Me, Apple, and the Marines

Podcast interview: I’m always excited to talk about Apple, WebObjects, my time in the Marines, and working with Guy Kawasaki, Dave Winer, and It's Borrowed:

TMO Background Mode Interview with the CTO of It’s Borrowed Joe Moreno

Too Much Security at USAA

Click to enlarge the USAA mobile app security steps.

Typically, security is a tradeoff with convenience. But, it doesn't have to be. However, it's far too easy for lazy companies to fall back on poor user experience by citing security or some other limitation while pointing fingers. One thing I love about companies like Apple is that they're fantastic at handholding a customer through a support issue, even if it's beyond their area of responsibility.

I've been a USAA member for 25 years. USAA began in the early 1920s as the United States Automobile Association offering insurance to military officers. About 20 years ago, the company expanded their services to enlisted service members and also offers insurance to other federal special agents. In 2009, USAA was one of the first companies to allow consumers to deposit checks by taking a photo of a check via a mobile app. One of the problems I've encountered with their mobile app is authentication.

The USAA mobile app utilizes a Quick Logon and Touch ID as a means of authentication. Instead of entering my password, the app can scan my fingerprint much like my Schwab mobile app. But, unlike my Schwab mobile app, it seems that when my USAA app is updated, I must re-enter my username, password, PIN, and then answer a security question. After that's completed, I have to re-enable Touch ID.

Here are the steps to enable these features...

Quick Logon
1. Enter Logon and password.
2. Enter ATM PIN.
3. Answer security question.

Hurray, I'm logged in and I can deposit a check, view my balance, download insurance documents, etc. Next step is to re-enable Touch ID.

Touch ID
4. Tap your profile image to get to your profile.
5. Tap Settings and Profile.
6. Enter your mobile phone number to receive a temporary passcode via SMS text message.
7. Enter the temporary passcode.
8. Activate Touch ID by tapping the Activate button.
9. Check the box to confirm finger print consent.
10. Tap View Document (PDF) to read the USAA Fingerprint Consent form.
11. Click the final button to activate Touch ID.

Hurray, the "You've successfully enrolled in Touch ID" message confirms that you can logon using your fingerprint until the app is updated. Yes, that is a huge pain to do every couple months, or so.

But wait, there's more. I contacted USAA via Twitter about this issue. As you can see from their reply, they said, "Yes and thanks for the update. Please reach out to tech support at: 877-632-3002 They are able to troubleshoot and provide help."

Calling USAA Tech Support

I called USAA tech support. "We’re currently experiencing a high number of calls. You may have to wait longer than normal," was the recorded message that I heard. Whenever I hear that plain vanilla (sometimes default) message I know that less-than-stellar customer service awaits me. A few minutes later a CSR picked up and I explained the issue. She told me that she'd have to escalate the issue to their web support team. After a couple more minutes of "We’re currently experiencing a high number of calls. You may have to wait longer than normal," another CSR picked up. I told her that I was transferred to her and asked her if she had been briefed on my issue. Unlike Schwab customer service which does a warm handoff, she had not been briefed; so I quickly explained the issue. She told me that I should delete the app and reinstall it. She added, since I was on an iPhone, that I'd have to uninstall the app from iCloud, too. Uninstall the app from iCloud? Now this was something I never heard of, before.

"How do I uninstall the app from iCloud?" I asked.

"Unfortunately, we're not trained in how to uninstall an app from iCloud," she responded.

I suddenly felt like I was talking to Microsoft tech support hearing the typical uninstall and reinstall instructions and "Oh, that's not my problem" deflection.

So, I asked if I did that, then would I still need to reauthenticate Quick Logon and authorize Touch ID. She said, once I uninstalled the app, deleted it from iCloud, and reinstalled the app, that I'd need to re-setup my Quick Logon and biometrics (Touch ID). So, my unasked question, to myself, was, "What problem did we just solve by deleting the app from my iPhone, iCloud (I still don't know what that meant), and reinstalling it?" But I realized, at this point, that asking would be fruitless since USAA CSR training is not up to par, much like their mobile app UX.

Is this blog post complaining, on my part? Yes, it sure is. But I'm hoping that it's coming across as constructively suggesting what USAA can do to improve their customer service for their military members and veterans. With a little luck their UX will be similar to Schwab.

Benefits Before Features

Steve Jobs: And then they tried "Got Milk..."

On this day in 1804, the Vice President of United States mortally wounded Alexander Hamilton in a duel in New Jersey (on the same spot where Hamilton's son was also killed in a duel, three years earlier).

Fast forward to 1993 when the first "Got Milk" commercial aired about the duel.
https://www.youtube.com/watch?v=OLSsswr6z9Y

Four years later, Steve Jobs referred to this successful commercial when launching the "Think Different" ad campaign since it was about brand and benefits, not features. https://www.youtube.com/watch?v=3zyeSTEcNgk

Hail Cricket, Farewell AT&T

AT&T LTE Bandwidth

I've used AT&T Wireless service since the first iPhone was released, exactly ten years ago, yesterday. AT&T offered unlimited data and then, a couple years later, they instituted limited data plans. I stayed with AT&T since they grandfathered me in with their unlimited data plan. Even today, I still had an unlimited data plan with AT&T, but they'd throttle it at a certain point. The data would still come through, but at a much slower rate.

However, data was never a big selling point for me. The real issue for me was monthly cost. Phone companies utilize a price elasticity business model, which means they figure out how to charge the most they can to maximize their profits. If they charge too little, they leave money on the table. If they charge too much, then customers will switch to another company. 

Cricket LTE Bandwidth

Generally, cutting edge smart phones cost $500 – $1,000 or more. To defray these costs, the wireless carriers will subsidize the price of the phone by having their customers sign a two-year wireless service contract. This works well since many people do not frequently hop from wireless carrier to wireless carrier. But I like the idea of not being committed to a single carrier. So, I typically purchase an unlocked phone. Purchasing an unlocked phone means I had no service contract commitment, plus I can insert any companies' or countries' SIM card.

About two years ago, my AT&T bill was a very ridiculous $150/month. I never used up my minutes so I dropped my plan down to a moderately ridiculous $95/month which kept creeping up until it recently hit $111/month due to inflation. That's when a couple friends told me about Cricket Wireless which is now owned by AT&T. Cricket utilizes nearly all of AT&T's cell towers meaning that I'll have the same level of coverage. But they key selling point of Cricket is that it costs way less than AT&T.

Switching

So, today, I made the switch from AT&T to Cricket. It took less than an hour for me to go to the local Cricket store and return home with my phone number and service ported.

My monthly bill dropped from $111.42, with AT&T, to $35 with Cricket. But there are some slight differences.

Cricket Cons

1. AT&T LTE down stream bandwidth clocked in at 13.4 Mbps. Cricket advertises that their LTE tops out at 8 Mbps. In practice, I'm seeing about 7.8 Mbps download with Cricket which is very respectable.

2. No more unlimited data. I now pay Cricket a total of $35/month for 4 GB of data. I looked at my AT&T bills from the past year and I was topping out at less than 3 GB of data/month.

Cricket Pros

1. Unlimited voice minutes. (I was paying AT&T $40/month for 450 minutes, with unused minutes rolling over.) Most of my talking is over WiFi since I use either FaceTime or Facebook Messenger, so voice minutes was never a big selling point for me, but I do like that I now have unlimited talk minutes.

2. Unlimited texting. (I was paying AT&T $20/month for unlimited SMS/MMS text messaging; with Cricket, that's all rolled into the $35/month plan.)

3. Cricket utilizes nearly all of AT&T's cell towers, so I should see no connectivity differences.

Today, I ended up paying about $75 to Cricket, out the door, for the $35/month plan due to one-time activation charges. Let's see where it goes from here.

Apple ID Two-step vs Two-factor Authentication

I recently had a slew of unauthorized attempted logins on my iCloud account which kept locking me out, requiring a password reset. I called AppleCare and the CSR asked me if had turned on two-factor authentication. I told him that I did and, after looking at my account details, he told me that I didn't have two-factor authentication turned on. Instead, he said that I had two-step authentication enabled. Hmm, I didn't know there was a difference.

The key difference is that Apple's two-factor authentication is more secure than two-step authentication. Two-factor authentication is built into iOS. However, if you have an Apple ID for, say, the iTunes Store, but you don't have any Apple devices then you can't take advantage of two-factor authentication; instead, you can use two-step authentication.

Throughout history, people have authenticated themselves in one of three ways (knows, has, is):
1. Something a person knows (a combination to a lock).
2. Something a person has (a key to a house).
3. Something a person is (I walk though the front door of my house and my family recognizes me).

With two-factor authentication, a person needs two things to prove who they are. We experience this when we withdraw money from an ATM since we need our ATM card (first factor) plus our PIN (second factor). With a two-factor Apple ID login, I need to know both my password and I need to have my iPhone handy so I can see a verification code sent to me when I log in.

Without realizing it, we might use three-factor authentication to get into our home by entering a code to drive into an apartment complex, followed by using a key to open our front door, and finally being recognized by another family member or roommate once we enter our home.

Once I switched over to two-factor authentication, which the CSR at AppleCare walked me through, the password resets immediately ended.

This is so Easy

Earlier this month, my octogenarian mother had to give up her defunct decade-old MacBook that she inherited from my father. Before 2007, she had never sent or received an e-mail – so high tech is still new to her. My sister and I were a little hesitant to move her from her laptop to an iPad due to the UX change, but it's working out better than expected.

Today, she called me asking about the Epley Maneuver on YouTube. She called on a POTS line and then I switched the call over to a FaceTime video call, which she enjoyed. After I told her how to watch the YouTube video that I sent her ("Simply click the link in the e-mail, mom.") I then told her how to hang up and she enthusiastically said, "This is soooo easy." There was almost a hit of "why didn't you switch me to an iPad sooner" in her voice.

Innovation is something that reduces the cost of a transaction in terms of time or money. And that's exactly what the iPad has done for my mother.

Future-proofing Naïveté

How naive we were, ten years ago, to think that URL shorteners needed to withstand the apocalypse. Even back then, we called it future-proofing. Today, clicking on a ten year old link typically yields a four-oh-four unless you're visiting the website of an Internet power-player with a keen interest in archival like the NYT or Wikipedia 

While shortened links may last a decade or longer, web pages have a much shorter shelf life. As technology quickly changes, so do server-side URL naming schemes that break links. Today's working links will eventually become tomorrow's orphaned links.

404 Solution

I saw a fix to this problem when working at a corporate conglomerate. Every morning, someone analyzed a list of all the 404s from the past day and then did their best to fix the "referrer." Usually that was easiest done by fixing the source, if it was an internal brand webpage. If the broken link was on an important, external website then we set up a web page, where the 404 was landing, to redirect the user to the correct destination. Fix the problem at the source, and when you can't then fix the symptoms rather than shifting the blame.

In The Future

Soon, it'll be common for digital anthropologists to piece together the Internet puzzle, from days long gone, to document the digital history of a culture. No different than a traditional anthropologist, except dealing with electrons instead of atoms.

The web is what it is, it is us who need to adapt our thinking to be inline with online. 

My Luck With Banking

Last month, I withdrew $200 from a San Diego ATM. Unlike New York, where ATMs dispense $20, $50, and $100 bills, San Diego's ATMs have always spit out $20 bills, in my experience. But, last month I got a pleasant surprise when, instead of receiving ten $20 bills, I received nine $20 bills and one $100 bill. Suspected jackpot! 

My first thought was that I had either received $280 in cash or, perhaps, I received $180, plus a counterfeit $100 bill. I immediately spent the "Benjamin" without any problem. On Friday, I looked at my bank statement and saw that I was debited $200, as expected. I spoke to a local corner market owner who refills his store's ATM and he told me that there would be no record of the extra $100 bill since the ATMs can't distinguish between bills – everything's a $20 bill to the ATM. Reaffirmed jackpot!

I figured that I would be free-and-clear of the extra $80, but it wouldn't surprise me if, at some point in the future, that money might be debited from my bank account without notice. So, I sent a message to my bank, describing what happened and this was their response:

Dear Mr. Moreno,

Thank you for your message.  I appreciate your honesty!

As it turns out, [we] can file a dispute when you are not paid enough, but we do not have a resolution process when you are overpaid [...] it sounds as though you may have had a lucky draw!  

Confirmed jackpot!

Bad Luck With Banking

In the mid-1980s, I withdrew some money from a Marine Corps West Federal Credit Union on Camp Pendleton. I heard some paper crunching inside the machine as the money was dispensed, jamming up the cash dispenser. When I walked into the bank to report the issue, the banker looked at me with suspicion and skepticism as I told her what happened.

"We'll look into it," she said, dismissively.

About a week later, I followed up with her and she made me whole. She seemed a little defensive when I asked what happened and how they confirmed it. She simply said the extra money was discovered jammed in the ATM cash dispenser feeder. A minor hassle for me before the age of e-mail, but it all worked out. 

One day, I'll write about how, in the mid-1990s, my landlord deposited my rent checks, but he wasn't credited for them. My bank, which was a different institution than his, was adamant that he was "almost positively" lying. He wasn't, but it took a couple months to reconcile. 

PS – Did you know that you can make actual size, hard copy reproductions of US bills in black and white? You can also make color reproductions of money as long as the one-sided reproduction is more than 25% smaller or 50% larger than genuine bills.

Advice to USNA Class of 2017

Today's USNA '17 Graduation: Those covers (hats) fly high.

Advice to USNA Class of 2015
Advice to USNA Class of 2016

Today, the US Naval Academy Class of 2017 graduated. What would I tell these eager second lieutenants and ensigns? So many things. I learned some key leadership tricks while at the Academy. Some were hard to do in real-life, like Damn XO. Others were simple like the advice that General Krulak told us: when checking into a new unit, get the record books of all of those in your charge and read through them. They'll be impressed when you talk to them, for the first time, about their past, civilian or military. This would simply be a gimmick, though, if you don't stay on top of what's going on in the lives of your Marines. Take the time to know your Marines, even if you need to take notes to remind yourself of their details.

Management vs Leadership

As a new 2nd Lt or ENS, you will be face new and unfamiliar leadership challenges as you move from being an individual contributor to a leader. As an officer, you're more than a manager. In some cases, there are similarities between managers and leaders and in other cases these roles are completely different. An example of where a manager, in a civilian corporation, isn't a leader is an account manager which might be the job title for a sales person with no direct reports.

So, what about the similarities? What's the difference between a leader and a manager of people? The key thing to remember is that leadership transcends levels of an organization. When I worked at Apple, my manager's name was Tony. Since Steve Jobs was four levels above me, he was not my manager, but he was most certainly my leader.

As a new leader, you'll have to learn to take recommendations from your Marines and then decide what to do. Sometimes your subordinates will give you great advice and sometimes they'll give you some not-so-great advice. You'll learn; many times, you'll learn from your mistakes. Just don't repeat them.

My last piece of advice is don't take yourself too seriously. One way to do this is by subordinating your ego which is harder than you think. Here's one way to do it: when telling others about your personnel, refer to the Marines under you by saying "us" or "we" instead of "my Marines." In other words, don't say, "My Marines inventoried the warehouse," rather, say, "We inventoried the warehouse." It's a minor issue, but unless you're the CO then you're part of a the team, not the commander, and your Marines will follow your example.

Amazon Flex, Prime Now (One way to spend money. One way to make money.)

Signed, sealed, and delivered.

A friend told me that she recently started driving for Amazon Flex which is like Uber for Amazon package delivery. As a contract driver, she simply drives to her local Amazon warehouse and loads up her car. She scans each package, using the Amazon Flex app, as she places it in her car and the app determines the optimal driving route. Drivers have three hours to finish their delivers and return with any undelivered items.

As I looked into Amazon Flex, I noticed that Amazon Prime Now delivers groceries, similar to Amazon Fresh. I gave it a try since Prime Now offered free delivery for orders over $20 (plus an additional $5 tip).

I started putting items into my shopping cart, yesterday afternoon. When I went to resume shopping, this afternoon, I noticed that a couple items were no longer available which was clearly displayed. After adding a few more items to my cart, I checked out at 1:30 PM with a 2 PM – 4 PM free delivery window. I had the option, for $7.99, for delivery within the hour.

Ding Dong

Cooler bag for dairy.

About 75 minutes after I placed my order, which was 15 minutes before arriving, I received a text message that Ryan was on his way, with a link to track him that updated in near real-time. I went out to meet him when I saw that he had arrived. As he walked toward me I said, "You're Ryan, from Amazon, right?"

"Yes... this was an easy delivery," said Ryan.

"Do you drive for Amazon Flex?" I asked, catching him off guard.

"Um, uh, yeah... do you know me, personally?"

He was a bit baffled as I explained that I did not know him but I understood how Amazon Flex worked. Best part is that my delivery was exactly what I ordered, plus the dairy was in a cooler bag with ice.