I have been using a freeware product called “password safe”, and it was OK, but using it at work and at home meant I had to keep two databases up to date, which was a pain.

However, thanks to a tip from my friend Jeff, I just switched all my stuff (home and work) to LastPass (www.lastpass.com)

Why did I do that, and why would I tell the world where all my passwords are?  Well, it’s a really great system, and ULTRA secure.

In a nutshell, it stores your stuff in the cloud, but in encrypted form. Encryption happens on your computer, so they never have your unencrypted information, and have no way of getting it either! They also never store your personal information, or userid, or password in unencrypted form. So their system only contains encrypted blobs which are useless to anybody without the decryption key (your userID and password). So, they can cooperate fully with the FBI or foreign governments, and give them all the data they want. It’s still useless. There isn’t even any way of knowing who owns which blobs of encrypted data. How cool is that!  Well OK, so it’s probably only really cool to security geeks like me.

Anyway, you can store passwords & sites, and it will auto-fill for you when you go to log in with your browser (if you want – you can decide on a site by site basis). In addition, you can store personal info and credit card info on there and it can form-fill for you when you are at a checkout form on a website. You can also store notes of arbitrary text data, for any purpose you want. It generates passwords for you.

What! Put my credit card data out there? Are you nuts?  Well possibly, yes, but that’s another subject.  But yes, it’s secure enough to do that.  Once you "get” the security model, it’s clear that anything you store in this “vault” is accessible only by you, and so go ahead and use it for any bits of information, not just websites and passwords!

I mentioned that the system can generate passwords for you.  Here’s why that’s useful:  Most people tend to use 1 or 2 passwords for everything they do.  That means that if somebody learns, or guesses your password, they have access to a TON of stuff.  This is what we in the security business call “bad”.  If you use the system to generate a password for you when you sign up to access a website, it generates a nice secure password that is really hard to hack, and you would never remember it; but you don’t have to!  The password is stored with the site information, and when you go to that website, it automatically logs you in.  You never really even have to SEE that password.  You can view it if you want, but it’s not necessary. 

If you do this, not only are you creating logins for websites with a GOOD password (instead of the lame ones most of us use because they are easy to remember), but each site is different.  So in the unlikely event that somebody manages to get one of your passwords (no idea how that would be possible, but maybe a key logger on a public coffee-shop computer or something – work with me on this), then they only have access to one website because all the other websites you access have different passwords.

Another distinction is that since your information is stored “in the cloud”, you can access it from anywhere.  So, even if your computer dies in a fire, your important information is still out there.  If you use multiple computers, like I do, then this is really convenient because you don’t have to worry about keeping multiple databases of passwords up to date.  Any bit of information you store on one computer is available to you on any other computer.  Handy!

In addition to just storing stuff, you can share your passwords or notes selectively with other people. For instance, if I have a website with my personal login, and I want to give you access to it, I can either share the whole entry with you, allowing you to see the password, or I can share however much of it I want. This lets you use it by double-clicking (it then launches a browser, goes to that webpage, and logs in for you), but doesn’t let you see my password. Also, I can revoke the share any time I want.  This would be great for an employer to give an employee access to some business site (the company bank account, for instance), but without giving the employee the password.  They can do their job, but if they leave the company, there are no worries about having to run around and change the password – you simply revoke the share to that person!

They have a “premium” mode which is $12/yr which allows you to access all this from a mobile device too, and from a browser without installing their plugin, and also allows you to sync shares. So, if I’ve shared a login with you, and I change the password on my side, yours gets automatically updated.

If you want even MORE security, you can go for “two-factor authentication”. http://www.yubico.com/yubikey is inexpensive ($25 each, quantity 1), and works like an RSA token, but is actually a bit more secure because there is no LCD readout, and you never see the digits. If you buy a yubikey, they have a bundle where you can get a key and a year’s premium lastpass subscription for $30 (I wish I’d seen that before I sent my $12 in – LOL)

Anyhow, its very cool technology, and I have yet to read anything about this that’s negative.

I’m playing with an evaluation unit of the Samsung Galaxy Tablet from T-Mobile, so I thought I’d post my observations & any useful info I dig up. 

Pricing on this gadget varies widely.  T-Mobile has it for about $250.  If you want to pay more, you can get it from AT&T for $520.  Does that markup seem a little excessive to you?  Good, it did seem that way to me.

The model I have is SGH-T849 (no, not on the box or paperwork anywhere, you have to dig into the phone settings.  Here’s an interesting bit of trivia: If you plug this unit into your computer with the non-standard USB cable (looks like an iPod cable, but isn’t), the computer sees it, but it doesn’t charge it!  You have to plug that cable into the little wall-wart (which is admittedly very slick).

I asked “Irene” (complete with thick Indian accent) how to transfer memos from the tablet to my PC.  I was told this was not possible.  I took another tact and told her that the memo program has the ability to email memos, so I did that.  I ended up with a “.vnt” file as an attachment.  This is not text, html, xml, or anything else useful – it’s some proprietary file format.  I asked what reader I might employ to view said file.  After being put on hold for an extended period of time, “Irene” suggested that I download “Universal Viewer Portable 5.4.4” from the net (just google it, she said).  Cnet has it, if you are interested: http://download.cnet.com/Universal-Viewer-Portable/3000-2248_4-75157196.html?tag=api

According to net.wisdom, the sync program you need to use to transfer files and media to and from the tablet and your PC is called “Kies” (apparently pronounced “keys”, according to tech support).  Try finding this on Samsung’s twisty dead-link littered website, and you’ll be pulling your hair out.  I have less hair now, but victory was mine and I was able to find a link which did allow me to download Kies PC Sync software.  Here it is: http://www.samsung.com/ae/consumer/mobile-phones/mobile-phones/infotainment/GT-I9000HKDXSG/index.idx?pagetype=prd_detail&tab=support

It doesn’t matter what model of phone the website thinks you have, as they only have one sync program for all of them.  When I connect the tablet, I get “This device is not supported by Kies 2.0”.  Not very useful.  However, Windows 7 does see the device as a mass storage device, and can browse it.  I can manually copy pictures/videos back and forth, but I was looking for something more elegant.  Browsing the various folders didn’t yield anything “memo”-looking.

In the root directory is an executable named “Multimedia Sync by doubleTwist.exe” – intriguing!  When I ran it, I got a progress bar which stalled 2/3 of the way through with “Unknown error trying to download Multimedia Sync”.  I tried copying the file to my hard disk and running it from there – same result.

If you go to http://www.doubletwist.com/, you get a download page for an app which apparently does over-the-air sync.  Interesting, but overkill for what I’m trying to do at the moment.  T-Mobile does have a link (after more digging) where you can download this app: http://apps.t-mobile.com/doubletwist/ (it’s curious that tech support didn’t mention this).  After a painfully slow download, I was able to install it.  My initial impression is an iTunes type program for android devices.  Not bad, really!

However, it doesn’t have any ability to access memos.  So… the memo application on the tablet appears to be much like a piece of paper.  You can write on it, and look at it, but that’s it – don’t think you can transfer it somewhere else and use it.  To me, that’s fairly worthless.

*UPDATE* I reviewed the Samsung Galaxy SII cellphone.  Samsung has recently released Kies 2.0 and a wireless version also.