h1

Protect your email with a strong, unique password

April 24, 2020

Some of my friends have asked me recently about computer security, passwords, scams and malware. One thought he had a virus infection on his computer, another had been reposting hoaxes about WhatsApp messages while yet another had received one of these “we’ve got all your details, we’ve videoed you with your own webcam doing embarrassing things; if you don’t pay us money we’ll send the footage to all your contacts” emails. The reason he was particularly concerned was the email included one of his own passwords.

Of course it was a scam; it turned out the scammers had probably got his email and password from the LinkedIn security breach. So I confirmed with him that this wasn’t his email password and then reassured him it was a scam. He changed his email password just to be on the safe side.

Keep your email secure

Before anything like this happens to you, the most important piece of advice I would offer is: make sure your email password is UNIQUE (i.e. you’ve not used it for any other account, anywhere else, ever) and strong (8 or more characters and a mix of at least uppercase letters, lowercase letters and numbers). If it’s not, then I suggest you change it as soon as you can.

Computer with chains and a lock

It’s unwise to use your children’s names and dates of birth. Don’t use “password” “qwerty” or “1234567890” (which are some of the most commonly used passwords).

Why your email?

Because email is the way you reset every other password. If someone hacks into your email account they can change that password, then access every other account you have by going to the website and clicking the “I’ve forgotten my password” link. The site then emails them a reset link. Worse, they could log into your email and automatically forward your emails to themselves, so you don’t know anything’s wrong, but they receive a copy of any email sent to you.

So your email password is, perhaps after your bank, the most important password you use. And it doesn’t require your email provider to be hacked. If a major website is compromised (recent security breaches in the UK include Tesco.com and Carphone Warehouse) the first thing the hackers will do is try each password on the email account associated with it… and if you’ve used the same password for both, then the hackers have access to your email.

How to make a password strong but memorable

My preferred technique is to pick the title of a favourite book, album or song and use that as the key. Let’s consider, for example:

All I Want for Christmas is You by Mariah Carey.

(I don’t use this, nor should you, it’s just an example)

Take the initial letters capitalised as in a normal sentence:

AIwfCiy

Substitute some of the letters. For example you could change the “C” of Christmas to X for Xmas, “for” to 4 and “you” to u:

AIw4Xiu

It’s still too short, so add the initials of the artist – MC:

AIw4XiuMC

There you have a pretty strong, apparently random, 9-character password, but because you know the passphrase, you can remember it every time. No one will guess it, nor will it fall to a brute-force “dictionary” attack where hackers try every word in the dictionary.

Some sites require your password to include a special character, if that’s the case you can insert a %, & or @ between the song and the artist:

AIw4Xiu%MC

There you go, the almost perfect password.

Could I make it even more secure?

Yes, you could use what’s known as “Two Factor Authentication” or 2FA. Your online bank already uses this so you’re probably familiar with the concept. When you login you need to provide a second password, or a code texted to your phone. Maybe your bank’s sent you a special authentication device such as the Barclays PINsentry below, or you use an “Authenticator” app which generates a one-time random code. There are several authentication apps. Microsoft includes one in Office 365 (now Microsoft 365)Google has one, and Authy is one of the independent ones.

Sites including PayPal, Twitter and Amazon support the use of Authentication apps for 2FA. Many sites offer a 2FA capability and it’s a good idea to enable it if it’s available.

Barclays PINsentry security device

Barclays PINsentry for two-factor authentication

How to remember all those passwords

Ideally every password you use should be strong and unique, but that’s hard, especially as our memories fade with age. Writing them down, while not a great idea, is better than using the same password everywhere. Use a little notebook and keep it somewhere safe at home – that’s far more secure than re-using passwords. Someone would have to break into your house to get it, and if they do that they’re much more likely to steal the telly! Whatever you do don’t write your passwords on a sticky note on your computer!

Better still, use a Password Manager such as LastPass (there’s a free version for web, PC, Mac, iPhone and Android†) or 1Password (small annual fee) which can securely store all your passwords, generate new unique random ones and fill them in on your phone or computer as you need them. They have extensions for your favourite browser, and you can also access them securely from anywhere when you’re away from home (unlike the notebook under your bed). With a Password Manager you don’t need to remember, or even know, any password other than the master password for the app. Whatever you do, make that strong, unique and don’t forget it!

Should I change my passwords regularly?

It’s fair to say that the IT security industry is divided on this. Provided your password remains strong and unique then there’s benefit in doing so, and some systems require you to do so periodically. The problem is that many of us have lots of accounts, and trying to think of multiple memorable, unique, strong passwords regularly is hard. So many people, when forced to change their password, just use the same set over and over again, or they use the same password but include a number in it and increment the number each time. So being forced to change your password regularly may actually reduce rather than improve your security. Use a Password Manager and you can change your password regularly – in fact some of them will do it for you automatically!

What happens if the Password Manager site is breached?

Yeah, it has happened. Password Managers are, like antivirus software, a prime target for hackers. But it wasn’t a problem because the way Password Managers work is your passwords are securely encrypted with your master password as a key before being stored in the (yet further encrypted) Password Manager database, and are only ever decrypted, as you need them, on the device you’re using. Even the Password Manager doesn’t know your Master Password. So if the Password Manager site is compromised, all the hackers are likely to get is a list of encrypted records, none of which are any use to them.

They must know my password, how else do I log in?

When you first set up your password, the site does something called salting and hashing. Salting adds a string of characters (which may be very long and is usually unique to your user account) to your password before it’s hashed – a type of strong one-way encryption*. The resulting string can’t be reversed, so it’s impossible to work out your password from the salted & hashed string.

All this processing is done on your computer before the result is stored, so your password is never transmitted over the Internet. When you log in, your computer repeats the process and transmits the result which is compared with the stored version. If they match, you’ve entered the correct password and you’re allowed in. If they don’t, you’ve got it wrong. But at no point is your password known to, or stored by the system.

Even if a hacker managed to get hold of your unique salt and the hashing algorithms (as some are reported to have done in the LastPass breach) they’d still wouldn’t have your Master Password, so they’d have to guess it and try salting & hashing it to gain access to your passwords – which is why its still important to make sure your Master Password is strong and unique.

Clever eh? This salting and hashing system is used by many major Internet sites, not just Password Managers. It’s preferred because it doesn’t require the storage of any passwords in clear and it avoids transmitting passwords in clear over the internet. I suspect Tesco and Carphone Warehouse are using it now. If they’re not, they should be.

So keep your passwords, especially your email password, unique and strong, and use a Password Manager, then you can just ignore those scammers!

* For the purists, yes I know it’s not the same as encryption, but this isn’t the place to go into the details of the difference between encryption and hashing.

Update: As of March 17th 2021, LastPass Free is available only on EITHER computer (PC, Mac and Laptop) OR on mobile (phone, tablet and watch) but not both. In order to get it on both you have to upgrade to one of the paid plans such as Premium, Families or Teams. Still good value IMHO.

h1

Is Britain really panic buying and hoarding?

March 22, 2020

Undoubtedly, as the Coronavirus pandemic bites, some people are panic buying and hoarding. And some are bulk buying with the intention of selling goods on at a profit.

But I suspect the shortages in supermarkets are mostly down to something else.

Over the past 15 years, with the increase in the numbers of supermarkets, the growth in cooked-chilled and convenience foods, and the rise of Just Eat and Deliveroo, most people in the UK have been buying tonight’s meal that day, or ordering in. There’s evidence for this. In 2015 Waitrose published a study, reported in the Guardian, that identified exactly this trend.

Over time the supermarkets have adjusted their supply chains to replenish this little-and-often shopping style. Then suddenly we’re all faced with the possibility of being stuck at home for first seven, then 14 days and today, according to the Sunday Times (£) some of us will be told to stay at home for 12 weeks for our own good. Just imagine what happens when we all start to buy seven or fourteen times what we normally buy each day. Plus while take aways are still available, all those people who would eat in pubs and restaurants now can’t. So they’ve also gone food shopping.

I’m old enough to remember the “weekly shop” when we used to go to the supermarket on the way home on a Friday night and buy enough to make meals and have other products for the entire week. But for most families this is a thing of the past.

As a result the demand on the supermarkets’ supply chains has suddenly and massively increased.

Helen Dickinson, chief executive of the British Retail Consortium, said there was “plenty of food” in the supply chain and that the industry was experiencing “a peak in demand “like Christmas . . . without the four-month build-up period”.

Sunday Times, March 22nd 2020

Then the mass media, and social media, haven’t been shy about publishing photos of empty shelves, encouraging those of us sanguine enough to buy what we need for a few days, to rush out and buy more, just in case it’s not available when we need it. They need to publish more of these:

bargain_1894744b-1

A well stocked aisle in a UK supermarket

I’m sure it’ll return to normal, eventually. When either we’ve run out of room at home to store food, or we run out of spare cash or hit the limit on our credit cards. Helen Dickinson (quoted above) estimates there’s £1Bn more food in our homes than there was three weeks ago. Surely we can’t store much more without it going off and being thrown away?

And the cost of food will rise, not only because wholesalers sense an opportunity, and because of shortage, but because the BOGOF* and multi-buy offers normally offered by the supermarkets will be stopped for the time being.

I also suspect (but I have no evidence) that given the logistical constraints on distribution, priority is being given to food products in preference to non-food items such as washing powder. So those items will run short too due to both stocking up and reduced distribution. I’ll leave the last word to former Sainsbury’s chief executive Justin King:

“Britain’s food supply chain is under short-term stress, not structural stress,” he said, “Probably 50% of customers are buying twice their usual shop and supermarkets can’t cope with that.”

I hope it all settles down soon, but in the meantime I’ve bought some vegetable seeds which I’ll be planting out over the next few days – well I have lots of time and I’m not supposed to go out unless it’s vital…

*Buy One Get One Free

h1

Football on UK TV at 3pm? Never!

February 15, 2020

It seems perverse to me that in today’s technology and media landscape, with multi-billion pound fees paid for the rights to broadcast live football (soccer, for my transatlantic readers), it’s impossible to watch a live football match on a Saturday at 3pm in the UK unless you’re actually there in the ground, or have privileged access to a TV studio.

Why is there no live football on TV on Saturday afternoons?

The reason is that in the 1960s then Burnley FC chairman Bob Lord convinced other Football League clubs that if live football were available on TV at 3pm on a Saturday – the kick-off time of most football matches at that time – then their fans would stay at home and watch a higher league team on the telly rather than go to the live game. So a law was enacted that prevented the broadcast of any live match between 2:45 and 5:15 on a Saturday. This law is still in place and still observed, even for games being played outside the UK. Pubs in the UK are also unable to stream live matches between those times.

What’s the impact?

This is the reason so many matches are played on Sunday, Monday nights, Tuesday nights, Friday nights and why one Premier League match each Saturday kicks off at 12:30 (currently broadcast live on BT Sport) and another after the blackout at 5:30 (live on Sky Sports).

It’s also the reason that both the BBC and Sky have prime-time TV slots on a Saturday afternoon broadcasting a studio of football pundits all actually watching the live streams of the matches and then recounting to us mortals, who aren’t allowed to see the live action, what’s going on.

BBC football pundits on Final Score

I believe the one thing it does achieve is a substantial audience for the BBC’s Premier League highlights show, Match of the Day, and to a lesser extent the English Football League (EFL) highlights show currently on Quest.

Could it be fixed?

Of course it could. A simple change of the law to repeal this ludicrous rule would enable broadcasters to carry live football on a Saturday afternoon. Would it do what Bob Lord originally suggested and massively reduce attendance at lower league clubs? I don’t believe so, after all when lower league clubs get their matches broadcast live as part of FA Cup coverage, people still go to the games.

Perhaps we could try it as an experiment and revert if Bob Lord’s apocalyptic prediction comes true? But we’ll never know if we don’t try, because this has never been allowed in the UK – the home of football.

Perverse or what?

h1

A new type of telephone scam

November 12, 2018

My landline phone rang showing the number 0345 203040 (which I found out afterwards is Halifax’s customer service number). The lady on the phone with a strong Scottish accent said her name was Angela and that she was calling from Visa about some suspicious transactions on my bank Visa Debit card.

Would I confirm they were mine, and then they’d release them for payment? I asked how I knew she was from Visa. She said she wouldn’t ask me for any account details but didn’t give me any further verification.

She said one transaction was for £400 with Argos, and the other was £700 with Tesco. No, they weren’t mine. I wanted to find out which bank’s card this was (I have several with different banks). She wouldn’t tell me which bank, but asked me to list the banks. Which I did. She picked one and said it was that one.

She was very clever and credible. She knew my name and address. She asked what else I’d used that card for recently, if I’d put it into a cashpoint where it might have been compromised. (Possible but unlikely, I generally use it for contactless transactions). Did I actually have the card? Yes. Had it been damaged? No. What was the current balance? Hmm, I was dubious but I did tell her approximately.

Then she raised my suspicions further by saying she’d now like three pieces of security information, the first being my mobile phone number. I said I’d give her the last four digits, but she wanted the whole number. She said this was to demonstrate their security – she’d call my mobile and the number displayed would match the customer service number on the back of my debit card.

When I pointed out that it’s very easy to spoof any phone number you like on a phone call she hung up.

I presume if I’d been convinced by the phone number spoofing, she’d have gone on to ask for other details like my account number, sort code and so on.

I did call my bank afterwards who confirmed there were no such transactions, and that even in the event of a suspicious transaction on my card it would be them that contacted me, not Visa.

This is a new one on me – so watch out for Angela, or whatever name she uses next time!

h1

Black Friday – let’s leave it to the US

December 1, 2017

So it seems “Black Friday” has come and gone in the UK without it really stirring anything very much. The Daily Telegraph reports that Currys PC World in Oxford Street opened its doors especially early to let in the rampaging hoardes looking for a bargain – and there was one bloke outside who’d dropped by to pick up his pre-ordered laptop!

It’s no surprise to me. In fact I’m rather pleased that this particular US import isn’t getting much traction over here.

And nor should it.

Picture from The Sun of shoppers fighting over a flat-screen TV

The reason for “black Friday” is that this is how it was referred to by US retailers. The day in question is the Friday after Thanksgiving – which always falls on the last Thursday in November. For many of my American friends Thanksgiving, or “turkey day” as it’s colloquially known, is a much bigger family event than Christmas. The problem for US retailers was that after a day of scoffing Turkey and convivial drinking with their loved ones, most folks booked the Friday as vacation and slept in the next morning. So retailers didn’t sell very much on that particular Friday morning.

Hence it became known as “Black Friday”. Then some bright spark thought of the idea of having a discount sale, but one that ended at midday. So to get the great prices you had to get out of bed and go buy that TV, bike, carpet or whatever else, before lunchtime. I’ve been there on that day (in Boston, MA), and done it. And it’s quite fun, but a lot of people end up buying a lot of stuff they didn’t really want or need just because it was cheap, and the offer was time-limited.

That was it. And of course the UK doesn’t celebrate Thanksgiving, we didn’t have the dip in retail sales on that day, and “black Friday” meant nothing to us.

But the world’s moved on. We can now shop on the internet, so Americans can still sleep in and snap up those bargains without even getting out of bed. And, of course, anyone else in the world with an internet connection can shop from those US retailers. And, with US retailers owning UK chains (IIRC it was Asda, which is owned by WalMart, which originally introduced the concept of Black Friday to the UK some years ago) Black Friday has metamorphosed from a once-a-year, Friday-morning only sale in the USA, to a whole week of discount offers across half the globe.

I’m delighted to see that Marks & Spencer, Fat Face and several other major UK retailers are spurning the Black Friday farce – I believe they’re right when they say all it does is bring higher-price sales during December forward, and reduces the margin on them. It also encourages people to buy stuff they don’t really need. Time magazine suggests that in the US return rate of goods bought on Black Friday is significantly higher than for goods bought at other times of the year. It’s especially so for technology purchases. So the admin and restocking cost for the retailer is higher.

Please Britain, remember Thanksgiving isn’t something we celebrate, so let’s abandon this unnecessary US import.

h1

Whoops, no head-up display!

September 2, 2017

In an idle moment recently (I don’t get many of those at the moment) I was scrolling through Honest John’s car advice in the Daily Telegraph. I found this one:

This struck a chord with me, because I’ve just bought a pair of Polarised sunglasses to eliminate reflected glare from the inside of my car windscreen – which can be a major problem if the sun’s in front of me and shining directly onto the top of the dashboard.

So, some basic physics. When light is reflected off a surface, most of the light that’s vibrating parallel to the surface is reflected, while most of the light that’s vibrating at other angles is absorbed or diffused. This means the reflected light is mostly vibrating in one direction – this is what “polarised” light means. Reflections from the inside of a car windscreen will be horizontally polarised.

Polarised glasses are designed to eliminate horizontally polarised light because it’s horizontally polarised light which reflects from surfaces such as roads, puddles and lakes, tables and so on. That’s why I bought my new glasses – to eliminate the reflection from the inside of the windscreen when driving towards the sun.

Head-up displays work by projecting the display upwards so that it reflects off the inside of the windscreen – as shown above.

If you wear Polarised glasses, these will cut out any light reflected from the inside of the windscreen, however it got there, so you will not be able to see a head-up display. Reactolite glasses aren’t polarised, they just darken the lenses, so the display will still be visible.

Obvious really, Honest John!

h1

It’s about branding, stupid. (In defence of Nurofen.)

July 25, 2017

This is a post I wrote a while ago about branding and ibuprofen. For some reason I didn’t post it. But having just written a post about migraines, and mentioned ibuprofen lysine, I thought this was appropriate, so I’m posting it now.

The press in the UK prominently featured a judicial ruling in Australia against Reckitt Benckiser (one example) – the UK-based manufacturer of Nurofen. Nurofen’s a brand name for ibuprofen – an anti-inflammatory drug generally known as a NSAID.

Generic ibuprofen is available in the UK for as little as 16p a pack of 200mg tablets (1p per tablet).

However branded Nurofen is more expensive. That’s known as “branding” by marketers. Branding is a normal way of trying to maintain a price premium in a commodity market. And Nurofen has (or had) a very good brand reputation in the UK – but if what you want is generic ibuprofen, you can buy that more cheaply.

But generic ibuprofen, the active ingredient in standard Nurofen, isn’t very soluble, so it takes a little while to work its way into the bloodstream. There is a compound of ibuprofen that will provide faster pain relief: ibuprofen lysine. It’s highly soluble and therefore enters the bloodstream very quickly. It’s marketed by Boots (for example) as Rapid Ibuprofen. Reckitt Benckiser markets it as Nurofen Express which is more expensive than the Boots’ version, but it’s the same stuff. It’s NOT the same as generic ibuprofen – it contains an equivalent dose, but it starts to work more quickly.

ibuprofenlysineSo what’s everyone getting upset about?

First, much of the press – including the Daily Mail linked to above – is confusing generic ibuprofen and ibuprofen lysine. Although they contain equivalent doses, they are different and you would normally expect there to be a price differential. If you don’t care how long the drugs take to work – for example you’re using this drug to reduce swelling and don’t need immediate relief, then buy the cheapest generic. If you have a migraine and want your pain relief as fast as possible then you can pay more for a faster acting version of the drug.

nurofen_migraine_pain_342mg_-_12_capletsBut beyond this, the marketing guys at Reckitt Benckiser have been creating different packages for Nurofen Express and branding it as Nurofen Migraine Pain, Nurofen Period Pain and other variants. The press is getting excited because these are all the same drug in different guises. It’s true that the packaging conveys the impression that the contents are formulated to specifically target different types of pain. However if you read the details and compare the packages to one another it’s clear that each of them contains the same dose of ibuprofen lysine.

So are they trying to fool the public? I don’t think so. Let me try to explain.

In my past I’ve done some work in retail marketing. Retail packaging is all designed to sell your product, so there are three things you design your packaging to do:

  1. Be more attractive to potential customers than the competition – target your market segment
  2. Occupy more shelf space than the competition
  3. Describe the product (complying with relevant legislation)

So by labelling a package “Migraine Pain”, for example, the vendor makes it more attractive to someone suffering with a migraine who’s looking for fast relief from the pain. If they’ve got an excruciating headache they’re unlikely to read the packaging, or the leaflet inside, to see if something generically labelled as “Ibuprofen Express” is actually useful for migraine pain. They’ll simply pick up the one with “Migraine” in big letters on the package. This means Nurofen Migraine Pain is likely to sell in greater quantities to migraine sufferers than Nurofen Express even though it’s the same stuff.

Secondly, if the vendor manufactures multiple packages each for a different market segment (migraine sufferers, period pain sufferers and tennis elbow sufferers, for example) and each of those packages occupies a slot on the retail shelf then they’re denying that space to their competition – so increasing their sales and reducing those of their competitors.

This is an entirely normal retail sales strategy and you see it everywhere. Remember there were different covers printed for the Harry Potter novels – one aimed at adults and a different one at children? Same strategy – segment the market, take up more retail space, increase sales volume.

Is this a problem for the customer?

I don’t think so. Be an informed customer. If you want to know what’s in the packet, read the blurb on the back before you make your buying decision. Buying Nurofen Migraine Pain rather than Ibuprofen Express is no different from buying your electricity without checking to see if there’s a better deal from another supplier, or complaining that the adult version of Harry Potter and the Goblet of Fire is the same as the children’s version.

As a nation we’re getting a bit more savvy about knowing what we’re buying, both in retail and online, but we can still be influenced by imaginative marketing.

Read the packet!

h1

The weirdest migraine

July 25, 2017

I’ve been suffering from the occasional migraine for some years. My migraines are very consistent and are known as ocular migraines, or migraines with aura. They start with a spot in the centre of my vision. As soon as this happens I know I’m going to get a migraine and I know that the pain will follow in about 20 minutes. (I found this page from the Mayo Clinic informative.)

Either my wife or I generally carry ibuprofen lysine (aka Ibuprofen Express), which is a more soluble, and therefore quicker-acting form of ibuprofen than the regular medication. If I take this immediately the aura starts then I can generally avoid, or at least massively reduce, the pain of the subsequent headache.

When this happens I generally take myself off to bed, or a darkened room.

ocular-migranie-images-300x153The progress is always the same, the spot expands, it becomes a jagged bright diagonal line and I lose up to half my visual field. Which side I lose depends on which side I’m getting the migraine, so if my right visual field disappears then it’s a left-sided migraine and that’s where the pain occurs. The image above is very similar to my experience. This is from a website on Ocular Migraines. Very occasionally I get the same effect on the other side.

After about 30 minutes my vision returns (the jagged line slowly rises up my visual field and out of view) and if I haven’t taken the pain killers, that’s when I get the pain, for a couple of hours. Following that, and for as much as the next two days, my head feels bruised – as if someone’s hit me on the back of the head with something hard.

There’s no particular food, drink or activity that I’ve noticed that triggers one of my migraines. It could happen at home in front of the television, or travelling, or sitting reading. I am aware that a bright polarised light such as sunlight reflected off a shiny surface such as a wet road, a table or a body of water can bring one on though. I try to avoid those situations.

Yesterday was different though.

We were in the car on our way to supper with some close friends when I noticed the first visual disturbance. We stopped and I took the ibuprofen. We contemplated turning back, but ultimately decided to press on. By the time we arrived, I’d lost the right-hand half of my visual field. We explained the situation to our friends, reassured them I’d be ok in a while, and I had a cold (non-alcoholic) drink.

Never before have I tried taking part in a normal conversation during a migraine attack. It was quite bizarre. I’d lost much of my vocabulary, and actually found speaking very hard. When I did speak, I wasn’t making any sense (either to me, or to anyone else). I knew what I wanted to say, but not only could I not find the right words, I wasn’t pronouncing the words I could find properly or in the right order! This isn’t something I’d ever noticed before, but the websites about ocular migraines mention that speech may be disturbed.

After an hour or so, during the lovely meal, I became more coherent. I carefully avoided the classic migraine foods of cheese, coffee, chocolate and alcohol. By the time we left for home I was feeling much more like myself. Just a little bruised and fragile. And because I was the one who hadn’t drunk anything, I drove.

Life returned to (relatively) normal. A most unusual experience. (And yes, I have consulted my doctor in the past, I’ve had an MRI scan of my head, and we’ve ruled out strokes, TIAs and other possible serious causes, so I just have to live with the migraines and keep taking the ibuprofen lysine.)

 

h1

Is a “Curve” card worth trying?

April 10, 2017

I’ve been reading about the Curve card.

From what I can work out, it’s a MasterCard prepay card that, instead of you topping it up with credit, provides a “token” when you use it for a transaction which links the transaction back to Curve. The transaction can then be re-charged to any of the cards (credit or debit) with which you’ve linked it.

A beta Curve card

It’s multi-currency, and will give you a decent exchange rate (MasterCard rate + 1%) without commission on foreign currency transactions.

One of their big claims is that you can use it to pay with your Amex card (and get loyalty points) anywhere that takes MasterCard – which is more places than take Amex at the moment.

They also suggest this is a way of reducing the number of cards you have to carry to one. Indeed Ted Truscott has written a review after using Curve for a week where he suggests this is now the only card he carries.

But I’m skeptical.

First, from what I can see from Curve’s FAQs by using Curve you compromise your consumer rights: if you use a credit card directly to buy something then the transaction is between you and the credit card company, and your final recourse in the event of a problem is to the credit card company as the vendor. The same protection doesn’t apply to debit cards – they’re essentially the same as paying with cash. And using Curve give you the same consumer protection as using a debit card:

“using Curve is not a direct purchase from the user’s original card, so the purchases are not covered by Section 75 of the Consumer Credit Act”

Second, I’m concerned that putting all your cards on Curve gives you a single point of failure: while your individual card details will be concealed, if the Curve card, the privacy of your app, or the token the card uses, becomes compromised surely all your cards are at risk?

Third, if I were to use a Curve card, and put all my debit and credit cards on it, I would reduce the number of those in my wallet from four to one. And I could carry my Euro debit card which I normally only have with me when I’m travelling. But I also have loyalty cards, membership cards and my driving license to carry: I couldn’t stop carrying my wallet – I’d merely have six cards in it instead of nine.

And fourth, I already have a MasterCard that gives me low-cost, commission free foreign exchange purchases.

So for me, the only real benefit would be that I could use my Amex card in a few more places. But I already have a MasterCard, so I can still buy stuff in those places – and get consumer protection on the purchase which I wouldn’t get if I used Curve (or the Amex alone, as it happens, since it’s a charge card).

So, while I’m tempted to try it – it’s new technology (and I’m a sucker for that), I’m not quite tempted enough to actually part with the joining fee yet.

I’ll be keeping an eye on its development…

h1

OneDrive – this idiot’s guide

September 11, 2016

Finally, I think I’ve got the idea of Microsoft OneDrive, and it works!

In principle, it’s very straightforward – OneDrive is a cloud drive, the size of which depends on how much you pay for it, but it’s at least 5GB for a free account. This then shows up as a local drive on your PC or Mac which appears in Explorer/Finder and which is synchronised with the cloud version. You can choose which folders to synchronise, or to synchronise all of them (which is the default action).

onedrive-apple

Seems pretty simple. However there are some wrinkles and it’s taken me a while to work them out.

How many Drives are One?

I don’t have just one OneDrive, I have three: one for my personal account (which is free, and therefore 5GB), one for my business account, with which I pay for Office 365. This gives me a 1TB OneDrive for Business. And finally I have one provided by the company for which I’m doing some work at the moment – I’ll call this my “client” account. I suspect this is also 1TB, but given that it’s a 400+ employee company and it’s using Office 365 (O365) with Exchange in the cloud it may well have even more online space than that.

I use three computers:

  • A MacBook Pro at my client, with O365, apps and OneDrive paid for by my client
  • A MacBook Pro at home, for my own business, with O365, OneDrive and apps paid for by my business
  • A Windows 10 PC at home – my home machine – I login to this machine with my personal Microsoft account, but I’ve installed O365 using one of the five O365 computer licenses available to my business account.

For a while I thought I had a fourth OneDrive. You see Windows 10 comes with a OneDrive app already installed, but unless you log in to one of your OneDrive accounts (at which point the icon shows a green tick on it), it works simply as a local drive, so it looks like it’s an entirely separate OneDrive from the others. However if you login, either when prompted on startup, or by right-clicking the OneDrive icon in the Taskbar (I logged into my personal OneDrive on my Windows 10 PC) then it synchronises with that OneDrive in the cloud, and what appeared to be four OneDrives now become three.

Can I access more than one OneDrive simultaneously?

So, how do I access multiple OneDrives at the same time one one computer? The answer isn’t obvious. Initially I expected I could simply add multiple connections. But it’s not that straightforward.logo_onedrive_business

The easy way is to go into one of the O365 apps (I’ll use Word as an example since it’s easy – Outlook is similar but much trickier to do) then I can add the other OneDrive accounts. I launch Word 2016. On Windows I click on the “File” menu, (no need on a Mac – the first presented view is fine). There’s an “Open” option in the left-hand menu. Click on this, and one of the options offered is “add a place” – and that’s where I connect to my other OneDrive accounts. I can click either OneDrive (to add my personal account) or OneDrive for Business (to add either or both my business or client’s account) – I enter the credentials and there are all the files. So I can open any Word documents that are stored in any of my three OneDrives.

The same works for Excel, PowerPoint, and (with a bit of rooting around in the menus) Outlook 2016. In Outlook you’re looking for the “Office Account” menu option under “File” rather than “Open” which tries to open another email account.

This all works beautifully if the only documents I want to use are Microsoft files. So I can browse all three OneDrives looking for Word documents in Word, or spreadsheets in Excel. But I also use some other apps, specifically Adobe Photoshop, Acrobat and InDesign. All my Adobe documents are stored on my client’s OneDrive for Business. How do I access them from home so I can work on them remotely? Or do I have to give in and use Adobe’s document cloud for my Adobe documents, and Apple’s iCloud for my Apple files? Or do I abandon all of these entirely and use a third-party cloud such as Google or Amazon?

All computers are equal, but PCs are more equal than Macs

The answer is you can do it on a PC, but I haven’t found any way of doing this on a Mac.

On my PC if I go to the Task Bar (conventionally bottom right) and right click on the OneDrive icon, and click “settings” I’m presented with a bunch of tabs. If I click the “Account” tab then there’s an option to “Add an Account” – by selecting this and logging in with another OneDrive set of credentials I can create a second OneDrive on the PC – in my case for my business drive. Et voilá – I can now access all the files on that OneDrive, not just the Microsoft ones.

After working this section out for myself, I found a useful Microsoft Support article that covers this.

Repeat for all other OneDrive accounts and you have access to all your files on a Microsoft OneDrive, whichever it is.

[On a Mac you can download the Microsoft OneDrive App from the App Store. But it appears that you can connect it only to one OneDrive. If I find a way of connecting the MacOS version of OneDrive to more than one OneDrive account, I’ll update the post.]

Update: I’ve worked out how to do this on a Mac. In Finder, right click on the OneDrive icon on the menu bar and click Preferences. Then select the Account tab and click on “Add an Account” – login with your other OneDrive account credentials, and away you go! Simple (well it is when I stop trying to look for a OneDrive menu bar and use Finder instead – doh!)

But the iPad version is the best

Trivial. Download OneDrive for iPad from the App store. Log in with one of your OneDrive/Office365/MicrosoftLive accounts. In the top left corner you’ll see a little icon of a person. Click, select “Add account” and log in with another, and another.

If you’ve already downloaded (and activated) your O365 apps on the iPad then it all just works. Seamlessly. Why isn’t the Mac version this easy?