Gravity is Alfonso Cuarón’s first feature since Children of Men and the trailer looks captivating. Gravity almost seems like Cast Away in space, which could be a pretty compelling narrative if done correctly.
As soon as Mailbox was unleashed, like so many other people, I quickly downloaded the app and got in the 150,000+ access queue. I had already signed-up via the web, but for whatever reason that reservation did not follow me, and I had to start over. After a couple weeks of waiting, I was finally offered entry into the system I eagerly awaited.
Hopefully some of my trials and tribulations will help other folks better understand how Mailbox functions sincer there is not a lot of information available right now. The good folks behind the Mailbox twitter account are great at responding to people, but sometimes people need more in-depth answers than what happens inside of 140 characters.
Before I continue I must confess: I am an email client junkie. I do not know why but I really enjoy testing and playing around with new email clients. I am forever in search of email client utopia. Although I have come close a couple times, in the end I always end up returning to my old [bad] habits.
The built-in Mail.app, while decent, does not have the same polish I would like, nor does it natively support Gmail’s labeling system. It was for those reasons that I snatched up Sparrow as soon as it became available on iOS. Unfortunately, like with so many other services, Google bought Sparrow and promptly dismantled what was probably the best third-party iOS email client.
Although the Gmail iOS app is decent, it is not a fully native app, opting for a Web View-based app instead. This makes it a bit slow and clunky, and it feels uncomfortable. Plus, even though it supports multiple accounts, it fails to offer a unified inbox view, which is almost a necessity these days.
So Mailbox was released and I was jazzed about yet-another-iOS-email-app to try, along with the idea of turning email into a task management system. I started playing around with Mailbox and was pleased with the clean user interface. The unified inbox, snoozing, and archiving system the Mailbox team has built is very exciting.
But I ran into an adoption problem: existing Gmail labels are inaccessible from within Mailbox.
For me, this is a deal killer as I have a number of filters designed to apply labels and skip the inbox. Although that appears to violate the spirit of Mailbox, it is the way I use email. I need access to those labels; luckily there is an easy solution.
Upon initial launch, existing Gmail labels are not accessible but there is a simple way to make those labels viewable. Simply go into Gmail->Settings->Labels and move all labels so they are nested underneath the [Mailbox] label. This turns them into Lists in Mailbox parlance. The app will automagically see the new labels and create new Lists.
If your existing Gmail label setup is something like this:
Merely move all those labels so they nest underneath the [Mailbox] label as so:
Now all those labels are accessible as Lists from within Mailbox. It may be necessary to force-close Mailbox after moving the labels, because this appears to force the app to rescan for new Lists. Jump on over to Mailbox->Settings->Lists to reorder Lists into a desirable order. Personally, I go for alphabetizing my Lists since it makes it easy to locate the List I need.
Here are some additional notes about List use within Mailbox:
I did perform a number of fairly exhaustive tests but under limited circumstances and with only a finite set of Gmail accounts. I hope this information I found helps some folks better understand Mailbox, and how it manages Lists and Gmail labels. As I find more quirks, I will update this post to reflect the new information.
Mailbox is a truly revolutionary yet simple app. I am sold on the email-as-task premise and plan to stick with Mailbox for the foreseeable future, especially since DropBox acquired the app. I anxiously await an iPad and OS X app sometime in the near future!
This post is part of the thread: Email – an ongoing story on this site. View the thread timeline for more context on this post.
Posted by Scott in Posts
It seems like there is not a day that passes without news of yet another web site hacking incident, where the attackers made off with a set of thousands of usernames, email addresses, and either plaintext passwords or password hashes. Although the later may appear to be safer – and it is better than having your plaintext password compromised – in the grand scheme of things it is still a major concern. A hashed password is not a huge hurdle for a crafty and determined attacker to overcome, especially if they are patient and have time.
When web sites are hacked, the real concern for a user, other than stolen credit card details, should be password reuse. Come on an admit it – you are using the same password on damn near every site you visit, right? You know it is not a smart strategy, potentially dangerous even, but you do it anyways. The problem is that once a web site is compromised, and when an attacker has your password, they now have access to every web site you use.
Just imagine the implications. You have just handed the keys to your kingdom to a bad guy. Now then can impersonate you, try and siphon money from your friends and family, or worse. Having your online identity stolen is not pretty, and can have huge ramifications on your offline life.
What can you do to decrease the security risk to your accounts – to make it far more difficult for an attacker to gain access to your cherished data?
The answer should be obvious: stop using the same password on every web site.
I know what your initial reaction is going to be because I have heard it a thousand times over throughout the years: “How do you expect me to use a different password on each site and remember them all? I use facebook, twitter, gmail, yahoo, tumblr, linkedin, pinterest, dropbox, disqus, my blog, my computer, just to name a couple. There is no way I can remember a unique password for every one of those sites. It is impossible.”
So how do you use unique passwords on the dozens of web sites you visit daily, without this being a huge burden on your already overtaxed brain?
There is actually an extremely easy method for solving this ostensibly complex problem. What if I told you there is a method allowing you to use an easy-to-remember unique strong password on all those web sites you mentioned? And what if I told you this was done by remembering and entering a single “password” for gaining access.
How’s that for simplicity?
Unique passwords via a single password. Sounds so unsecure, right? Thankfully, it is not insecure at all.
There is only a single tool required to make this work, although I recommend an additional few tools to make your life easier, especially when you are mobile. The tools are:
PwdHash is the primary piece of magic behind the elegant solution to this complex problem. So what is PwdHash and why should you care?
PwdHash transparently converts passwords into a one-way domain-specific hash based on the password the user entered and the domain-name of the site being visited (ie. facebook.com). This way, the site only sees a domain-specific hash of the password as opposed to the actual password itself.
If the site is compromised, only password hashes will be exposed rather than the actual password. Although PwdHash is using a public hashing function, there is no genuine way for an attacker to determine if the password exposed is an authentic password or a hash. The beauty of this solution is that although the user is using the same “password” on every site, each site is storing a unique password.
PwdHash is the difference between an attacker seeing MyD0gF!d0roc$ and FCiDTxpsdbpq1+zO.
Put simply, PwdHash makes it easy to use a single password on multiple sites but in a secure manner because each web site is storing what appears to be a unique strong password.
PwdHash has a browser extension for Firefox, with ports for others popular browsers such as Chrome, that helps generate unique passwords based off of the domain of the site and then a “site password” you enter. Alternatively, if your browser-of-choice does not have an extension, the PwdHash web site can generate the necessary hashes for you.
Here is how easy the PwdHash extension is to use:
PwdHash generates theft-resistant passwords. The PwdHash browser extension invisibly generates these passwords when it is installed in your browser. You can activate this protection by pressing F2 before you type your password, or by choosing passwords that start with @@. If you don’t want to install PwdHash on your computer, you can generate the passwords right here.
Let me translate that to make it more understandable. Lets say you installed the extension and already changed your password using PwdHash. To login to facebook, you type in your email address as your normally do and then “tab” to the password field. Press @@ and the field changes to yellow, to indicate PwdHash is ready for your input. Type in your password and then “tab” to the “login” button. After exiting the password field, PwdHash will replace the contents of the password field with the necessary has.
Does it get much more simple than that? This is really where the HOWTO could end, however, there is an additional tool to make your unique password entering life much easier: 1Password, a tool for securely storing passwords for easy recall in the future.
What makes 1Password valuable is that it will securely store your passwords in a database that can be backed up to DropBox or iCloud (from the iOS client). Using the DropBox integration allows multiple copies of 1Password to stay in sync. Update passwords on the desktop, save to 1Password, open up your iOS device and instantly synchronize 1Password with those new or modified entries.
The only drawback to 1Password, if you could even call it that, is its price may be objectionable to some folks: $49.99 for the Desktop version and another $17.99 for the iOS version. For me, the cost is absolutely worth the peace of mind and ease of use.
1Password also has the ability to generate strong unique passwords from within the application, thus allowing users to create truly unique passwords for each web site. Using this functionality ultimately changes the context of remembering passwords though. If 1Password is generating strong passwords, that makes this application required – it is no longer an optional component of this strategy. There are a couple tradeoffs to consider:
What this really comes down to is: do you want to be forced to use 1Password for logging into web sites? While I adore the application, I enjoy the additional flexibility of PwdHash. In my solution, 1Password is a mere convenience, not a required variable in the equation.
So now that I have told you all about these nifty toys, here are the steps to implement them as smoothly as possible:
What is great about this solution is it is cross-platform and not dependent upon operating system-specific applications even though they are available. While I do encourage the use of 1Password, it is purely optional. I wholeheartedly recommend 1Password for its versatility as a password storing application as well as its ability to securely store other sensitive information, such as credit card details, driver’s licenses, and other important data.
The internets today is like the wild west back in the late 1800’s. Protection is a must, and you start by securing access to your online identities. The simplest way to do that is to use unique a password for every web site you visit. The best, and least inexpensive, way to do that is with PwdHash. Coupled with 1Password and you have a solution for creating unique per-site passwords that are backed-up and safely stored should you ever need that data at some point in the future.
Be part of the solution, not the problem. Use strong passwords and protect your online identity.
This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.