zoiaorg

Tech, Strategy, and other interesting things by Roberto Zoiaby Roberto Zoia

Blind to Biases

by Leave a Comment

Runner’s World tells the storie of Ellie Pell, who won the overall first place in a 50K Ultra Marathon.

The organizers of the event had assumed that the overall winner would male.

While there was an award made for the first place female, there was no award prepared for the first place male. Instead, there was only a trophy for the overall winner, which was predicted to be a man.

What’s worth noting is not the organizers’s bias, but that they were blind to it. Blind to the possibility that a woman could actually win the race.

Being aware that we may be blind to our own biases is the first step towards overcoming them. Blindness may come, for example, from taking for granted what for others may be a privilege1.


Photo by Andrea Leopardi on Unsplash

  1. For example, check McKinsey’s article on Why gender diversity at the top remains a challenge

How to Prevent Hackers from Accessing Your Mail and Other Online Services

by Leave a Comment

Online security is more relevant than ever. News from hackers breaching massive number of user accounts from an online service no longer surprises anyone.

Two important things that you should do today to improve the security of your online accounts are setting up two-factor authentication and using a password manager.

Two-factor Authentication

Two-factor authentication means that each time you log into an online service, before you can get access to your account, you’ll be asked to enter an additional code after you enter your password. This code is generated by an app on your phone1, or sent to you by SMS, and changes every 30 seconds. With two-factor authentication enabled, even if your password is compromised, a hacker cannot log in into your account.

Ideally, security is based on three things: something you know, something you have, and something you are. Almost everybody uses usernames and passwords. That’s something you know. But as security experts point out, “passwords have outlived their usefulness as a serious security device”. Adding something you have to the login process, like an additional code generated by an app in your phone, greatly enhances security.

If you are required to use your fingerprint to unlock your phone, then you’ve introduced a third factor: something you are. This is probably the best scenario you can get without resorting to professional-level security.

Authy

There are several authenticator apps on the market, perhaps the most well-known are Google Authenticator and Authy. Microsoft also offers an app. My personal favorite is Authy, because it syncs across devices so you can generate tokens from your phone or laptop. (Authy’s webpage offers a handful of guides on how to activate two-factor authentication on popular services. Check, for example, their guide for Gmail.)

What if your mail service provider doesn’t offer two-factor authentication? Don’t hesitate, change to a provider that does.

Use a Password Manager

The second most important thing is to use a password manager. Writing down your passwords on a stick-it note or in your iPhone’s Notes app is not only inefficient but insecure.

Companies that require their employees to change their passwords every 30 days, and don’t provide them with a password manager, are simply encouraging their employees to use weak, easy to guess passwords, or to write them down in a note they stick to their laptops.

With a password manager, you only need to remember one password: the one for the password manager itself. The app takes care of storing the usernames and passwords for every online service you use. Thanks to browser extensions, they recognize which webpage you are visiting and fill in the proper credentials. It also keeps you passwords synchronized between devices. (And yes, you can enable two-factor authentication for the password manager itself.)

Passwords and hashes

To understand why password length and complexity is important, we need to dive into how online services store passwords, and what hackers do when they steal user’s credentials from a server.

When an online service asks you to enter a password to create your account, the password is not stored as-is in the company’s servers. Instead, the server generates a hash code for the password. This hash code, and not the actual password, is stored along with your username and other data on the server2.

A hash is a mathematical function that takes a string of data as an argument, and produces a fixed-size series of numbers, which is call a hash code. Different passwords will produce different hash codes, and it is nearly impossible to deduce the original password from the hash code.

To verify your identity, the online service asks for your password, generates a hash code for the characters you typed in, and compares it to the hash code it generated when you created your account (or last changed your password). If both hash codes are equal, it means that the password you just typed and the password registered on the server are the same. You are granted access to your account.

Now and then, hackers break into an online service’s servers and steal data: email addresses, and password hashes, among other data. These stolen databases are sold in the black market for money3.

As computer processing power becomes cheaper, it is possible to try a brute-force attack against a stolen database and succesfully recover part of the original passwords from the hash codes. Brute-force means that the hacker will use a program to generate, systematically, passwords with every combination of characters, and compare their hash codes with the hash codes in the stolen database4. For every match, the attacker now knows he or she’s got the password for a given account.

To protect you from this kind of attack, password managers allow you to generate long and random passwords for each new service you sign in. If you are inventing passwords by yourself, then your passwords are probably not long or complex enough. A long enough password ensures that a hacker won’t be able to crack it for several years from today.

This comic by xkcd’s Randall Munroe illustrates the point.

If the hacker get’s to know your username and password, chances are he or she will try to use them to access your accounts on popular services: Gmail, Facebook, Dropbox, Instagram, LinkedIn, etc. Once he’s got access to your email, he can request a password reset from other services, which will send a link to for resetting your password to your now-compromised email account. (That’s another reason to enable two-factor authentication.)

Which password manager should you use? I can recommend 1Password, which I’ve been using for several years now. Also, LastPass has excellent reviews.

Two-factor authentication and using a password manager are the most important things you should do today to improve online safety and protect your accounts from being hacked.


Photo by Dayne Topkin on Unsplash

  1. These apps are called, among other names, two-factor authentication or 2FA apps, authenticator apps, one-time password or OTP apps
  2. There are some online services that store their customer’s passwords as-is, which is a terrible practice. You can detect such services when you forget your password and click on the ‘Forgot your password?’ link: they’ll send you your password by email, instead of generating a new one or sending a link to reset it. 
  3. There are pages that will tell you if your email has been compromised in a data breach. Check, for example, \
  4. The attacker doesn’t even have to be an expert hacker to do this. For $10, you can get a very good book explaining how to do it. 

Social Networks’s behavioral addiction

by Leave a Comment

Cal Newport, in his book Digital Minimalisn, explains that there are two forces that encourage behavioural addiction when using social networks.

The first force, intermittent positive reinforcement, exploits the fact that rewards delivered unpredictably are more enticing than those delivered with a known pattern. The expectation of likes/hearts/retweets after posting online is comparable to gambling.

The second force is the the drive for social approval. Social media is tuned to offer us a rich stream of information about how much (or how little) our friends are thinking about us at the moment.

We didn’t sign up for the digital lives we now lead. They were instead, to a large extent, crafted in boardrooms to serve the interests of a select group of technology investors.

— Cal Newport, Digital Minimalism

A quick test to see how deep these two forces have taken hold of your behavior: delete your Facebook and Instagram apps from your phone for just one day, and see if you show signs of abstinence syndrome. You can always reinstall the apps later if you want.

Maybe it’s time to let the old ways die

by Leave a Comment

A difficult aspect of facing technological innovation is the decision to change your business model in ways that disrupts your current business. It’s not easy to leave the safe shores of what works and is known.

NiemanLab published this interesting article about the L.A. Times and its difficulties competing in the digital business once the advantage of physical distribution of newspaper that gave them market power disappeared. Among other things, the L.A. Times is late in the game. The New York Times launched its first try at digital subscriptions in 2011, eight years ago. The table below, extracted from the article, shows the results.

“In every era, traditional media channels will diminish, dismiss and ignore the new ones. They do this at the very same time that they are supplanted by the new ones. While they will occasionally spend some time or money testing a new medium, they rarely leap.1

An important exercise is to write down a list of the current technology trends, and consider how they could affect your business. The difficult part is not falling in a blind spot, dismissing things as ‘hyped’ or ‘not serious’.

Take, for example, Artificial Intelligence (AI). If you follow some kind of business trends, you’ll read news every day of companies applying AI to some part of their operation. The insight here is that there are a small fraction that are actually applying advanced AI. But there is a significant number of companies that are going through ruthless automation of everything task-related, applying automation to every process possible. Call it ‘basic AI’ if you want. In a couple of years, thanks to their lower costs and operational efficiencies (and the insight they can get from their data), these companies will be in a significantly better poisition to compete than companies that are dismissing AI as just ‘hype’.

Hint: If you can’t identify a technology trend that could disrupt your current business model, you’re doing your analysis wrong.

Photo by Austin Chan on Unsplash.

  1. cfr Seth Goding, The old media/new media chasm

Where Should You Publish Your Content?

by Leave a Comment

There are several good options for publishing content online. Facebook, LinkedIn, Instagram, YouTube, Medium, and others offer a convenient and cost-free way to publish content and, potentially, reach a huge audience.

It’s important to understand why social networks are free. Like Michael Ende’s Momo Men in Grey, social networks are dependent on their ability to get humans to invest time on their platforms. Social networks revenue comes from selling carefully segmented “user attention” to advertisers1. In this business, eliminating any barrier to users spending time on their platforms —maximizing engagement— is critical for increasing revenue.

What’s critical for the network to succeed is to have enough “user attention” to sell to advertisers, properly segmented. Users spend time on social networks interacting with other users, and interacting with what other users post. To keep users engaged, social networks need a stable supply of content relevant to their user’s interests2. There is one more twist, however: the beauty of the model is that the content is created by the users themselves, which is another reason why publishing on said platforms is free.

As several people have pointed out, if you are not paying for the product, then you are the product.

The Rules of the Game

The problem on relying solely on a social network as your digital home is that their business model may not align with yours.

Consider Medium. Developed by co-founder of Twitter and founder of Blogger Evan Williams, Medium was launched in August 2012 as a long-form publishing and social site where content is privileged. The platform has a clean design, an excellent editor for writing articles, and offers exposure to like-minded people who are in the search of quality content over click-bait articles. Publishing on Medium can give you a lot of exposure.

However, social platforms have their own goals. In 2016, in search of a profitable business model, Medium introduced a paywall around its content. If you had been publishing on Medium, your content became blocked behind the paywall. From that date on, your readers need to subscribe to the platform in order to read more than the 3 monthly articles limit offered by Medium’s free account.

Another factor is what content is shown and when. Most social networks use a newsfeed to show content to their users. An algorithm custom-tailors the series of posts you see. The algorithm’s selection criteria is proprietary to each network. From the user’s point of view, this means that you have limited control over who sees what you publish. Even if you publish something for “Your Friends on Facebook”, not all your friends are shown what you post. (But you can pay Facebook to ‘boost’ your post.) Also, because the newsfeed is time-based, content that is not reshared, quickly fades into oblivion.

Using Social Networks to Promote Your Content

A better strategy is to publish your content on a site under your control, and then use social networks to promote and distribute your content. Having your own site gives you a series of benefits that social networks don’t. It gives you control over your brand. (If it’s your personal brand, I think this is becoming more important every day.) You can tailor the site to reflect your strategy. Over the paltry analytics most social networks give you, you can measure in detail how users interact with your content.

Long term, you are building an asset. Social networks come and go… come and go with your content, if that’s the only place you publish.

Photo by Daria Nepriakhina on Unsplash.

  1. The exception is Medium. Medium income comes from subscription plans. In the case of LinkedIn, their clients are advdertisers and headhunters.
  2. In some cases like LinkedIn or Medium, income also comes from offering premium, non-free plans to users. These plans give you more control or access to published content and users. LinkedIn, for example, artificially limits the number of advanced searches you can do using a free account.