GLEN GORDON: On FSCast 240, I’m joined by screen reading pioneer Doug Geoffray. We’ll hear about the development of Vocal-Eyes, Window-Eyes, and Doug’s eventual transition to Microsoft, where he helps ensure that their new products are accessible. Then, a deep dive into password managers, two-factor authentication, plus a demo of the tool that I use, Bitwarden.
Hello, everybody. Glen Gordon here, well caffeinated and happy to be with you for our first podcast of 2024. The last time, actually, I was here doing an interview was back in October when Pete Torpey was our guest. That interview got replayed as Episode 2401 of Eyes On Success. And it’s not often that I appear on another podcast. It’s even less frequent that I appear on another podcast interviewing someone. But that is also the case on Eyes On Success Episode 2402, where I interview Nancy Torpey. So if you want to hear an interview with her, and you’ve not already listened to that episode, and you’re not tired of me yet, go and listen to Episode 2402 of Eyes On Success. You can find it on your favorite podcast app or at EyesOnSuccess.net.
You’ve undoubtedly already heard a little bit of a discussion about the new JAWS Split Braille feature, which is the closest thing you can do with a braille display to having two monitors. It allows you to see two different things on each of the two halves of the display. This is a feature that has gotten a tremendous amount of interest. Normally, when we do a braille webinar, there’s not nearly the same attendance as there is when we do something about speech, probably because braille literacy, especially here in the United States, is relatively low. But our webinar earlier this month, Divide and Conquer! Overcoming Challenges with Split Braille in JAWS, got a phenomenal turnout. People were really pleased by the detail that was presented in terms of how to harness Split Braille and use it to your advantage.
So I call your attention to that webinar if you’ve not already attended or listened on demand. You can go to freedomscientific.com/training, go down to the heading that says Webinars on Demand, and it likely will be one of the first, if not the first webinar on that list. The webinar is also available as part of our Freedom Scientific Training podcast. And if you’re not already a subscriber to that, New Year’s resolutions and all, maybe now is the time. Go to your favorite podcast app, search for Freedom Scientific Training, and there it will be for your subscribing pleasure.
GLEN: They said it could never happen, Geoffray and Gordon on the same stage, or in this case on the same podcast. But it is happening. The Geoffray is Doug Geoffray, the G of GW Micro. They were the ones who created Vocal-Eyes, the most popular of the DOS screen readers, and Window-Eyes, one of the primary Windows screen readers for 20-plus years. Doug is now at Microsoft as a technical program manager. The nice translation of that is he helps mentor young developers just getting involved with accessibility, and also in ensuring that Microsoft’s products are accessible.
I’ve gotten to know Doug pretty well over the last few years during his time at Microsoft, and he’s a great ally in making sure that JAWS is the best it possibly can be with Microsoft products. And although he currently works for Microsoft, Doug is here representing himself, not Microsoft, as he spent some of his personal time talking with us about some of the history of GW Micro. Doug, welcome to the podcast.
DOUG GEOFFRAY: I don’t know why it took this many years for us to get together, but I’m glad it’s happened.
GLEN: Going back to your youth, what was it that got you excited about computers?
DOUG: English was never my subject. You know, I was more into the sciences type of thing, so that side of my brain seemed to work better. And way back in the day, it was probably back in ‘78 or something like that, I remember going to our local Coliseum. They had, once a year they would get together, and just a bunch of companies would come and try to sell their products and things like that. But I remember going with my dad and seeing one of the places within the Coliseum there, an Apple computer sitting there.
And I just saw, I think on the screen they were showing some sort of graphic thing going across or whatever, and I could see the computer sitting there. And I just said, at that point, I want to get this. And it was, you know, like over $1,000, and I thought, oh my gosh, that’s a lot of money. But I eventually got it together, and in 1979 I bought my very first computer. And I guess the rest is history.
But I just loved doing anything and everything that I could on that Apple computer. And I got a lot of little local gigs around Fort Wayne, Indiana there. I was helping other people doing things. And I eventually took a position for a local computer store called The Database, and a blind individual by the name of Bill Grimm came walking in, and my first interaction with a blind individual who could use a computer system. I’m still just learning computers in general, how to interact with them, let alone thinking that a blind individual could work with this. So it was kind of mindboggling.
But he had created a very crude word processor for the Apple II that he wanted to sell called Documents. Extremely crude. Back in the day I guess it was good, and it certainly made word processing accessible to individuals who were blind. But he wanted to create a copy protection for it first. And so the owner of The Database recommended he talk with me. We ended up talking, and he ended up hiring me to create the copy protection for his word processor, Documents, so that he could actually ship it out and make it a sellable product.
GLEN: Was there a screen reader for the IIe at that point? I’m trying to figure out how he as a blind guy could actually develop for it.
DOUG: Great question. And yes, there was the Echo synthesizer that would plug into the Apple computer itself. And with that came a little screen reader. I mean, that’s really kind of the first screen reader that I set. It was very crude. It would only really work when you’re at the prompt, you know, the main prompt of Apple. Anytime you ran an application, nothing would happen, and nothing would speak and that type of thing. But that little screen reader kind of got him going.
And that also, even though I didn’t realize it at the time, that was really a screen reader, that kind of got me thinking about, hey, you know, if you can do this at this prompt, then I think maybe we could go off and do this in other places and do more sophisticated things. Because his application he wrote really didn’t have any visual UI. It was really just all him talking to the synthesizer and doing things. And I was able to do things that Bill was not able to do at the time. And so we decided to create new standalone voicing products because that’s really the only way you could make the Apple usable by someone who’s blind.
And so my first project was to rewrite Documents, and we called it Word-Talk. And that was visually displaying the information as well as making it completely accessible. So a blind individual could still work with a sighted person to be able to create documents and things like that. And then it morphed into creating the Braille-Talk version, which is a Braille translator, and File-Talk, which was a database management, and Term-Talk. And then I created like Workstation Pro, which allowed you to kind of put all of these products together on a single floppy disk and be able to jump back and forth between them. So those were the self-voicing applications that I wrote for Bill that became very popular.
GLEN: And what was your introduction to the IBM PC?
DOUG: So even after the Talk products, then we realized that, okay, this is all great, but a blind individual can’t take an Apple II computer and walk into their college class or their schoolroom or whatever and be able to take notes and do things like that. And so the next project that we worked on was something that I’m extremely proud of, which is the Small-Talk, which was really before PCs took off.
And so I’m diverting your question a little bit, but the Small-Talk was based on an Epson HX-20 computer, relatively small, about the size of what you’d expect a laptop be today. Extremely limited in what it could do, but it had a little microcassette that was the hard drive. It had a little microprinter, like you would get, you know, a cash receipt from a store or something, about that size. And a little LCD, I don’t know, it was like four lines by 20 characters or something on the screen. That’s really the only interaction aside from the keyboard that was there you would have with this. And everything was built into the ROM. I mean, you’d power it up, and it was all built into the ROM.
And so we had a couple of hurdles we had to do. One, we had to give it text-to-speech because there was no way to make this thing speak. And that was my first interaction to writing text-to-speech software. And then also bringing in Word-Talk for the Small-Talk, as well – again, all in ROM – and File-Talk, as well. So I created those two products along with the text-to-speech into the Small-Talk device. And that’s the first time that I saw where a blind individual could have a portable device that would allow them to go anywhere. It’s battery powered, be able to sit it on their desk, be able to, in the schoolroom, workroom, wherever, and be able to take notes and write papers and do things. That’s really the first that I’d seen that. And I hear from those individuals saying, you know, this is awesome. I’m now able to do these things that I wouldn’t have otherwise been able to do. That’s kind of been my mantra of, I just love hearing that, of being able to kind of push the limits of where things were at the time.
GLEN: What was your path from working on these standalone apps, primarily for the Apple IIe, to starting GW Micro?
DOUG: Computer Aids Corporation, Bill Grimm eventually decided to close the shop. And so in 1989, November of ‘89, he closed Computer Aids. And I had spent a couple years, year and a half or so, on Vocal-Eyes. I wanted to see that hit the public. And I wanted to see more things that we could do. And the only way to really do that, I guess, was to kind of start my own company. And so long story short, I ended up partnering with a hardware individual named Dan Weirich, who also worked at Computer Aids for the last, I don’t know, maybe four years or so. He wasn’t there as long as I was, but he was towards the end. And he had the hardware knowledge. I had the software knowledge. Neither one of us were CEO-type people. But we both wanted to continue on with what we were doing.
And so we started up GW Micro on February 15th, day after Valentine’s Day, 1990. And that’s when I ended up kind of finalizing Vocal-Eyes, getting it out. And Dan had done the hardware for Sounding Board. I had done the text-to-speech for it. And so those were really our first two products, along with carrying on with the Apple products because they were still coming along. But that’s kind of what got us propelled into starting GW Micro.
GLEN: What sustained you guys until you really started getting sales?
DOUG: I was single, in my early 20s or something. And Dan was actually a family man. He had three young kids at the time. And so really it was more scary for him, I think, than certainly for me. But I had a friend who worked in the candy industry. He owned a company called Country Kitchen. And they created cake and candy supplies and things like that. And he had this enormous warehouse that he was renting, something like 80,000 square feet or something like that. And somehow we got together and had the conversation of him saying, “Well, you know, I can give you like a thousand square feet.”
So we’re up on the second floor up there, just Dan and I working in that, rent-free. So he gave us that space for, I think it was at least a year that he gave us that rent-free. And then eventually we also worked with him to kind of get basically like a 0% interest loan. This guy is super friendly. And he actually was paying Dan and I, minimum salary type thing, knowing that we would build this company up, and we’d be able to repay him, which we ultimately did. So really, it was this friendship and this amazing individual that helped kind of propel us and get started.
GLEN: There was no Internet in 1990. So you developed this great screen reader. How did people find out about it?
DOUG: Well, we had connections through Computer Aids. So we already kind of had this network, and we knew the trade shows and things like that because we had been going to those in the past, or I had started to go to those towards the end of Computer Aids’ days. And so we had these connections. My name wasn’t very well known, but it was known enough to be able to get us out there.
And I just remember, you know, 1990, no, I think ‘91 was my first CSUN convention that I went to on my own. I remember sitting there in a booth, just kind of showing people Vocal-Eyes and that type of thing, and building interest. And then that just kind of built over time. We were able to go to more trade shows and create more interest in the product and get our name out there.
GLEN: The story that I heard is that Arkenstone was popping up around this time, and Kathy Korpolinski really loved Vocal-Eyes. And while she was going out and being an evangelist for Arkenstone, she was also evangelizing Vocal-Eyes. Is that accurate?
DOUG: It is. I mean, we had a lot of people that really loved the work that we were doing. Kathy was one of them. Arkenstone was one of them. You know, I remember working with them when we first started GW Micro, and I worked with their salesperson along with Kathy, somebody called Clare Ham, who was their first employee actually even before Kathy was there. And long story short, I ended up marrying Clare, but we kind of had a strong relationship with Arkenstone and several other companies where they would help us get out there. I mean, we were the good guys; right?
And we were just up-and-comers, and people really helped us out. I mean, not only the individual that gave us the free office space and things like that, but the Kathys and the other companies out there that were willing to take a risk. A lot of the resellers that we had at the time, just that maybe came from Computer Aids, they took a risk on us, and I’m hoping that it paid off for them. It did for us.
GLEN: How did you begin to take on the persona of a blind user when you were making your development decisions?
DOUG: It’s very difficult for a sighted person to understand how a blind individual really interacts with the computer. And it took me a long time to get that, as well. That’s not something that I think anybody, any sighted user can just snap to and fully understand that. And so just over time and creating these products, getting the constant feedback, I loved working with individuals to hear what they liked, what they didn’t like. What are their struggles? Why can’t they do this? Or how can we make this do better? And again, we just had this following where people were energized to work with me or us, as well, to make things better. And so that constant interaction and just years of experience eventually got me to where I like to think that I think like a blind screen reader user. And I like to think that I know what a screen reader user wants and what they don’t want.
GLEN: How much of your time in those early years was actually coding, and how much was sort of the ancillary stuff of running a business and supporting users and all the other things I probably am not thinking about?
DOUG: Well, back in the Computer Aids days, it was 100% programming engineering. And then I slowly got into customer support, and then we started GW Micro. And in that case, I was 100% writing software. I tried to just shield myself from support, but it was just Dan and I. And so I still had to do support calls, and that became too disruptive. I couldn’t do that and do all the other stuff, as well as, you know, it was just the two of us. So we had to put the products together. We had to copy the discs and copy the cassette tapes and all that business. And it was too much.
And so we ended up hiring an individual, our first employee at GW Micro, and that helped take the support aspect off. So I could then just kind of, again, focus on development, which was great, and be able to do that full-time and let Dan kind of worry about the business aspect of it and those types of things. He was better at it than I was anyway. But then eventually even that, as we brought in more employees – and to be honest, we haven’t gotten into this yet, but when we start moving over to Windows, that became more difficult for me. I just didn’t have the understanding of Windows at the time. And so we ended up hiring more and more people, and I ended up doing more and more management versus development over time.
GLEN: Did that suit you?
DOUG: Yes and no. I kind of liked a little bit of a reprieve; but then eventually, no, I did not like that. And I really, really wanted to get back into coding. And I started doing certain things. There are certain things I would do like writing synthesizer drivers for our Windows screen reader, or writing braille drivers. There’s little niche-y things that I would, I would be the go-to for that. But the core stuff was still being done by other developers that we had hired. I didn’t like having to deal with payroll or having to deal with angry customers or those types of things. That was not me. And so I’ve always struggled with that and always wished that I could have gone back.
GLEN: What was the decision point where you sort of said, you know, DOS is great, and I really understand it, but Windows is becoming the future?
DOUG: I like to say that Vocal-Eyes grew to be the number one DOS screen reader. There were several out there, including JAWS, but I feel that it became the number one. Unofficially I’m saying that. That was good and bad because I think the good of that was that that gave us income, and we were able to do other things. The bad of that is, again, Dan and I are not the CEOs. We don’t have this vision way out there. And so we rode those coattails on Vocal-Eyes a little long, too long. And by the time we realized, hey, wait a minute, there’s this whole other thing over here called Windows, and we’re starting to see other screen readers, including JAWS, come out for that, and we’d better keep up with that.
And so I took a look at it, and I realized, although I did 100% of the Vocal-Eyes coding, there was no way I’m going to be able to write Window-Eyes by myself and get it out in a reasonable timeframe to start competing with some of these companies we’re seeing. And so we ended up hiring out a local company to get us moving. And they did the majority of that initial part of Window-Eyes, and then we ended up bringing in more people. But that got us to the game a little late.
You know, this thing called JAWS for Windows was really kind of kicking our behind. They, you know, you guys got it into government agencies. You got it into educational institutions and things like that right at the beginning, and kind of got a stronghold on that. And ever since then, you know, I always felt like we were playing catch up. We never really got in front of the game on Windows like I wish we could have.
GLEN: You know, so much of it is synchronicity and luck and the right things happening; right? It could as easily have been Window-Eyes as it was JAWS were some of the circumstances differently.
DOUG: I do believe that. I mean, clearly you’ve got to have a good product, and JAWS is a good product, no doubt. I felt Window-Eyes was a good product. But yes, the timing of everything, you know, Eric Damery I think at the time was just a really, really good salesman, got it into people’s faces, knew how to market the product, you know, help kind of drive even the direction of the product. We needed an Eric Damery that we didn’t have at the time.
GLEN: When I was preparing for this, I was all set to give you 100% credit for sort of the virtual web document. And I read somewhere that you gave Arctic credit for that.
DOUG: Yes, right. Arctic Technologies was a company in the day, and they were a pretty big name for some screen reader technologies and things like that. And they were the first that I had seen that. You know, I think JAWS at the time, they actually refreshed the webpage and would kind of make it accessible so that you could just interact with it normally. And I saw Arctic do this where they were actually kind of giving you this virtual buffer that would allow you to go through and read the webpage. And I kind of stole that idea from them and tried to improve it, but I give credit to them. And, you know, maybe they weren’t the first, but they’re the first that I’d noticed that happening.
GLEN: Yeah, and we saw it in Window-Eyes and said, “What a brilliant idea. Why didn’t we think about it?”
DOUG: Well, I appreciate that.
GLEN: I think this really does speak to the fact that we really did drive one another as companies to really make things better for end users; right? One company would do something, the other company would have to do something similar and leapfrog, and I think the industry improved as a result.
DOUG: Oh, without a doubt, absolutely. We were constantly leapfrogging. I mean, you know, JAWS was the number one thing that we were trying to catch up to. And so we’d see you do this thing, and we’d add it, and we’d try to up the bar on it. And then you’d see we did that, and then you’d up the bar on it. And I honestly do not believe that JAWS would be as good as it is today without Window-Eyes being there to really give you that push to continually, you know, push that edge.
GLEN: Surprisingly to many of us watching it from a distance, you suddenly left Fort Wayne to move to Silicon Valley. And I have a feeling Clare, that name Clare comes back into the picture somewhere.
DOUG: Well, this is a story I always love telling because – I’m just going to spend 30 seconds here. When I first bought my Apple II computer back in the ‘70s, it was actually June 27th, 1979 is when I bought my first computer. So, and then, as I mentioned before, we started working with Arkenstone and Clare Ham, who was their very first employee. She was our salesperson. We started working with her, as well. And I went to some trade shows and met Clare. And I thought, “Hmm, she’s a very nice lady,” and started getting closer and closer to her. And in May of ‘96 I ended up sending her some flowers, and that kind of started our relationship going. And come to find out her birthday is, although it’s not 1979, it is June 27th.
And so the day that I bought my first computer, which is what got me into the blindness industry, allowed me to interact with Arkenstone, which allowed me to interact with Clare, whose birthday happened to be on that same day. I think there was something there. So we ended up dating for a couple years long distance. I’m in Indiana; she’s in California. And we got married. And at the time it was like, “Doug, I’m not going to move to Fort Wayne.” And so I ended up moving to California and working remotely and being married to Clare and having three beautiful girls.
GLEN: Cool. How was the remote relationship? I mean, I’ve been remote for 30-plus years now, but I wasn’t running the business.
DOUG: Yeah. So, at first, you know, when I first moved, it was 1998, that’s when I got married, and still relatively small. I was still doing a lot of the coding and things like that and working with the developers and just focusing on that. And it actually wasn’t that bad. It allowed me to be at-home dad and be able to see milestones, like all three of our kids taking their first steps and things like that. So I loved that part of it. And like I said, initially it worked out well, and I was actually able to make connections to other companies because I was in Silicon Valley, which is where a lot of the big things came up, like Adobe is right there or HIMSS or things like that, that we ended up doing some big things with. And so that worked really well there.
In 2007 it became apparent that I really need to move back. Two reasons, really. One, I felt that I needed to be closer to the company. And two, my father was diagnosed with Alzheimer’s, and I wanted to be closer to him. So those two things got us to realize that we probably should move back. So all five of us moved back to Indiana in 2007.
GLEN: How old were your girls at that point?
DOUG: I think they were like three, five, and seven-ish, in that range.
GLEN: So actually it was probably a good time.
DOUG: Right, it was, yeah, I think in that aspect, I don’t think it was that difficult for them. It was the next move we did that was more difficult. But that move itself was relatively low impact.
GLEN: In 2017, you moved to Microsoft. What was that transition like?
DOUG: Well, it was very interesting. After, you know, we sold GW Micro to AI Squared, and AI Squared sold it to Vector Capital at the time, which of course is you guys, who are Vispero now. And it became obvious that Window-Eyes was not going to be a thing. Why have a Window-Eyes and a JAWS from one company? And my heart was in Window-Eyes. And so I had to make the decision, do I want to retire, or do I not want to retire? I mean, I was, what, in my mid- to upper 50s at the time.
And so, obviously, during all this time of GW Micro, we had a close relationship with Microsoft. And so I thought, well, I’m going to give it one last kick. And so I asked, at the time, Jeff Petty at Microsoft, if there was any opening on the UIA Team. And there wasn’t, but he was able to negotiate a new position and offered me a position to take that, and I accepted. So we ended up uprooting from Fort Wayne, Indiana; and we moved out to the Seattle area, which is where we are today.
GLEN: How was it moving to the other side of the aisle; right? Now you’re the one who gets the calls from people like us, saying, you know, this really isn’t very accessible. Can you talk to the team?
DOUG: Yeah, at first it was a fire hose; right? So I’m used to having a small company and being able to make the final call and all of that business, and surrounding myself by really smart people and just kind of working that way. And now I’m in Microsoft with thousands and thousands of people and trying to figure out how I can best fit in here. So it took a few years before I really kind of found my footing of how best I could help.
And ultimately I took a couple different positions at Microsoft, and I ended up in the E&D organization, which is the Experiences and Devices Group, under Clint Covington, who is my manager. Clint has been in the accessibility industry at Microsoft for about 10 years, working in the Office products. And I knew, you know, Office, we’ve obviously worked really closely with them. We knew that we could do better there. We knew Windows could do better with their assistive technology.
And so, by working in this position that I’m in now, I’m able to work with a, you know, raft of different product teams working on all these different things and help them understand the importance of accessibility and the best guidance to make something accessible and to enhance where there are weaknesses, where there are gaps, where you can’t do something. I have the ability now to work with the teams to make that happen. And Clint has been amazing, allowing me to have the freedom to be able to work on all these different projects and work with teams and drive solutions to what needs to be done.
Obviously, there are still issues at Microsoft regarding accessibility, but there’s been tremendous strides in what they have done with certain things. It’s, you know, for a company this size, I believe that they are committed to accessibility and that we continue to make improvements and focus on accessibility. Doesn’t mean we’re there yet. I don’t know that we’ll ever be there in my lifetime, but we are making tremendous strides in, at least since I’ve been here now, six years.
GLEN: And I want to say, working on JAWS, it is so nice to be able to talk to you about issues. Even if Microsoft identifies issues with JAWS, you understand. You understand the situation. You understand what it likely will take to solve them. And it’s just, it’s quite wonderful. So I’m glad you’re where you are.
DOUG: I appreciate that very much. And that also has been something that I have enjoyed. And it’s so odd that I’m just on that other side, but I used to be on your side. And so I think that does give me a little bit of a unique experience and be able to sympathize and empathize with what you’re having to deal with and try to get you to the right teams at Microsoft that I wish I would have had a Doug at Microsoft when I was at GW Micro to be able to get me to the right places and be able to solve the problems we’re trying to solve.
GLEN: Thank you very much for doing this. I didn’t know a lot of these stories, and it’s great to have them on a podcast, a podcast that will be around for future generations, because you are one of those few people who really understands the beginnings of screen readers.
DOUG: Well, I appreciate those comments very much. I appreciate the opportunity. It’s been a blast to go back and kind of remember these things. And it’s just amazing that we can actually do this today, and you and I can be civil with each other and be able to communicate all of this. I’ve really enjoyed working with you these past few years at Microsoft.
GLEN: Thank you.
GLEN: We’re going to spend some time in this next segment talking about password managers, two-factor authentication, and I’ll share with you the setup that I use for each of these. Now, if you’re already someone who uses a password manager, like 1Password, you’re in good shape. You’re far ahead of most people, and keep doing what you’re doing. But this segment is really for people who have thought about maybe using a password manager, but have not been able to muster up the energy to get going. And that’s what I hope to make a little bit easier in the next few minutes.
So the first question is, what is a password manager? The answer is, it’s a place to store passwords for all of the websites that you visit, and to get those passwords automatically filled in when you go to a particular website by pressing a special keystroke. Yes, you do need to have one master password that you’ve remembered, ideally two or three words strung together, words that don’t naturally occur in the English language. Throw in a couple of digits and special characters like percent, number sign, the at symbol, and you’ve gotten yourself a very good, strong master password. With that secure password, you have access to your password vault. And it’s the password vault where the passwords for individual websites get stored by your password manager.
And you may ask reasonably, well, what keeps the password manager from leaking my passwords? And the answer in short is their reputation for really using strong security practices. And strong security practices say that they never let passwords en masse leave your browser. They only leave your browser when they’re filled in automatically on an individual site. What the good password managers do is take all of your passwords, store them in an encrypted form using your master password as the encryption key. And when they store your password vault, they don’t store the key. Which means that if they were to have a breach, and your password vault were to be leaked, someone would need to guess your strong master password in order to get to the details of the sites you have stored.
And if your master password is strong, that means guessing it is going to take months or years, not seconds or minutes. So that’s the reason why a strong master password is so important. But it’s also important that you can remember it because, if you lose your master password, you’ve lost the keys to the kingdom. So either choose something that you can remember, and/or write it down, put it on a thumb drive, and don’t leave that thumb drive plugged into your PC.
I want to say one more time that, if you’re already using a password manager, and you’re happy with it, there’s absolutely no reason to switch unless you’re just interested in experiencing the accessibility of another similar product. I made the switch because Security Now!, which is one of my favorite podcasts, has spoken very highly of Bitwarden in terms of its security and functionality. Plus, I have a blind coworker who switched before I did and sort of paved the way to say, “Yes, it works pretty well on both iOS and Windows.”
So I made the switch, and I’m generally quite happy because what I do 99% of the time is have it fill in user IDs and passwords. It works perfectly for that. It does a pretty good job of automatically putting up a dialog at the bottom of the webpage whenever I’ve created a new account or logged into an account manually for the first time. It’s not quite as good as 1Password in automatically putting up a dialog to save a changed password. But I will show you how to work around that. And if those two things don’t seem like they’re showstoppers for you, or you’re just interested in a free password manager, or one where the paid options are a bit less expensive than those from 1Password, it may be worth trying.
If you decide to do this, start out by going to Bitwarden.com. Choose the Get Started link. At that point, you’ll be asked to create a strong master password. And after you’ve done that, you can return to that starting page. This time, choose Download. Find the browser extension for the browser you’re running. Press ENTER on that one. You’ll be taken to the extensions gallery and walk through the process of installing it. Once the extension is installed, you’ll be at the same point where I’m going to start this demo. Most of what I’m going to be demonstrating applies to 1Password, with a few modifications for keystrokes and other slight differences. So this is as much a conceptual overview as it is a Bitwarden intro.
After you launch your browser, be it after you’ve rebooted or after you’ve closed all tabs previously, the first time you call Bitwarden into service it’s going to prompt for your master password because without the master password it has no way of knowing what sites it has for you. And without knowing that, it can’t provide any information about logging into a particular site. Usually you can wait until you need Bitwarden to do something for you before entering your master password. The exception to that is that if you’re manually logging into a site, but want Bitwarden to sort of monitor that and, after logging in, put a dialog at the bottom of the page offering to save information about that site for future logins. In that case, you need to enter your master password before doing the manual login to the site so that Bitwarden knows what’s in your vault and can determine that there is no information for that site and offer to save it for you.
So I’m on the Zoom.us page, and I’ll press the key to show the Bitwarden vault, which is CTRL+SHIFT+Y.
JAWS VOICE: Bitwarden, Bitwarden, main region, master password, password edit required, blank.
GLEN: And I’ll type in my master password.
JAWS VOICE: Banner region, search vault edit, blank.
GLEN: I’ve logged into Bitwarden. It’s showing me my vault. We’ll talk about the vault in a couple of minutes. Meanwhile, I’ll hit ESCAPE once to get out of forms mode and once to close the dialog.
JAWS VOICE: One platform to connect vertical bar Zoom dash Google Chrome.
GLEN: I want to mention that, at least in my experience, Bitwarden works much better if my browser window is maximized. I found that, when it isn’t maximized, sometimes the dialog that gets shown for entering my master password doesn’t have the edit field available. And once I maximize the window, reshow the dialog, everything works fine. I’ve stopped just long enough to enter my login credentials on Zoom. You’re going to hear this is a very old account of mine. I’m on the password field now. I’ll do a say line.
JAWS VOICE: Password, password, edit required, bullet, bullet, bullet.
GLEN: And the reason I entered my password is because I have removed my Zoom login from Bitwarden so I can show you what happens once you’ve manually logged in.
JAWS VOICE: When you join meetings, webinars, chats, or channels hosted on Zoom, your profile information, including your name and profile picture, may be visible to other participants or members.
GLEN: So I’m logged into Zoom now, and you’ll notice that Bitwarden said absolutely nothing. But you should have an expectation, if you log into a website that Bitwarden doesn’t know about, that it’s going to put up a dialog which appears on the screen, but to those of us using the virtual PC cursor it’s at the bottom of the page. So I always do CTRL+END to get to the bottom and then arrow up.
JAWS VOICE: Close button.
GLEN: If I arrow up now...
JAWS VOICE: Save button, edit button, combo box collapsed, select folder dot, dot, dot. Folder, never button. Should Bitwarden remember this password for you? Visited link graphic Bitwarden.
GLEN: And that indicates that this is a Bitwarden dialog. And the combo box that we passed is a place to indicate if you want to put your logins in subfolders. I don’t, so I’m just going to hit B.
JAWS VOICE: Never button, edit button, save button.
GLEN: So I’ll press ENTER.
JAWS VOICE: Frame, chat with bot button.
GLEN: Bitwarden has now saved my user ID and password for Zoom. And although I’m asking you to take that on faith for the moment, I will prove it shortly. But for the moment, I want to talk about the Bitwarden vault. And you get to the vault with CTRL+SHIFT+Y.
JAWS VOICE: Bitwarden, banner region, search vault edit, blank.
GLEN: I’ll press the NUMPAD+ to get back to virtual mode.
JAWS VOICE: Virtual PC cursor.
GLEN: So this page has three regions. You heard the banner announced because it contains the search field where you’re originally positioned. Then there’s a main region which contains the contents of the active tab. And then there’s a region that isn’t named that has a list of tabs, and you can select which tab you want to be working with, and that’ll change the contents of the main region. Initially, the main region shows information about the site you were on at the time you pressed CTRL+SHIFT+Y. But the list at the bottom of the screen will allow you to move between the other tabs like the one that shows all your sites, or the one that gets you to Bitwarden settings where you can change configuration options.
I do recommend you go there on your own because one of the things you can change is how long things that Bitwarden puts on the clipboard stay there before they’re cleared. And probably more importantly, how aggressively Bitwarden prompts you for your master password. But we’re currently on the vault entry for Zoom.us because that’s where I was when I pressed CTRL+SHIFT+Y. So I’ll press R to get to the main region.
JAWS VOICE: Main region, heading level two, logins one. Group start Zoom.us. Zoom.us email@example.com button.
GLEN: And that’s the Zoom login that I just created. If I arrow down one more...
JAWS VOICE: View button.
GLEN: That’s a way to view that entry. And from the view you can actually edit it. We’re going to do that in just a couple of seconds. To get out of any Bitwarden window, just hit ESCAPE.
JAWS VOICE: My profile dash Zoom dash Google Chrome.
GLEN: What I want to show you now is how to use Bitwarden to generate a strong password. And I’ll show it to you by changing my password on Zoom. I am on my Zoom profile page. And on that page is a field to change the password. All we need to do is find it. And I’ll call into service my favorite shortcut key on the web, CTRL+F.
JAWS VOICE: Virtual find, JAWS Find dialog.
GLEN: And I’m going to type in “password.”
JAWS VOICE: Heading level four sign dash in password.
GLEN: And I’ll arrow down.
JAWS VOICE: Star, star, star, edit sign dash in password, star, star, star button.
GLEN: I’m going to press ENTER here.
JAWS VOICE: Main content, main region, old password, password edit required.
GLEN: I can now press CTRL+SHIFT+L to have Bitwarden fill it for me.
JAWS VOICE: Old password, password edit required, bullet, bullet, bullet.
GLEN: I’ll tab, but I’m not going to let this whole prompt read because we’ll be here all day. You’ll see what I mean.
JAWS VOICE: Password must have at least eight characters, have at least one letter, left paren A, B, C, dot, dot, dot right paren, have at least one...
GLEN: Yes, we understand all of these things. And I’m going to simply do CTRL+SHIFT+9. That’s the third Bitwarden key you need to know about. That auto-generates a password and puts it on the clipboard. So I can paste it in here with CTRL+V.
JAWS VOICE: Confirm password, password edit required.
GLEN: And I’m going to press CTRL+V again here to paste it a second time.
JAWS VOICE: My profile dash Zoom, save changes button.
GLEN: And I’m going to press ENTER on save changes.
JAWS VOICE: Sign me out from all devices dialog, okay button. Your Zoom sign-in password has been changed on all devices.
GLEN: I’ll press CTRL+N to go to the bottom of the page to see if Bitwarden has popped up a dialog so I can save my new password.
JAWS VOICE: Chat with bot button.
GLEN: So this is one of those cases where Bitwarden did not save my new password. And the way to recover from this is by going to your Bitwarden vault with CTRL+SHIFT+Y.
JAWS VOICE: Bitwarden, search vault edit.
GLEN: Because I’m in the search field, I’m in forms mode. So I’ll hit the PC cursor key to drop out of that.
JAWS VOICE: Virtual PC cursor.
GLEN: R to move to the main region.
JAWS VOICE: Main region.
GLEN: And I can actually TAB here.
JAWS VOICE: Zoom.us group, Zoom.us, view button.
GLEN: I’m going to choose view.
JAWS VOICE: Main region, Zoom.us group, Zoom.us.
GLEN: And now if I just TAB.
JAWS VOICE: Banner region, edit button.
GLEN: I’ll press ENTER.
JAWS VOICE: Cancel button.
GLEN: I start out on the cancel button. I’ll TAB.
JAWS VOICE: Save button.
GLEN: TAB again.
JAWS VOICE: Main region, name edit, Zoom.us. Username edit, firstname.lastname@example.org. Generate username button. Password, password edit, bullet, bullet, bullet.
GLEN: So that’s my old password. I’m going to make sure it’s selected with CTRL+A. I’m going to paste my new password in. I can press ENTER now.
JAWS VOICE: Bitwarden document. Close button, heading level one view item.
GLEN: And so I’m back on the view screen. I can hit ESCAPE to close this.
JAWS VOICE: My profile dash Zoom dash Google Chrome.
GLEN: So that’s what to do when Bitwarden doesn’t offer to save the updated information. And it works equally well when you’re creating a new account. When you’re creating a new account, if Bitwarden ever doesn’t prompt you, simply do that same CTRL+SHIFT+Y. It’ll tell you that there are no logins for that account saved. You can choose add. It’ll fill in the site’s name for you. And all you need to do is type in the user ID, your email address, and if you used Bitwarden to generate a password with CTRL+SHIFT+9, and you’ve left it on the clipboard, just do CTRL+V to paste it in in the Bitwarden entry for that site. Press ENTER, and you’ve now saved the new entry.
Bitwarden only has three shortcut keys, and there are more things that you might want to do. And so the way to get to them is from the Bitwarden menu. You do that with the context menu key, either SHIFT+F10, or the dedicated context menu key on your keyboard. I’ll do that now.
JAWS VOICE: Context menu, open link in new tab, one of 10.
GLEN: I’ll hit B for Bitwarden.
JAWS VOICE: Bitwarden submenu, seven of 10.
GLEN: Press ENTER.
JAWS VOICE: Bitwarden menu, auto-fill login submenu, one of eight.
GLEN: The reason you might want to use this menu instead of CTRL+SHIFT+L is if you have multiple logins on a particular site. It’s the easiest way to find the one you really want to use this time around. Bitwarden claims that CTRL+SHIFT+L will rotate between filling in information on each of your various logins. I’ve never found that to work, and I found this menu to work really well. Arrowing down again.
JAWS VOICE: Copy username submenu, two of eight.
GLEN: That’s, you know, we’ll copy the username onto the clipboard.
JAWS VOICE: Copy password submenu, three of eight. Copy verification code, four of eight.
GLEN: We’ll talk about verification codes shortly.
JAWS VOICE: Auto-fill identity submenu, five of eight. Auto-fill card submenu, six of eight.
GLEN: And those are two ways you can either fill your identity, which is like name, address, phone number, et cetera, onto a website, or fill your credit card in onto a website, all things that Bitwarden, like all good password managers, will allow you to store.
I want to move on now and talk a bit about two-factor authentication, and when it might be acceptable to have your password manager manage that, as well. So we’ve all used two-factor authentication. You may not know that’s what it is when you log into a site and suddenly you get a text on your phone with a code that you need to type into that site. That, in fact, is a second factor, because although someone potentially could get your user ID and password, it’s less likely that they have your phone. And so by having this second factor, it makes the login safer.
Over time, text-based authentication has proven to be less secure, and so standalone apps like the Google Authenticator or Microsoft Authenticator have appeared. They actually have two different variants. The more convenient of those is well-integrated with the site that you’re logging into. So, for instance, we use Office 365. And when I log in, I get a notification through the Microsoft Authenticator asking me to type in a two-digit code that I was shown when I was logging in and approve the login. That, to me, is really convenient. And when sites use that kind of second factor, I always try to use it because it is by far the safest.
For sites that are not well-integrated with the Authenticator app, there’s something called TOTP, time-based one-time password. Those are six-digit codes that change every 30 seconds, that are synchronized between your Authenticator app and the site that you’re logging into, such that the site can determine that the code you’ve entered is correct. So the way that works is when you log into a site, let’s say on your PC, you have to open your Authenticator app on your phone, find the site of interest, find the six-digit code, type it in on the PC, and make sure you’ve typed it in before the 30-second window where that code is valid has expired. I find that generally to be a challenge, and inevitably I get the code typed in only to be told “Your password is invalid,” and I need to go through the sequence again.
Ideally, your password manager shouldn’t also hold your second factor because there is a slim chance that your password vault could be leaked, and someone could guess your strong master password. And then if the second factor was held there, there would be nothing keeping them from logging in on your behalf. The rule of thumb I have come up with is for high-value sites, I always use a standalone Authenticator app if it’s available. I’m thinking about things like bank accounts, shopping sites like Amazon. But for all of those other sites, the ones for which having a second factor is much better than not having one, I’ll let my password manager store it. And because it’s so easy, I find myself using it where I might not otherwise use it.
So I’m going to go back to Zoom and show you how simple it is to set up two-factor authentication with Bitwarden; and, even more importantly, how simple it is to use once it’s configured. And as if I planned it this way, right under where we just changed the password is a heading for two-factor authentication, so I’ll hit H.
JAWS VOICE: Two-factor authentication heading level four.
GLEN: And arrow down.
JAWS VOICE: Off.
GLEN: So it says I don’t have it.
JAWS VOICE: Turn on two-factor authentication button.
GLEN: I’ll press ENTER here.
JAWS VOICE: My profile dash Zoom. Turn on two-factor authentication dialog. You can use any app that supports time-based one-time password left paren TOTP right paren protocol.
GLEN: So I shut this up a little bit in the middle because it’ll go on for a while. I’ll do a say line to prove that I’m on the password field.
JAWS VOICE: Enter password to turn on two-factor authentication password edit required.
GLEN: I’ll press CTRL+SHIFT+L, and I’ll press TAB.
JAWS VOICE: Next button.
GLEN: And ENTER.
JAWS VOICE: My profile dash Zoom document.
GLEN: This actually leaves me at the top of the window, and so I’m going to hit H really fast to get to the proper heading.
JAWS VOICE: Personal heading level, admin heading level, profile page, two-factor authentication heading level one.
GLEN: So I’m back on the two-factor authentication heading. And now it says it’s on as I arrow down from that heading.
JAWS VOICE: Turn off two-factor authentication button. Authentication app not configured.
GLEN: So I need to configure my authentication app. I’ll arrow down again.
JAWS VOICE: Set up authentication app button. Set up authentication app dialog. Enter password to set up authentication app password edit required.
GLEN: Sure wants my password a lot. Glad I have a password manager. I’ll press CTRL+SHIFT+L and TAB.
JAWS VOICE: Next button.
GLEN: Press ENTER.
JAWS VOICE: My profile dash Zoom document. Two-factor authentication dash Zoom.
GLEN: So it’s left me at the top of the page. I happen to know that the two-factor authentication is a level one heading, so I’ll hit the one key.
JAWS VOICE: Two-factor authentication heading level one.
GLEN: Down arrow a few times.
JAWS VOICE: Step one of three. Heading level two authentication app set up. Scan the QR code below to register for an account on a link authentication app of your choice.
GLEN: Well, this is the part that I hate because I’m not the most efficient at scanning QR codes. Fortunately, there’s another option that works really well with Bitwarden and other password managers on the PC. I’ll arrow down.
JAWS VOICE: I can scan this QR code button.
GLEN: It says I can’t scan this QR code button. I’ll press ENTER.
JAWS VOICE: Scan QR code instead button.
GLEN: Arrow down a couple of times.
JAWS VOICE: Secret key, CZB.
GLEN: Okay, I’m not going to read my whole secret key, but I am going to do a SHIFT+DOWN ARROW.
JAWS VOICE: Selected, CZB.
GLEN: I’ll press CTRL+C.
JAWS VOICE: Copy selection to clipboard.
GLEN: And now I will do CTRL+SHIFT+Y to summon Bitwarden.
JAWS VOICE: Bitwarden, banner region, search vault, edit.
GLEN: I’ll press the NUMPAD+ to get back to virtual mode.
JAWS VOICE: Virtual PC cursor.
GLEN: Hit R to get to the main region.
JAWS VOICE: Main region.
GLEN: And now I’ll tab twice to get to the view button for the current site.
JAWS VOICE: Zoom.us group. Zoom.us gordon@vfo view button.
GLEN: I’ll press ENTER.
JAWS VOICE: Main region. Zoom.us group banner region, edit button.
GLEN: And I’ve tabbed twice more to get to the edit button. Press ENTER.
JAWS VOICE: Bitwarden document.
GLEN: I could theoretically get to the field that I want to paste this into by tabbing, but hitting E is probably a little bit faster.
JAWS VOICE: Name, edit. Username, password. Authenticator key left paren TOTP right paren edit.
GLEN: I’ll press ENTER to get into forms mode.
JAWS VOICE: Authenticator key, left paren TOTP right paren edit, blank.
GLEN: So the thing that I copied from the virtual buffer on the Zoom page, that’s what I want to paste in here. I did a paste. I’ll do a partial say line so you can see that something got pasted there.
JAWS VOICE: CZB6A.
GLEN: And I’ll press ENTER here.
JAWS VOICE: Bitwarden.
GLEN: And I’ll press ESCAPE to close Bitwarden.
JAWS VOICE: Two-factor authentication dash Zoom dash Google Chrome. Enter the code generated by your authentication app edit.
GLEN: In this case, Bitwarden hasn’t copied an authentication code to the clipboard because it only does that immediately after you use it to log into a site. But the Bitwarden context menu comes in handy here. So I’ll press the context menu key.
JAWS VOICE: Context menu. Win plus period. One of 15.
GLEN: Hit B for Bitwarden.
JAWS VOICE: Bitwarden submenu, 12 of 15.
JAWS VOICE: Bitwarden menu, auto-fill login submenu. Copy username, sub, copy passwords, copy verification code submenu, four of eight.
GLEN: That’s the one I want. I’ll press ENTER to go into the menu and ENTER again to select the first option.
JAWS VOICE: Copy verification code menu. Zoom.us, left paren email@example.com right paren, one of one. Leaving menus. Two-factor authentication dash Zoom dash Google Chrome. Enter the code generated by your authentication app edit.
GLEN: I’ll paste in the code that just got copied with CTRL+V and then press ENTER to submit it.
JAWS VOICE: Two-factor authentication dash Zoom document.
GLEN: I’m left at the top of the page again. I’ll hit one to move to a heading level one.
JAWS VOICE: Two-factor authentication heading level one.
GLEN: And arrow down.
JAWS VOICE: Heading level two, two-factor authentication setup complete.
GLEN: And I’m not going to show you my recovery code. I’ll just hit B to get to a button.
JAWS VOICE: Done button unavailable. Print button, download button.
GLEN: And apparently there is no done button until I choose download. I’ll do that. Download button, recent download.
GLEN: Now I should be able to get to done.
JAWS VOICE: Print button, done button.
GLEN: So I hit ENTER immediately after getting to the done button. I’m going to stop here and log out of Zoom, and then I’ll show you how the login sequence works. And through the magic of audio, I’m back with you positioned on the page to log back into Zoom. I’ll do a say line here.
JAWS VOICE: Email address edit required.
GLEN: I’ll do CTRL+SHIFT+L.
JAWS VOICE: Main content, main region. Password, password edit required. Bullet, bullet, bullet.
GLEN: That filled in my user ID and password. I’ll press ENTER.
JAWS VOICE: Two-factor authentication dash Zoom. Enter the code generated by your authentication app edit. Blank.
GLEN: I’ll do CTRL+V to paste the code that Bitwarden copied to the clipboard, and I’ll press ENTER.
JAWS VOICE: My pro alert. When you join meetings, webinars, chats, or channels hosted on Zoom...
GLEN: Even though things worked perfectly this time in terms of Bitwarden providing the authentication code, that will not always be the case. Bitwarden copies the authentication code that was valid at the time it fills your auto login information. And that means that if the 30-second lifetime of that code has since expired before you paste it, when you paste it you’ll be told that the code is invalid.
The way around this is to go back and do what I did just a moment ago when setting up two-factor authentication. Go to the Bitwarden context menu, choose the option to copy an authentication code to the clipboard. That’ll be the current code. Don’t waste very much time before pasting it into your application that’s requesting it. Press ENTER, and you should be logged in. If you want to use Bitwarden’s two-factor authentication support, it’s one of the few things for which you need a paid plan. Fortunately, the individual plan is only $10 a year. Family plan is $40 a year for up to six people.
Whether or not you choose to use Bitwarden, 1Password, or another reputable password manager, I hope what this demonstration has done is convince you that it’s safe to use such a password manager, and the time to start using one is now. It’s something that’ll simplify your life and, at the same time, strengthen your digital security.
And I’ll just do my final disclaimer, which is the only reason this demo sounded so good is because I know how to edit. I am terrible at doing things without stumbling around a little bit. But my intent was to show you how things work once you become a pro at using a password manager, not show you all the ways that I can go astray.
GLEN: And that does it for FSCast 240. I’m Glen Gordon. Thanks, as always, for joining me. If you have questions, comments, ideas, power tips, I always love hearing from you. Write to firstname.lastname@example.org, email@example.com. And we’ll see you in February.