That's how smart and good Ed is.  For his column, he writes about very high-tech subjects, but in clear, human English, often with a good dose of Bottian humor. 

And last week, Ed had a superb article about passkeys.
 
He notes in the piece – “After a lengthy online exchange on the subject with a friend who finally achieved an "Aha!" moment, I think I figured out why the topic is so confusing.”
 
I can speak from personal knowledge when I say how terrific the column is – because the “friend” Ed refers to is…me!  About six weeks ago, I’d read yet one more article purporting to explain how easy passkeys are, and it was utterly bewildering.  So, I wrote to Ed about passkeys being so convoluted.  And that began a long exchange of emails between us, where he tried to explain them – until, finally, after a barrage of questions, I did indeed have that “Aha!” moment.  And for Ed, as he writes in this column, based on that exchange, it was an “Aha!” moment for him, as well, in realizing how to explain it easily.
 
The challenge in explaining what a passkey is and how it works, he notes, is that “A passkey is not a tangible thing -- it's an abstraction.”  And Ed figured out how to easily explain the abstraction.

(I try not to bug Ed too much with techie questions, since I know he SO graciously spends a lot of time explaining them.  Amusingly, in checking our passkey exchange, my first email to him had the Subject line:  "Minor passkey question."  Ha!  It turned into anything but that!  I'm deeply appreciative each time he goes into Bott Mode and explains so wonderfully, but he always says that "Explaining is what I do," and adds that often my questions and our discussions lead to column ideas for him.  My favorite came after a lengthy exchange we had about me getting a new computer and all the options.  He later wrote an article about it, and in a video interview about the column, he told the interviewer, "I was having a discussion with a friend -- let's call him....."Bob".)
 
I’ll let Ed's passkey article speak for itself, because it’s so good and so fun to discover one’s own “Aha!” moment.  But just to put it in perspective and set the table, I’ll give a very brief, easy -- and very simplistic -- background.  But it should give you a basic starting point.
 
First, the reason to get rid of passwords is that a password can be figured out by scammers or stolen.  Passkeys cannot.  Passkeys only reside physically on your own computer (or tablet or phone).  And they’re hidden in a totally secure area on your system – so hidden that even you don’t know where they are.  As Ed wrote to me in our email exchange, "That passkey can't be stolen. It's locked in a secure vault and is never exposed. Ever." 
 
And second – and this is part of the “Aha!” moment realization – is that passkeys are nothing more than like a high-tech handshake between the website you’re logging into and that hidden passkey on your system. Think of it this way: 

When you’re asked by a website, “Do you want to log in with a passkey?” and answer yes, that website checks to see on its own site that “Oh, okay, this person has a passkey” -- and it then sends a question  to your device, to ask “Is this person who they say they are?”  What your system then does is simply confirm that the request came from a legitimate site, and then asks you to confirm your identity.  Once you do, your computer goes ahead and checks that secure, hidden area that is physically on your system to see whether you really do have a saved passkey.  If it finds one, it sends a confirmation back to the website (but does not send the passkey itself!), and you get access.  Again, to clarify, the passkey is never even sent.  It stays secure and hidden on your system.  The only thing sent back is the confirmation that all is well, so let the person into your website.
 
That’s it.  There’s nothing for you to remember.  No keystrokes that an outside hacker can steal. No way at all for an outside scammer to get access to your passkey unless they literally are sitting at your system and using it.  (And even at that, they still have to be able to first identify themselves with either biometrics, like facial recognition, or the PIN you set up on your device to log in.)
 
So, that's what a passkey is:  just the website you want to log into shaking hands with the passkey hidden on your system, and matching.
 
That’s all.  That’s also just a very basic explanation.  Ed explains it so much better.  So clearly.  So simply.  So much more enjoyably.  And his article also has more, interesting things to know about passkeys and using them on multiple devices.
 
So, do yourself a favor and take a look at his article about it here.  
 
Because passkeys are here already.  (I use about a dozen so far.)  And they are going to eventually replace passwords.  Because they are extremely safe.  And easy.

The other day, I was telling a friend about me being a "habitual" letter writer and often go to the top of a company when sending a letter off.  (Not because I expect an answer for the business's president, since I don't.​  But the head of a company will usually send the letter to someone else in the company, usually who I've cc'd: and add a note, "Deal with this."  And the last thing that person wants is for me to write back to the president two months later that I hadn't heard anything back -- at which point, the president will write to same person, "Why didn't you handle this when I told you to??!"  And so, someone generally does write back right away.)  The other thing I do with letter writing is always be very polite and even fill it with praise, since no one likes to be yelled at.

All this only has a tangential relationship to the story here, though it does comes into play.  Mainly, I think it's an good tale about tech, and at the top of the list, it's valuable for people who, like me, peruse the RawStory website.  Actually, I'll go further -- most especially if you do read RawStory, this isn't just valuable, but I strongly suggest you read about how to deal with and avoid the problem should it hit you.

RawStory is a news aggregator.  While they have their own reporters, mostly they collect articles from other sources, write detailed summaries and provide links to the original pieces.  It's a fairly good site that clearly leans liberal.  It also has its flaws -- having too many click-bait articles and too many typos (which I often write in to correct, when the mistake creates a misleading impression.  They're pretty good about fixing things.)

I’ll try to keep the background brief, because the full story here is long and convoluted, and dealing with it was very time-consuming.

The very short version is that the last few days, RawStory had a major breach where malicious code freezes your browser in order to get you to click on it and hijack your information.  I dealt with it at great length, and then checked with my very high-end tech guru friend Ed Bott (who I write about here periodically).  He was exceedingly helpful, and from that I wrote a long, detailed letter to RawStory’s Customer Service department.  But that's a pretty anonymous undertaking for such a major problem.  So, with Ed’s help found the name and address of RawStory’s publisher, editor-in-chief and tech designer, I sent the letter to them, as well.

At this point, I think it's best that I post that letter, since -- especially for people who read RawStory (or those who might come across a similar situation online at some point, which honestly is everybody...  In fact, I've dealt with the issue several times in the past), it describes the problem in detail and (I think...) clearly and also provides very valuable information how to resolve the issue.

I've edited out some of the most techie material, making it as readable as possible.  What I wrote was -- 

Dear Mr. Nguyen and others,
​
I suspect you’re aware of this, but I pass it along in case not.  I’ve written to Customer Service, but realized this is likely serious enough that I shouldn’t leave it at something that faceless.
 
It turns out that one of your less “responsible” advertisers is sending malicious code that periodically takes over one’s browser and freezes it up.  This is a screen shot of what I mean –

A quick side note about opening a private browser window and what that means.  It's very simple to do.  If you use the Chrome browser, click on the three vertical dots in the upper-right corner and select "New Incognito Window" at the top.  In the Edge browser, click on the three horizontal dots in the upper right, and select "New InPrivate Window."  Or you can just use your keyboard and simply type "CTRL-SHFT-N."  And the private browser window will open.  It will look like exactly like your regular browser (though darker), but it's a separate browser.  And what I do is then go to www.rawstory.com in that private browser window.  If it freezes up there, it doesn't affect my regular browser.  I just type CTRL-W or CTRL-F4 which shuts down the private browser window.  And I start again.

Anyway, back to the tale.  We're almost over, except for the results...

​Thus far, I’ve heard back from the editor-in-chief.  He wrote a simple note:  “Hi - thanks for this. We are trying to identify where it’s coming from. Hopefully we’ll put a stop to it soon.”

I sent that to Ed, just to keep him updated.  And Ed, who operates at an overwhelmingly higher tech level than I do, and interprets tech executives' words for a living, wrote back to me –
 
“I’m not sure you realize it, but you did a profound service here. That editor in chief was probably surprised and nearly gutted by the news that his site is hosting malicious content. The fact you got a reply says they weren’t yet aware of this.”
 
I wrote to Ed that, no, I had no idea of that.  That it was just me being noodgy me.  (And told the story about how just yesterday I wrote to the NY Times to correct a typo in a quote about the Chicago Cubs that erroneously made the former manager look foolish.  Which they immediately corrected.  O huzzah!)

And so, now you see in action, what I meant above how I am a habitual letter writer and always try to go to the top.  But most of all -- if you do read RawStory, I suggest that (at least for the time being, until they do finally fix the problem -- and who knows, for all I know they will have by the time you read this.  Or not.), you open a private browsing window and access it there.  You don't have to -- CTRL-W or CTRL-F4 will close down the problematic tab or window just the same -- but I just feel more comfortable reading a hijacked website in its own isolated window.

We now return you to our regularly-scheduled website...

A few weeks back, ZDNet began a new column, Ask ZDnet, that was created by by my oft-mentioned tech whiz friend Ed Bott, which he writes along with other editors and experts. It answers tech-related questions from readers, but "tech-related" is flexible and occasionally borders on general knowledge inquiries that overlap with anything that may touch technology -- like questions on stopping chirping smoke alarms, how to send your taxes online if you're late in filing, and how to access online information is someone has passed away.  It's very interesting and informative.  You can find a new column every Friday here.

It was time to finally upgrade from my old mobile phone, never a fun process – all the more so since the final decision included changing networks -- but less painful than it was years ago.  But still an annoyance because I tend to use my phone less than the norm.  (And far-less than heavy phone users.)  Though for all that, I got a good “flagship” phone, the Pixel 6, that’s far-above my fairly-limited needs, but it was such a remarkable deal from T-Mobile that it would have idiotic to pass it up.  The phone only cost just $99.  The only “downside” was that you have to commit to sticking with them for two years, and that’s no problem at all.  And besides, my oft-mentioned tech whiz guru Ed Bott has the Pixel 6 and recommended it.  As I said, I it would have been idiotic to pass up.

This is about another matter related to getting the new phone, not a review, but it's still worth mentioning a few things about it first before getting to have the subject at hand fits into it all.
 
I checked with people in my building and friends who have T-Mobile service, and everyone was very happy with their service.  It subsequently turns out that I can’t get 5G from my apartment, though I can just a few blocks away – apparently there must be building that block the towers, though that could change if new towers are added.  However this is pretty much a non-issue.  People tend to be connected to Wi-Fi when in their apartment, not the 5G network – and besides, if I’m going to be streaming in my home, it’ll almost always been on my computer, not my phone.  The new phone gets 5G perfectly when I’m out and about, and that’s where it counts.
 
(What’s always intrigued me about Pixels is that they’re made by Google – and Google makes the Android operating system.  So, Pixels not only have certain features that Google makes exclusive to the Pixel, but they're always modified with the latest updates as soon as they're available.  That’s not generally the case with other phones, since updates are only offered when a network wants to make them available.  And except for the highest-end phones, it’s often not worth the effort to do so on a regular basis, and so they don’t.)
 
But as I said, this is about another matter.  A minor issue, but I figured out an interesting way to resolve it, in case anyone else is having the same problem, one which I suspect is not terribly uncommon.
 
I’ve grown to like fingerprint sensors, and the one on my old Motorola phone worked pretty well.  The reviews of the Pixel 6 were all laudatory, but one of the few consistent negatives from reviews and user comments was that the finger sensory didn’t work great. 
 
And I found that to be the case.  The fingerprint sensor is very inconsistent, I programmed four of my fingerprints and find it’s only working at first tap for any of them about 20% of the time, and even after multiple attempts, only about 65%.  And after enough failed-tries, I get bumped to the keypad to use my PIN.  Not a huge problems, but a disappointment.  Especially for what’s otherwise such a good, flagship phone.  In fairness, I’m sure that part of the issue is because (with all hand-washing everyone does these days) my fingertips are pretty dry -- when I wet them and then dry them off, the sensor seems to work better.  Though my dry fingertips are the same condition as when I had the Motorola, and it did a better job with the sensor.  Not a major deal, as I said, that’s why God created PINs, though a shame.

Then, I had what I thought might be a brainstorm.
 
I decided to redo my fingerprints for the sensor.  But – rather than clean my hands and moisten the fingertips first so that they’d be clear of grime and make the best-possible print…I came up with a counter-intuitive theory –
 
I decided to keep my fingertips dry and less than ideal when I re-programmed fingerprints, so that that would be what the sensor would initially register and then subsequently hopefully recognize each time when my fingers were their normally-dry selves.
 
And…so far it’s working wonderfully!  I re-did all four fingerprints and, bizarrely, my counter-productive idea to program my fingerprint sensor without cleaning my fingers first but using them dried out…has worked semi-impeccably!  It isn’t 100%, but so far works about 85% first time.  Which is excellent.  And it’s worked on a second or third try another 10% of the time.  So, only very, very rarely have I been bumped to the PIN keypad.  O joy!
 
So, if you find you’re having issues with the fingerprint sensor of your phone, it might be worth considering re-programming your fingerprints when they’re at their driest, but everyday-normal worst.

And right now, it's a bit overcast here in West Los Angeles, so we don't have a nice sunny icon, but instead  there's something different.  Mind you, I can also look out my window and see that it's overcast, but as long as you need to have an icon and it's for a news feature, why the heck not?! --

This may seem geeky, and admittedly it sort of is, but it's extremely easy to set up (I explain the very few simple steps), and solves what is for a lot of people an annoying problem.

A while back, I read about an interesting feature that was going to be added to the Chrome-based browsers, but though it hadn't yet there was an easy way for individuals to add it early themselves.  I tried it out, and it not only was indeed extremely easy to add (I'll explain how in a moment), but I use it often and think it's terrific.

The issue it resolves is that when you have a lot of browser tabs open, sometimes one of them will begin playing audio that you want to mute -- it could be a webpage where an embedded video has automatically begun playing, or you have a page that's been playing audio for a while and you open another tab with audio and you want to mute the previous one, or any number of reasons.  But the problem is that with all your tabs open, you don't know which one is playing the audio you want muted (or paused).

What this workaround does is add a small icon extension on the far-right of the top your browser when it recognizes audio is being played..  (In the graphic below, I've marked the icon with a purple circle.) --

And from there, you can control the audio, no matter how many tabs are playing sound.  You click on the icon and a window pops open that displays a list all the various audio that is currently playing in your browser, along with controls for each. 

Options for managing the audio differ from site to site -- some let you only pause the audio, but other sites give you full audio controls.  I'm not quite sure why, but I suspect it's determined by the original websites themselves, not the extension app.

Also, it doesn't just work with audio-only sites, but on YouTube videos, as well.

(For reasons I don't understand, the extension icon does not show up when I load SiriusXM radio in my browser, but it does for everything else I've come across.)

​This is what the pop-up window looks like when you click on that icon in your browser.  (I opened up audio on three different websites to give a more extensive example) --
​

If you want to pause or mute (or unmute) the audio on any of those pages, just click the appropriate control.  Or in the case of the YouTube clip playing, you can fast-forward or reverse from this drop-down list.

​So, how do you add this extension to your Chrome-based browser?  It's very easy -

1.  Open a Chrome browser and in the Address Bar type in the expression – chrome://flags (or if you use the Microsoft Edge browser, which is based on Chrome, just type in --  edge://flags)  Know that you'll get a "Warning!" since this app is beta experimental.  But feel comfortable ignoring the warning, because this is a perfectly safe addition.

2.  In the “Search flags” box you'll see at the top, type in -- Global Media Controls

3. Scroll down to the extension called "Global Media Controls for ChromeOS"

4.  In the dropdown box you'll see to the right of that, select “Enabled.”

5.  Click Relaunch Now to restart browser.

That's it.

From then on, the audio control icon will show up on your browser whenever audio plays.  And you can manage all audio (and pretty much all media) right from there, without having to search tab by tab to find it.