Is it not still blocked, or at least under heavy scrutiny? I would also dread Figma being folded into Adobe's bloated ecosystem. Thank god for penpot as mentioned in another comment as I would need an alternative if Figma does indeed get taken over by Adobe.
I bet Adobe would like to back out of the deal too, they paid an extreme premium before tech took a general nosedive. I doubt Figma is worth $20 billion in todays climate.
I do wonder how Adobe will fare with empowered governments in the EU, UK, and US that want to thwart these types of acquisitions for big tech. Frankly I hope they succeed too. Mergers are not good for competitive markets and Adobe nearly owning every tool out their in the design space is extremely bad.
Yeah, I saw this move as a general protective manoeuvre rather than an acquisition intended to become a cash cow in and of itself. Figma is remarkably useful and capable. Over the years I've found myself leaning on it more and more for things I didn't really expect to.
The real magic is found in Apple charging 690 EUR for an upgrade to 2TB from 512GB on a MacBook Pro (0.43/gb), or 2760 EUR for 8TB (0.37/gb). Considering the 2TB 980 pro for $160 USD, (0.08/gb), it always truly pains me to pay the Apple tax.
What really struck me was the statement: "In total, $580,000 was raised in 2022
The Foundation pays 6 developers to work on PHP" which made me realise how easy it is to take for granted the development and maintenance of these open-source languages and ecosystem as a whole.
Say what you will about PHP, but we all rest on the shoulders of the incalculable effort that goes into the software we use everyday without thinking twice, and is something I'm very grateful for.
Similarly, cURL has been maintained by Daniel Stenberg for nearly 30 years. Billions of installs, every major tech company probably uses it... labor of love.
For me the main barrier has been convincing my family to actually take password management seriously. My entire family has had their emails hacked at least twice due to poor/reused passwords that have been in leaks, constantly forget IDs/passwords, and are constantly overwhelmed with the idea that they need to keep track of all these things.
I've set up a 1password family and set up accounts/vaults on everyone's computers/phones/tablets, yet they still find it too troublesome to use rather than simply writing passwords down in plaintext on their notes apps or just on sticky notes attached to their computers etc...
If anyone has had success encouraging family to use a password manager I would love to hear any tips, as I've sat my family down every holiday season to reset everyone's forgotten passwords and walk them through everything, practice creating/saving/using passwords and within a day it's all forgotten again. Like backups, I feel like no one takes it seriously until something truly horrible happens.
I used to work at 1Password, and have been a happy 1Password user before that. I recommend it _all the time_, and I carry around a $20 1Password gift card in my wallet to give to people when I recommend it. But I have been trying to get my mom setup on it for months and it's still a struggle :( I was hoping this article was going to say, "FooPassword has great security, and amazing UX and even your mom can easily use it", but alas...
The problems my mom experienced setting up 1Password, some I had never encountered. There are at least a handful of things going on that can cause problems, including web browser, internet connection, 1P browser extension, 1P desktop app, OS (at this point my mom has become unfamiliar with all desktop OSes since she has primarily used her smartphone for over 6 years and rarely if ever uses a desktop OS). There are enough opportunities for issues to occur that are trivial for me to troubleshoot, but are non-starters for my mom. And I suspect that my mom's experience is very common :(
I use 1pw and if you has any contacts left there, please urge them to fix their UIs!
The ux is terrible, and on Mac there are at least three different UIs you can open (browser, click on toolbar icon and "full" UI.)
On Linux I think there are at least two variants, maybe more, dont remember.
Just make one and make it simple and usable. By simple I don't mean Google/apple-style "hide everything because people are stupid".
I mean simple, consistent, reliable, usable and powerful.
1p is a fairly complicated UX that fails a lot. Sometimes password autofill shows up, sometimes it does not. If I bring up password autofill, sometimes it shows a list of 0 websites because I didn't use the website association thing when recording the password login, and often because it failed because the UI fails very easily if it doesn't go in it's happy path, or I press back, or the password was rejected, etc.
A lot of this is probably OS & browser vendor limitations, but it ends up with 1p being a power user only piece of software.
I had this problem to. And sufficed to say, the one family member we did convert is understandably panicked after the LP breach, and the one who held out is now smug about it.
For the ones who have held out, I gave up and just bought them all one of those "Password Journal" things from Barnes and Noble. Having unique passwords for every site is more important than having an electronic vault, so, baby steps.
Use a common prefix or suffix that you don't write down so that even if someone reads your little book (which is unlikely anyway), they won't be able to use the passwords.
Sure, this is great if your biggest concern is password security vs. password breaches. No one using pen & paper is creating new passwords for every site they register for, so they're probably just reusing the same few passwords (or, maybe, with small variations) between sites. Which means they're constantly putting themselves in a position to be hacked, regardless, since breaches expose all your other accounts when you have just one email address.
My parents tried that, but they kept misplacing the notebook in which these passwords were kept, and the passwords were too simple and guessable by half in any case.
I've had success with my parents and 1Password by only teaching them an extremely limited feature set: how to create new entries, update existing entries, and to copy and paste usernames and passwords. No browser extensions, no autofill features, no URLs, no vaults, no labels, etc.
I think that almost all the friction with respect to password managers relates to autofill, how to make it work, and in particular, how to recognize when and why it's not working.
For non-technical people, this is an intractable problem. It's too much even for a lot of technical people.
It's also why I doubt password managers in their present form will ever get widespread adoption. Their best features are just too finicky. Not due to any fault on the part of the authors -- it's just that the web is a mess, things change, and this kind of thing will always break from time to time.
So, my advice is to distill password management down to its simplest essence and just teach that to non-technical people in the hopes that it will more-or-less resemble the notepad/spreadsheet method, except with a password now.
Have you tried getting them set up with Apple's (if they're on Mac/iOS) or Google's (if they're on Chrome/Android)? Using something built-in is almost always the lowest friction option, and it sounds like it's friction that's keeping them from the sticking with the password managers you've tried them on.
I dislike the idea of recommending these OS-specific password managers because what if they need to access their passwords on another machine? But I'm guessing for most folks that's not a concern. I also don't trust them _nearly_ as much as I do 1Password, but that's at least some prejudice on my side.
I’d trust them more. They’re likely behind the same security barrier as the rest of Google’s / Apple’s services. They’re probably getting attacked all day every day and holding up so I’d imagine they’re way more robust than most smaller companies.
It isn't about how easy/difficult it is to hack them. Any password manager I use needs to be un-hackable in any realistic sense. It's about trusting the company. And before I get flack about "nothing is un-hackable" blah blah, see "in any realistic sense".
Exactly. When I worked at 1Password everyone in the company knew this, and were trying to vastly improve the user experience. I've been gone for about 18 months now and I don't see many changes, which is unfortunate, but I know it's something they are passionate about. I hope they can figure it out, I think UX and easy of use are difficult things to get right for password managers.
Both the Apple and Chrome password managers sync to the cloud so as long as they can sign in to their account on another computer or phone, they can still get access to the saved passwords.
But only when using an Apple product (for the iCloud solution) or Android device or Chrome browser (for Google's), right?
My parents use whatever browser their company has installed on their computers, which I think is Chrome for one person and Edge for the other. Their home laptop is a Surface Laptop device with Edge on it.
It'd work for their phones, and I honestly don't see them switching to Android anytime soon, but it's still not available all the time, and I haven't been able to get them to do anything but autofill of the passwords I created for them. Even as is, telling them to go to a dedicated app to copy a password to use on their laptops is a step too much. Adding more complexity isn't going to help.
Show them. Since you’ve got them set up, if you are called on for tech support (especially around a password), remind them that you can’t help them if they don’t have the password in 1Password, because you can’t debug those things.
It took 4–5 years, but my wife is now a 1Password advocate and tells people that it’s the best way to protect themselves. Sort of like a feature of our banking apps‡, she has been convinced by the fact that the 1Password URL matching provides strong anti-phishing protection.
For the most part, my family has found it easier to remember that they only have to know one password than to put up with my complaining that they’re not using 1Password and I can’t help them because they’re not…
‡ The feature for the bank was the "spending notifications". Almost ten years ago I installed the "spending tracker" app from the bank, and about a month or two after, I got a notification of a 0.01 charge from a company we have no business with. After I tapped through, I noticed that it was on my wife’s credit card, so I notified her that her card had been skimmed and she needed to contact the company. We knew before the bank knew because of their feature. She installed the app the next day.
My mom cannot understand how to use auto fill etc, but what I did was to set up a KeePass database file for her on her google drive and just sync it up on every device. She refuses to use anything but an android and she acquiesced to an iPad when I told her android tablets are still catching up. So I just found the most common service - google - and put everything on it. She now knows to open it and expose the password as well as create new entries. She still can’t copy paste or handle the generator.
My dad does not give a flying fuck however many times you tell him and just writes it down in a notebook. He just doesn’t care despite much of the family wealth residing mostly in his accounts.
I've never heard of mobile OS being THE barrier for using password managers. It's usually a ton of other things... after all, both of our favorite OSs use autofill from the keyboard bar, so it should be straightforward. But hey, I have a similar parent. I just installed it for him and told him this is the new way... "computer programmers made it this way now".
It’s not the mobile OS so much as the fact that I want something I can troubleshoot easily and isn’t hidden behind several layers of UX. KeePass satisfies that. I just shared my mom’s database file with me on Drive so I can also access it in case of issues. If not, I’d need a service that can support like family sharing and shit and they may ask for extra money. This is easier and more secure since my mom has no idea how to share things from Drive so she won’t even do it by mistake.
The auto fill part is relatively straightforward to us but it takes a while to get used to for the previous generation. In fact, despite showing her how to create new entries, she spent the last 2 years still writing it down in her Google Keep notes app. Had to spend a non trivial amount of time transferring them over this holiday.
I know a person who works in tech, is very smart, has plenty of gadgets -- he just can't take this seriously and uses a single txt file in Dropbox for all their passwords (that are all just human-generated, reused, MyRandomW0rd123-like passwords). Claims to be optimistic and thinks that they're not going to be that person who gets hacked.
The real annoyance is that we need a "password manager" in the first place
You wouldn't need to worry (too much - as long it's not a weak password) about password reuse if websites abided by security best-practices and wouldn't leak lists of weakly hashed password. salt + pepper + good amount of rounds proper hashing function: good luck
And to be fair the browser ones work great. Another one that works great is a paper notebook
And again, it all depends on your threat models. Using very complicated passwords and 2FAing your password manager will only ensure that you'll get locked out of your accounts sooner or later (unless you have a target painted on your back for some reason)
Strong disagree about password reuse, the average person has multiple dozens if not hundreds of accounts on various services. Even if none of them ever get hacked, you are still trusting thousands of engineers having access to production to not record the passwords that are sent to them with each login.
Just use a random password per service and keep it in a password manager.
> Again, if companies didn't treat password data carelessly
This is not a real solution. The real world is full of unreliable actors and byzantine generals. Any solution that depends on a perfect environment isn’t one.
The problem is you don’t need to get one company to behave well. You need to get every company to behave well.
It’s almost like saying “we don’t need to spend money on a court system, if we just got everyone in the country to work out their disagreements amicably”. While… true, it doesn’t sound like a plausible solution to my ear.
Remember that when you create an account and log into a service, you don't know if they even hash your password. They could email all the login attempts with your password in plain text.
A good password manager and 2FA, properly setup, should not increase your risk of lock out. It should decrease it - one set of 2FA elements and one password to remember.
Hashing passwords reduces the threat from database dumps, but it doesn't help against an attacker uploading a compromised version of the app and siphoning off credentials as they're submitted.
FWIW... I set up 1Password as a business account for demo and eval.
I hated it almost every part of it. If you are coming from Bitwarden, Dashlane, or Lastpass, the UI makes little sense. All three of those used Lastpass's initial UI. It's a better UX.
I couldn't get off of 1Password fast enough. Something about their desktop app it seemed overly heavy/slow.
Unfortunately for HN, titles make very poor search targets, all the more so because they're often obscure or obscured.
Comments offer a much larger target. Algolia's other features (searching by site or submitter / comment author), as well as obscure stuff like vote counts (submissions only) can be quite helpful.
I mine my own comments frequently, and that's a key benefit of using HN.
Thank you so much, that is precisely what I was looking for (my memory failed me regarding the background colour though, though there are purple elements). Thanks again, much appreciated.
One of the more interesting things I've felt about web3 is the idea of portable identities not being locked to centralized account management systems/walled gardens. This applies to tokens as well - eg, an asset that is no longer locked in to a particular game and could be used anywhere on chain. I'm thinking of MMORPGs having their servers shut down. It's interesting to imagine these things existing beyond the games themselves. I'm not a gamer (nor a collector of anything really), but I could imagine how interesting it would be to hold on to one's relics from these games, bringing them into new virtual worlds, even passing them down like family heirlooms. It seems like something that was often dismissed until the NFT boom lent some credence to the notion that digital artifacts need not be entirely disposable. Be it better or worse for the world, ultimately it really is a bizarre but fascinating experiment/exploration into our ideas of value and provenance.
I find it hard to imagine that a developer of a game is going to be happy with someone bringing something from another game into theirs. How would that even work? Does the developer need to create stats for every item that's been in any game that's existed up to that point to balance it? How would it work if the mechanic the item grants isn't even part of the game you are in?
If it's a standard NFT the original developers don't have a say in how a different developer wants to integrate the user's ownership of that token. If I see that your wallet has ownership of "sword of fire" from WoW and want to convert that to "saber of flame" in my game I can. I could even leave the same name, program the same design of the original weapon in, and appropriate the mechanic into my own game (ignoring the legality here and just focusing on feasibility). This is all possible because of how blockchains work -- all transactions (and the resultant change in state) are public and I can always identify which NFTs you own that way.
EDIT: I also wanted to add in that the smart contract that supports an NFT can be made in a way that allows the original developers to collect fees on every transfer of the asset. This means it might even be in my best interest as the original developer to endorse other games using my in-game NFTs because the longer I can get people transacting with my asset, the longer I can keep collecting revenue. I might even pay other game developers to integrate my item into their game to make this happen.
None of that makes any sense. I get what an NFT is. What I want to know is how the mechanics of taking a "sword of fire" from WoW and importing it into RandomNewGame will work without the developer of RandomNewGame specifically programming it in. And if the requirement is that they program in some compatibility with the WoW sword of fire, will they not need to then also program in support for all the billions of existing and infinite yet-to-be-existing items that someone will want to import into the game? You can spin SciFi tales to a different question. I'm asking for specifics on how this ridiculous idea would work.
So the likelihood of an item living on in another game could be quite tenuous. Not least because you have to hope the game developer supports your items and there isn't a strong incentive to do that.
The other side of it is whether these will have any meaning beyond being a nice reminder. In that sense you don't really need a token but to own your own data about the game. In this sense we can already see people holding onto the meaning of their previous gaming adventures, through maintaining friendships, keeping screenshots, diaries and other media about them and so on.
