A little too easy for comfort
This is my editorial for the Winter 2014 issue of HardCopy magazine:
I recently succumbed to my desires, and the repeated pleading of my wife (who was getting pretty fed up of me borrowing her iPad), and bought myself a tablet. I didn’t intend to. What I really wanted was a notebook PC; something that had a decent keyboard so I could actually do some proper work in a café or on a train, but small and light enough to fit in a shoulder bag. A MacBook Air would have done nicely, but I’m getting too old to learn yet another operating system, and they are pretty expensive. I toyed with the idea of a ‘convertible’, and even considered a Microsoft Surface.
But then I came across the Lenovo Miix 2, and I was hooked. It uses one of the latest quad-core Intel Atom processors and 32GB of solid state memory, which means it’s pretty fast and has a decent battery life. It runs the full version of Windows 8.1, and even comes with Microsoft Word, Excel, Powerpoint and OneNote 2013 ready installed at a third of the price of a MacBook Air. I took some convincing that I could live with an 8-inch screen, but it is incredibly light and really very usable. I haven’t touched my wife’s iPad since.
That said, there was one point during the set-up procedure which I found decidedly unsettling, and that was when I logged in to the device using my Microsoft account. It didn’t let me do this until I had typed in the two-phase authentication code that Microsoft texted to my phone, but no sooner had I done that than the Facebook app came live; the People app became populated with contacts pulled in from my Exchange account and the likes of LinkedIn and Twitter (including some I didn’t know I had); and I was logged into my OneDrive account which, as a DropBox user, I’d long forgotten existed.
Of course this only happened because, over the course of the last few years, I’ve allowed various apps, particularly on my Windows Phone, to access various services. When a website asks if you want to log in using your Facebook account, rather than dream up and have to remember yet another password, it’s awfully tempting to say yes. However this is the first time the full extent of the cross-authentication that I have authorised has been brought home to me, and with it the realisation that my only protection is the single password that gives me access to the device itself: once someone’s got through that, they’ve got access to a considerable chunk of my personal data.
It is all very convenient for the end user, but the convenience hides risks that the industry has little interest in bringing to our attention. Microsoft does provide some facilities for managing linked accounts, but the full implications are not obvious. I’m certainly not going to touch a PIN-less mobile payment system, for example, until I’m much more confident of what’s going on behind the scenes.