>New Phone

>I just got a new Android Phone, the T-Mobile G2. And I love it. It’s fast, it’s responsive, and the download speeds are incredibly fast (for a phone) and the phone. The phone is a little on the heavy side but the phone feels so solid, the weight doesn’t bother me. In fact, I would say this is one of the best “feeling” elecontric devices I’ve had in years.

This phone replaces my T-Mobile G1 that I’ve had for close to 2 years. The G1 was nice but it was getting long the tooth. I was disappointed when they didn’t push Android 2.1 to the G1. And, it was starting to feel really slow with some of the applications I use like the Google Navigation app.

So, the first question that comes up is why didn’t I get an iPhone. And there are two primary reasons for that. First, I don’t really want to back to AT&T. I was with AT&T for years, originally with AT&T Wireless, and their custom service had gotten to the point where I thought it was terrible. It is what made me switch to T-Mobile (who seems to have some of the best customer service in wireless around). That plus a family plan similar to my T-Mobile plan would cost me a bit more per month. My second reason for no iPhone is that I hate iTunes and don’t want to install that best on my computer.

I am not anti-Apple though. I believe that Apple with the iPhone has taken the user experience to a new, higher level than it was at previously.  And that has forced changes at other manufacturers that have been all cell phones better. I’m guessing that the iPad will have a similar effect on the netbook market.

But back to my G2. I knew I wanted to another Android phone and with T-Mobile, I had a few to chose from. For me, it came down to two phones: the G2 and the Samsung Vibrant (the T-Mobile Galaxy S phone). And there were a few things that made me select the G2 over the Vibrant:

  1. The G2 is running Android 2.2 today; the Vibrant is still 2.,1.
  2. The G2 uses the new HSPA+ connection giving 4G connectivity speeds.
  3. The G2 is a pretty vanilla Android install (which is closer to what I was looking for); the Vibrant includes the Samsung Touchwiz interface. One problem I see with custom interfaces is that they slow  down Android updates to the phone (which is why I believe the Vibrant is still Android 2.1).
That said, there are a few things I wish the G2 had:
  1. More than 4GB of built-in flash memory (with only 1.2GB available – what happened to the rest).
  2. The ability to uninstall some of the pre-installed Google App’s. For example, Google Goggles and Google Earth are cool app’s that I don’t see myself using on my phone. But I cannot uninstall them.
And there are a few really cool features that I get to take advantage of now because of upgrading to a G2:
  1. Chrome to Phone – This is a WOW feature. I look up an address in maps.google.com, click the Chrome to Phone button and , presto, the map shows up on my phone where, with a simple click, I can use it in the Google Navigation App. Very cool.
  2. The email, calendar and contact integration with Exchange now exists and is fantastic. On my G1 I had to use a 3rd party app. With my G2, I setup the Exchange server as an email, and everything just automatically integrated. 
  3. The performance and responsiveness of this phone is phenomenal. It responds to touch instantly and everything opens very quickly. Yes, it is “only” an 800MHz chip instead of the 1GHz chips in a lot of other phones (like the iPhone 4 and Samsung Vibrant) but it is also a next generation chip. And most of the comparisons I’ve seen between the G2 and the Nexus One, running Android 2.2 with the 1GHz chip, have the G2 being the faster phone.
Overall, I couldn’t be happier with my choice though I’m sure some new phone will come out in another couple of months that will make me wish I had waited. 😉

>Passwords & Security

>I’m surprised by how many sites and IT departments continue to force users to change their passwords every 30, 60, 90, 180 days. I find this practice annoying and wonder why everybody thinks this is a good idea. And why this is still considered a best practice.

There are now more opinions to back up my thoughts:

But, in spite of this, many IT systems still believe that changing your password every 90 days or so makes things more secure.

Don’t get me wrong, security is important. It needs to be job one in every application that stores anything about me and in every IT department. Protecting my data is very important to me and I don’t want to do business with a company that doesn’t believe security is important.

I do believe that you are more secure with a longer password. And I would rather have a long password than be forced to change my password every 90 days. The problem is that sites make the determination for me by forcing me to change my password. Since long passwords are harder to come up with and remember, I end up with shorter passwords because I take the path of least resistance.

Why am I so worried? In a 3year old post, Jeff Atwood, taking about a specific password cracking program in his Coding Horror blog says, “this attack covered 99.9% of all possible 14 character alphanumeric passwords in 11 minutes”. The problem is only getting worse. Some of the new cracker programs take advantage of the massive amount of processing power in the nVidia graphics processor chips cutting the time it takes to crack passwords by 60% or more.

Yet I’m still forced to change my password on some sites. So I go with shorter passwords because coming up with longer passwords is difficult and I don’t want to do that every 3 months. Why is it so hard to get IT people, including myself at times, to acknowledge how security risks have changed and to change our behaviors? And to change “best practices”?