Microsoft made a lot of usability and UI enhancement in Vista (including getting rid of the Fisher-Price look of XP). If we look at just the start bar, I see four major improvements:

1) Instant Search

I don’t know about you, but I use Instant Search all the time. It saves me several mouse clicks each day. And saving those clicks definitely adds up. It’s even gotten me to use the Windows+R shortcut on my XP systems a lot more often. This was definitely a good idea.

2) Inline Menu

In Vista, the old fly-out Program menu was replaced with the new super slick inline menu. As the linked article points out, the new inline program menu doesn’t have the flaky mouse hovering “feature” that causes you to need to reselect each branch to get to the program you want if you accidentally move your mouse out of the program menu. I must admit the old fly-out program menu has caused me much grief and I’m glad (in a sadistic way) to see that I’m not alone.

3) Starting as Admin

Although UAC is new to Vista, being able to start a program as an administrator from the start bar is still a good thing. You can do it by right clicking on the shortcut or by simply clicking Ctrl+Shift+Enter when the shortcut is selected. Although I don’t use this feature that much since admin credentials aren’t required often, it’s still a plus that Microsoft remembered to put this in. It could be a real pain if they didn’t for those applications that don’t ask you if you want to be an admin when they startup, but then you find out you actually do need to be.

4) Quick Launch Key Combos

This is another great little feature in the start bar that may be missed since it’s not obvious by just looking at it. For those applications that we use constantly all day long, this can save keystrokes even over the start menu searching feature discussed above. Two keystrokes maximum (and minimum) and you have your application up and running.

There are of course some people that bemoan the old taskbar of XP. Sure you can’t drag out the quick launch bar and dock it somewhere else, but unlike him I agree with Microsoft that instant search and the quick launch keys replace the need for quick launch bar. I rarely click on the items in my quick launch bar at all anymore. I simply click the Windows key and type a few characters… Or do a Windows+2. It’s so much easier.

But what do you think? Are there any other additions or subtractions from the taskbar that you can’t live without… or can’t live with?

So I recently had a support experience with VeriSign’s PiP provider that I’ve been talking a lot about. Here’s the story (in all its gory detail):

The Setup

I got the great advise from Steve Gibson in episode 107 of Security Now to register several OpenIDs using different mutations of your name. So I go to the VeriSign PiP website and create another account with the name michaelhall:

I got all the way through creating the new account which brings me to the my new my account’s homepage. I scroll down a little and then see something I didn’t notice before:

Crap. You can add multiple OpenIDs to the same PiP account:

I’m a moron. So I click on the delete link next to my newly created OpenID. The page refreshes, but I get an error saying “Last identity could not be deleted.” Well, that makes sense. Why would you have a VeriSign PiP account, but no OpenID in it? So I go ahead and create a throwaway OpenID, so that I can delete the michaelhall OpenID that I really want. I create the throwaway OpenID and delete the michaelhall OpenID. Ok, everything seems fine. I logout of the new PiP account and log in to my original PiP account… Click on “Create a new OpenID”. Click on “Add an OpenID”. Type in “michaelhall”. Click on “Add OpenID”. Bam!

Ok, now that’s unexpected. What did I do wrong? I deleted the OpenID from the new account and am trying to add it to my new account. hm…

The E-mail

So I click on the “Help and Support” link. It brings me to the FAQ. Reading… reading… no help here. I click on “Contact Us” and get a support email address. Ok, let’s see where this gets me. I type up an email explaining the situation. Clicked send and it’s off.

The Response

Less than 24 hours later (on a Saturday no less) I get a reply. Wow, not too bad. And it’s from the technical director of the PiP program at VeriSign. Not too bad at all! He introduces himself, explains that he can’t fix it until the start of the next work week, and then asks me to confirm the deletion. Now that’s great support:

1. The reply was immediate.

2. I didn’t have to deal with some shmuck in support that didn’t know what they were doing (not referring to VeriSign support here, but to general tech support in the industry).

3. I didn’t have to jump through hoops to get my problem fixed. Two simple emails. Fixed.

I applaud VeriSign for their efforts. They’ve really done a great job with PiP. I may even go buy a spare VeriSign Keychain Token just to support this great program.

Yesterday, I talked about using a VeriSign security token with your VeriSign PIP OpenID. I kinda gleaned over the fact that you can use the PayPal Security Key. And that is actually a big deal…

PayPal Security Key

You want, neh… you need a PayPal Security Key and here’s why:

1. The PayPal Security Key is only $5 compared to the $30 for the VeriSign Keychain Token. (Note: The two photos aren’t to the same scale. The tokens are actually the same size):

2. The PayPal Security Key makes use of VeriSign’s backend, so it’s just as secure as VeriSign’s own VeriSign Keychain Token. (PayPal’s security token is in actuality just a rebranded VeriSign security token.)

3. The VeriSign Keychain Token can only be used with VeriSign PIP. The PayPal Security Key can be used with PayPal, eBay, and VeriSign PIP. That doesn’t mean that PayPal and eBay support OpenID; that simply means that you need to enter the number displayed on the screen in addition to your PayPal/eBay username and password when logging in.

VeriSign PIP

When VeriSign developed their PIP framework, they did it right:

1. You’re forced to use SSL when accessing their site:

Even if you go to http://pip.verisignlabs.com/, you’ll be redirected to the secure, certificate-fied https://pip.verisignlabs.com/.

2. It makes use of a site key by showing your personal icon:

…not that site keys are that great, since they can still succumb to man-in-the-middle attacks, but they’re better than nothing.

3. It maintains and display logs of your security token usage. By clicking on the My Activities link on the right panel, you’ll see:

And these three things are all good to have. You need that much more security for your OpenID identity since OpenID is meant to be used on multiple websites. And since multiple websites will potentially have the same OpenID for you, it needs to be kept that much more safe and secure.

[Update] You can also have multiple OpenIDs in the same VeriSign PiP account which I just recently found out about.

SeatBelt
VeriSign also has a new Firefox plug-in called SeatBelt that detects your VeriSign OpenID login status:

…and asks you if you want to login if it detects that you just went to a page asking for your OpenID:

You can’t add too much more convenience without sacrificing security than that.