network. Then I did some more Googling, and found this on Reddit: Wemo Smart Plugs do not play well with SSID name change The crucial advice? Delete the Wemo app from you iPhone. Reboot your phone. Go from there.

What do you know? It worked. For devices that I didn’t factory reset, the name and ID photo were still stored. So the factory reset didn’t help anything, and actually lost my customization.

You would think a line of devices that depend on wifi would walk users through the process of moving devices to a new wifi network. For contrast, the Ring Doorbell app has a Device Health screen with an action called “Change Wi-Fi Network.” In the Alexa app, the screen for each Echo device shows the wifi network it is currently connected to, and a “Change” action.

User flow shouldn’t lead to a dead end. Users shouldn’t have to delete and reinstall an app to get back to a setup phase. And an ecosystem like Wemo shouldn’t have a massive blind spot for moving devices to a new network.

The Passion of the Comcast: Cutting the Cord

February 7, 2018March 6, 2020 Daniel

This is an ongoing story.

In late 2014, my wife — the primary person on our Comcast account — got a call that we could get new cable boxes, more channels, faster internet, and phone service, all for less than what we were paying at the time. A technician came to our house and hooked up a primary X1 box in our living room, a smaller X1 box in our bedroom, and a new combination modem/router. The X1 interface is a vast improvement over what came before it. Our internet speed went from 25 mbps to 100 mbps. Things were good. We even added two digital adapters.

Fast forward two years, and I watched as our monthly Comcast bill got larger and larger. It got as high as $236.43 on May 1, 2017. Our two year contract had ended and the steep discount with it.

In that two year span, Google Fiber had announced plans to bring its service to Atlanta, and more specifically, Brookhaven. It’s not available at our home as I write this, but I operate under the assumption that it could become available at any moment.

So I don’t want to sign any contracts. But that’s the only way to get a discount with Comcast.

So I started looking at streaming tv providers. I went in thinking I might go with DirecTV Now — I already have AT&T cell service. But Sling had the features and channels we wanted. I tried it out, bought a couple Apple TVs (and an antenna and a Tablo) and turned in our cable boxes at the local Xfinity office.

Of course, to stream anything, you need internet. I didn’t cancel our Xfinity internet service, but I did drop the speed from 100 to 25 mbps. That alone cost $65/month.

Everything was going fine. Between Sling and the antenna, we got every channel we cared about except two: Ion, a channel that shows Law & Order reruns that broadcasts over the air out of Atlanta but not with a strong enough signal for us to pick up; and HBO. I was leaning toward HBO Now because getting HBO on Sling was the same price — $15 — but lower video quality.

But I noticed some weirdness when I logged into my Comcast account. It showed that we had made an automatic payment on May 21, 2017 and that our next automatic payment was scheduled for May 22, 2017 — which was in the past.

I talked to Xfinity support via browser-based chat. The rep told me not to worry about the bill – we would be charged the correct amount — but that hey, we could get faster internet — 75 instead of 25 mbps — for less money — $40 instead of $65. And oh by the way, we’d also get Stream TV — including HBO. Great!

So of course the first thing I tried to do was log into HBO Go. Couldn’t do it. The next day I talked to support chat again. No HBO Go.

A day or two later I did some research and found this Xfinity support article. Among other things, it says that Stream TV customers get HBO Go.

A few days later I called Xfinity support. I spoke to four different people. Each of the last two told me I couldn’t get HBO Go, gave me the link to the Stream FAQs article, and then was surprised when I pointed out that the FAQ article says I should get HBO Go. The last person said the article was in error and would be updated.

About two weeks after that I looked at the Stream FAQ article again. Some text and formatting had changed, but it still said that Stream TV customers get HBO Go. So I tried to log in … and it worked.

HBO was the final piece of the puzzle. By eliminating (mostly) my Xfinity TV service, I had saved around $135 per month.

Twitter’s Logo

August 12, 2013April 8, 2016 Danielbranding, twitter

Dear World,

Twitter updated its logo. Fourteen months ago. (June, 2012!)

Please stop using the older (boyish) logo. Or the styled “t.” Immediately.

Thanks,
Daniel

Windows 8 First Impressions

October 26, 2012October 27, 2012 Daniel

Last night at midnight (all time zones), Windows 8 became available. I downloaded the $39.99 Windows 8 Pro version.

I installed it on my Dell laptop. I’ve been running Windows 7 on this laptop since I got it. It does not have a touchscreen.

Every time I install Windows — and I do it every six months or so — I format the hard drive first. When I started up the Windows 8 installer (running from a USB stick), I backed out twice because I didn’t think I was going to be given the option to format first. Turns out the option is there. I think there’s a trend in all software to make crucial processes — like OS installation — less intimidating to novice users. Unfortunately this also gives advanced users the impression that high-level options are missing even when they’re not. This is a very small gripe, but one that’s really an improvement for the group of users I like to generically refer to “people like my dad.” I’ll get back to Dad.

Windows 8 is the first version of Windows to tightly integrate a user’s online Microsoft/Live.com account. I appreciate this. Also, Apple’s been doing it for a while. One thing I don’t like about it is that in order to log into my computer, I need to use my Live.com password. For most people this probably wouldn’t be an issue, but I use a password manager (1Password) and therefore a long, cryptic, hard-to-remember, hell-even-hard-to-type-in password. That’s annoying, and I was not given the option to use a different (simpler) password to log into my machine. I’m still acclimating to the new OS, so I’m certain there’s a place to change my password. I hope that I will be able to have one password to log into my machine while maintaining my long and cryptic password for Live.com. I will update this post when I find out.

[UPDATE] If your PC’s account is tied to your online Microsoft account, the two accounts will necessarily share the same password. Making your PC’s account a separate account allows for a different password, but stops synching. However, there’s a pretty good third option. You can create a PIN number for logging into your PC. I kind of wonder if this isn’t designed for people like me. I’d rather have an alphanumeric password, but a PIN is tolerable.

I like the look and feel of Windows 8. It leans heavily on the Metro visual style (I refuse to refer to it by its proper name, “Windows 8 Style.”), and that’s a good thing. I would describe Metro as ultra modern. Again, good.

A quirk of Windows 8 is that it’s kind of running two operating systems simultaneously. On one hand, it runs more or less Windows 7, with a desktop, a task bar, Windows Explorer (called something else now), etc. On the other hand, it’s got the Metro UI, which will run all Windows RT applications. I consider this analagous to a hypothetical future version of Mac OS X that also runs all iOS apps.

The first installer I ran after booting into Windows 8 was Google Chrome. I didn’t even launch IE to download the installer — I have a copy on another USB stick. It installed with no issue, and as Chrome does the first time it runs, it asked me to type in my credentials so that it would sync all my bookmarks and extensions. This proceeded as it has every time I’ve installed Chrome on any machine. The 1Password browser extension is quirky and doesn’t sync like other exensions, so I installed it as I always do. It didn’t work the first time I tried it, so I decided to reboot the machine.

When I got to the Metro Start Screen, I clicked on the Google Chrome tile. Chrome launched and … prompted me to type in my credentials so it could sync all my bookmarks and extensions — as if I had never run it before. But I had run it only moments earlier! I looked around the screen, and noticed that there was no taskbar. Also, there was no button to change the size of the Window.

This was the Metro version of the Chrome browser.

I summoned the Start Screen and clicked on the Desktop tile. From there I launched Chrome, which had the 1Password extension installed (working normally now). I switched between the two versions of Chrome, nearly identical, running simultaneously. It appears that Desktop mode uses one user profile, and Metro mode uses another.

This is where I come back to users like my dad. I can’t imagine explaining this scenario to my dad, let alone telling him how to resolve it. Some quick Googling indicates that you can force Chrome to always run in the desktop mode, but it requires a registry hack. Facepalm.

Maybe Google will update Chrome with a checkbox in the settings screen to force Desktop mode at all times. Maybe Microsoft will patch Windows 8 so that each application to be forced to run in Desktop mode. In fairness, maybe there are updates available to Windows 8 that I simply haven’t installed yet.

But this is a problem. In an hour of use I encountered an annoyance clearly directed at making the experience better for novice users, then encountered what could be a serious problem — and I don’t know how I would explain it to users like my dad.

I’m curious about how IE handles the Metro/Desktop issue, but I doubt that I will suggest my dad run IE full time.

I anticipate that Google will work out a resolution to this problem — and I feel comfortable using the word “problem” rather than “issue” — but Windows 8 has been available in its final form for several months and as a full-functional beta for over a year. Why hasn’t this been sorted out already? I will monitor updates to the OS and to Chrome, and update this post as appropriate.

My 1&1 Feedback

September 10, 2012February 7, 2013 Daniel

Today I called — yes called — 1&1 so I could cancel my hosting with them. A few hours later, I got an email asking for me to fill out a short survey about my experience. There was a box at the bottom asking for “any further comments or suggestions.” Here’s what I wrote:

Four points. First, I wanted to keep my domains with 1&1 but cancel my hosting. I called the 800 number over the weekend. I was told that sales is only available Monday through Friday, but that I could go to cancel.1and1.com to cancel my hosting but keep my domains.

I went to to cancel.1and1.com but there was no clear indication that the options presented to me would allow me to cancel my hosting but NOT CANCEL MY DOMAINS. You can imagine why I wouldn’t click buttons unless I was 100% certain that I would NOT BE CANCELLING MY DOMAINS. If the option is there, make it clearer. Probably redesign the entire workflow. If this option is not possible on the website, don’t let the weekend phone support tell customers that it is.

Second point. In order to cancel my hosting package, I had to give the phone rep my password over the phone. It is unconscionable that 1&1 operates this way in 2012. http://technet.microsoft.com/en-us/library/cc784090.aspx Most major companies NEVER ASK A CUSTOMER FOR HIS PASSWORD. Not over the phone, not in email, not ever. A phone rep should not need a customer’s password in order to cancel some or all of that customer’s package. This poor security practice has me wondering what other poor security practices 1&1 is guilty of. Frankly it makes me think that I should end all my business with 1&1. I haven’t decided, though, so please don’t kill my domains.

Third point. Why is admin.1and1.com STILL SO SLOW? Go create an account with Dreamhost. It doesn’t take 20 seconds for their panel to load up. It is nearly instantaneous! For as long as I can remember, 1&1’s admin panel has been slow.

Fourth point — Improve PHP support. A customer must jump through hoops to enable PHP 5.3, and when he does, memory restrictions make simple tasks such as writing a post in WordPress fail. This situtation is unacceptable, and this scenario is the reason I moved my hosting to Dreamhost.

Goodbye, Netvibes

November 23, 2010August 25, 2012 Daniel

I’ve mentioned Netvibes on this blog on three previous occasions. I’ll summarize each post for you:

I love Netvibes
There are things about Netvibes that bother me
Netvibes has been broken for two days so I’m writing a tool from scratch to replace its functionality

Before today, I have tweeted about Netvibes three times:
September 5, 2010 (permalink):

How many years has @netvibes been around? Still, when you change your password, you’ve got to delete your cookies on all other machines!

November 3, 2010 (permalink):

The @Digg RSS feed has been broken in @Netvibes for a week.

November 17, 2010 (permalink):

@Netvibes has been in beta for five years and my RSS feeds still update erratically. One day closer to switching to @GoogleReader .

(Side note: For several weeks after rolling out version 4 of its website, Digg’s RSS feed experienced varying degrees of dysfunction. However, when I tweeted about that particular feed being broken in Netvibes, I loaded it up in other aggregators (specifically, Google Reader) to verify that the feed itself was no longer the source of the problem.)

Around November 17, I began to use Google Reader to take the place of Netvibes’ RSS aggregation functionality, and I created a Firefox Sync account to take the place of Netvibes’ bookmarks functionality. Since then I exported my bookmarks from Netvibes, imported them to Firefox, and started the arduous process of re-tagging them all.

Today, I found myself actively avoiding Netvibes despite the fact that I have yet to organize my bookmarks in Firefox. Because of this, I wrote a new tweet on the subject. For some reason — perhaps the phrase “abandoned netvibes” — Netvibes CEO Freddy Mini replied. The exchange was brief, but I’ll present it as a conversation:

Me: Abandoned @netvibes in favor of @GoogleReader and #FirefoxSync . I think netvibes’ developers abandoned it first.
Freddy Mini: @DanielPremo why would you say that?
Me: @freddymini Consistent bugs in RSS widgets — widgets that don’t update, widgets that show the same one or two items over and over.
Me: @freddymini Also: every time I change my netvibes password, I must delete cookies on every other machine, or netvibes is just a blank page.
Freddy Mini: @DanielPremo fine. see you.

Part of my frustration with Netvibes stems with the fact that I know not only that its problems can be fixed, but also how to fix them. I ran into the password/cookie issue when I was working on fav.premo.biz — and that site’s just a hobby. Netvibes is a tool that has a mountain of potential. But in the ways I use it, it’s been slowly moving backwards. This leaves me with no choice but to find more effective solutions.

Twitter ♥ Ellipsis

September 6, 2010 Daniel

I felt like this warranted a blog post, no matter how short. But hey, it’s about Twitter, so a short post is appropriate!

The ellipsis (Wikipedia) is three periods in a row often used to signify that content has been abbreviated or truncated. In the world of automated (or automation-assisted) Tweet composition, it’s a common thing. There’s also a premium on character count in the Twitter world, particularly when it comes to automation.

Well here’s an easy way to squeeze in two more characters: The ellipsis character. Rather than trimming an extra three characters (for three periods) from text that is too long, you can trim just one character (for an ellipsis). Examples:

This text is truncated without three periods ...
This text is truncated with an ellipsis …

They look the same, but you can tell they’re different by trying to highlight each period separately on the second example. And, in line with my rampant narcissism, I wrote a 140 character tweet about this very blog post which uses — you guessed it — the ellipsis character. And finally (because I wanted to use Twitter’s Blackbird Pie tool), here’s a pretty representation of the same tweet:

I’m writing a fun blog post about the benefits of the ellipsis character when truncating text for the purposes of programmatic autotweeting…less than a minute ago via Tweetie for MacDaniel Premo
DanielPremo

HTML5 and jQuery

February 24, 2010 Danielhtml5, jquery

The last time I was unemployed, I put together Fav.Premo.biz. Unemployed again, I’ve dipped into code all over the various projects I’ve got up and running.

With the exception of the main site (i.e., the page you’re reading), I’ve decided to change all of my sites from HTML4 or XHTML to HTML5. In addition, I’ve decided that now is a good time to stop using Prototype and script.aculo.us and start using jQuery.

I’ve decided to move to HTML5 for two main reasons. First, HTML5 is more elegant than HTML 4.x or XHTML 1.x. I love elegance when it comes to programming. I find that the criteria which determines what is and is not valid HTML5 code is less draconian than for HTML4.x and XHTML1.x. Also, HTML5 introduces new features that allow developers to add greater functionality with hand-written markup. Greater flexibility and greater functionality sound pretty elegant to me. Second, due to these new features, HTML5 provides for greater use of open source technologies. The long and short of my feelings in this area is that HTML5 gets us one step close to a world without Adobe Flash. The <audio> and <video> tags allow developers to add rich content to sites without relying on a closed source, proprietary plugin that is a resource hog and a security risk. Who couldn’t love code that’s more elegant combined with a better user experience?

I’ve decided to move to jQuery because jQuery is updated far more frequently than the JavaScript frameworks I’ve been using up until now — Prototype and script.aculo.us. For example, jQuery 1.4 was released in January 2010 and jQuery 1.3 was released in January 2009. When it comes to Prototype’s progression over that time, I can only estimate that it’s seen two bug releases (0.0.0.x) and one maintenance release (0.0.x). Although putting out regular updates to a code base may be virtuous, it’s not the whole story. Every time jQuery is updated, its release notes contain graphs showing speed improvements for all major browsers. Speed improvements on an annual basis. This just isn’t happening in Prototype or script.aculo.us.

I have a few public-facing sites that use JavaScript here and there, but only one makes heavy use of it: Fav.Premo.biz. Since modifying code to use both HTML5 and jQuery would be painful at best, I’m going to rewrite Fav.Premo.biz using these new technologies. It’ll be an undertaking, and it might not be finished soon, but it should be interesting.

Windows Money Savers

October 5, 2009 Danielantivirus, microsoft, microsoft windows, oem, windows, windows 7

Today I checked out Ars Technica’s latest Week in Microsoft, and came across two articles that might save Windows users some money.

The first is about Microsoft’s freshly-out-of-beta antivirus suite. First look: Microsoft Security Essentials impresses. In 2006, Microsoft released a retail antivirus program called Windows Live OneCare. By the end of 2008, Microsoft had announced that it would discontinue this product in favor of a free replacement called Microsoft Security Essentials.

For years I’ve been using AVG Free, but today I uninstalled it (you don’t want two antivirus programs running at the same time) and installed MSE. It looks like it’s a bit easier to use than AVG and I must say, it’s got some beautiful system tray icons. I might write a post in the future with some expanded impressions of the product, especially with Windows 7 coming out this month.

Microsoft Security Essentials can be downloaded here.

The second article is about something I’ve known about for years but to which I’ve never committed. Newegg reveals Windows 7 OEM prices. I’ve known about OEM versions of Microsoft Windows since before Windows Vista was released. From what I understand, an OEM copy of Windows is only supposed to be used on a newly built machine. However, I believe that is more of a suggestion in line with the “Student and Teacher” edition of Microsoft Office (which has since been renamed to the “Home and Student” Edition.) On Newegg’s listing page, the text appears to be cut off, but here’s the part that caught my eye:

software requires the assembler to provide end user support

That made me think: Hell, I’m capable of that. I’d prefer it that way, in fact. If I were married with kids, I’d probably put an OEM copy of Windows on each of their machines, too. I wouldn’t suggest it for my parents or my sisters, or even my best (nontechnical) friends, though. But for me, why not? Oh, and why is this a money saver? Depending on the edition of Windows purchased, the OEM version is about 50% cheaper. The greatest savings percentage-wise appears to be on the Professional Edition, which is the one I’ve got my eye on.

Newegg lists every version of Windows 7 it’s selling here.

So if you’re a technical person, take a look at both of these articles. If you’re not, consider using Microsoft Security Essentials. Because it’s free antivirus software.

Blog.DanielPremo.com

Internet