FreeNAS Mini XL, 8 bay Mini-ITX NAS

Catching up on email, I saw a Newsletter from iX Systems announcing the FreeNAS Mini XL (the irony).  On the new FreeNAS Mini page it looks just like the FreeNAS mini but taller to accommodate 8-bays.

Available on Amazon starting at $1,500 with no drives.

Here’s the Quick Start Guide and Data Sheet.

The pictures show what appears to be equipped with the Asrock C2750d4i motherboard which has an 8-core Atom / Avoton processor.  With the upcoming FreeNAS 9.10 (based on FreeBSD 10) it should be able to run the bhyve hypervisor as well (at least from CLI, might have to wait until FreeNAS 10 for a bhyve GUI) meaning a nice all-in-one hypervisor with ZFS without the need for VT-d.   This may end up being a great successor to the HP Microserver for those wanting to upgrade with a little more capacity.

The case is the Ablecom CS-T80 so I imagine we’ll start seeing it from Supermicro soon as well.  According to Ablecom it has 8 hotswap bays plus 2 x 2.5″ internal bays and still managed to have room for a slim DVD/Blu-Ray drive.

ablecom_cs_t80It’s really great to see an 8-bay Mini-ITX NAS case that’s nicer than the existing options out there.  I hope the FreeNAS Mini XL will have an option for a more powerful motherboard even if it means having to use up the PCI-E slot with an HBA–I’m not really a fan of the Marvell SATA controllers on that board, and of course a Xeon-D would be nice.

 

 

Ting Fiber Internet in Sandpoint

 

We’re Getting Fiber in Sandpoint!  Thanks Ting!

Ting Fiber

I just pre-ordered 1 gigabit up / 1 gigabit down!

After years of being in the dark ages in rural North Idaho with nothing but slow DSL, high latency cable, with the only reliable option being Verizon Wireless.  We now have real internet!

Sandpoint is finally getting it’s first fiber internet service from Ting!  Keep up to date on the latest news on Ting’s Sandpoint Blog

Ting Logo

Ting Fiber Internet Pricing

Ting is offering 1Gb symmetrical for $89/month, and 5Mb symmetrical for for $19/month!

If you live in the City of Sandpoint, Kootenai, Ponderay, or Dover, here’s the place to pre-order Ting Internet.

Static IPs are also available for $19/month for 1 or $25/month for 5.

 

Dell Hacked: Watch Out For Social Engineering Scams

Dell Support Social Engineer

The last few days I have been getting a lot of calls from “Unknown Caller” for which I didn’t pick up.  This morning I got a call from a number in the 845 area code so I answered.

It was my friendly Dell Support rep from India!

Hello, this is Dell support, we detected some malware activity on your computer.
They had detected malware on my machine.  Oh no!  All I needed to do was go to this url to scan for viruses.  I put the call on speaker phone and my coworkers and I played along hoping to figure out what we could about the operation–until we told him I had a Mac and then he knew we were on to him.

Dell Data Breached

The guy had all my information: my name, the phone number I gave Dell, and even knew the Dell model I had and about a tech support call I made last year to replace a bad motherboard.  He even had an Indian accent just like Dell Support!

I can see how some people would fall for this, this is known as “social engineering” where an attacker attempts to social engineer someone into going to a website to “scan your computer for malware” which of course will turn up positive (and may actually install malware).  Then “Dell Support” will charge a fee to remove the malware that was just installed.

Since Dell isn’t as forthcoming as they should be, I thought I’d post this, because it’s obvious the hackers have been able to obtain data from Dell.  At the very least Dell support data has been compromised which makes the scam sound more convincing.

One thing I am disappointed in is that Dell hasn’t told me that my information has been compromised despite being aware of a breach since the last 7 months!  As far as I know Dell hasn’t made any effort to notify their customers of the attack.  But they should.

YubiKey Two-Factor Authentication

Last year I started looking at 2FA (Two Factor Authentication) solutions and came across YubiKey which is a fantastic little device.  I ordered a few NEOs to play with.  There are several models, I opted for the NEO since it supports the most features and has an NFC chip that Android phones can use.  It’s $50 on Amazon or can be ordered direct from the Yubico Store for $55.

Three YubiKey NEOs

YubiKeys purposefully have firmware that can’t be overwritten.  The downside is it’s impossible to upgrade them when new firmware features become available, but the benefit is it’s more secure.  So far Yubico has stood behind their product and done what’s right–last year a security issue was discovered with the Yubikey NEO’s OpenPGP card applet and Yubico issued free replacements to everyone affected.

A few things I wanted to try:

  1. Secure a KeePass database using a YubiKey.
  2. Use in place of a Google Authenticator for services that support OATH-TOTP.
  3. Use in place of a Battle.Net Authenticator.
  4. Use with a service that suports FIDO-U2F (Universal Second Factor)
  5. Cloning a key (to have a backup)

The rest of this post is sort of a guide on some of the things I’ve experimented with.

Preliminary: Enable All NEO Modes

Open up the Yubikey NEO Manager, insert a YubiKey and hit Change Connection Mode.

click the Change connection mode button

All three modes need to be checked:

Check CCID

And now apps are available.

YubiKey NEO apps are now available

Encrypting a KeePass Database

Enable Challenge/Response on the Yubikey

I followed a well written post: Securing Keepass with a Second Factor – Kahu Security but made a few minor changes.  I think some of the options I used such as variable input were not working right when the above guide was written.  The below is the configuration I used when testing.  If you want more details and screenshots see the Kahu Security post.

Open the YubiKey Personalization Tool and program SLOT 2.  If you might use YubiCloud in the future don’t reprogram SLOT 1.  There are two options, one (which I don’t want) is Yubico OTP.  This will generate one time passwords based on a counter (HOTP).  Since I want to use multiple YubiKeys, HOTP will not work well because the counters will get out of sync.  I suggest using HMAC-SHA1 which allows a program to send a challenge that only the YubiKey would know the correct response to based on the secret.

Selecting HMAC-SHA1

Select Slot 2, if you want to be able to unlock Keepass with multiple YubiKeys then select those options and choose “Same secret for all keys”   Generate the secret key, hit “Write Configuration”  Then insert any additional YubiKeys to program them all with the same secret.

Config Slot 2, Program Multiple Keys checked, Automatically program YubiKeys when inserted checked, select Same Secret for all Keys under Parameter generation Scheme, under HMAC-SHA1 Parameters choose variable input, click Generate, click Write Configuration

Assuming KeePass 2 is already installed,

Grab the KeeChallenge plugin, install it by extracting the contents, including folders into the root of: C:\Program Files (x86)\KeePass Password Safe 2.

Download the Yubikey Personalization Tools (command line) for both 64-bit and 32-bit.  Under ykpers-1.17.3-win32.zip/bin extract the .dll files to C:\Program Files (x86)\KeePass Password Safe 2\32bit overwriting any files, and do the same for 64-bit.

Once that’s setup create a KeePass database using YubiKey’s challenge-response as part of the composite master key.

KeePass Create Composite Master Key Screen. Master password is checked. Key file / provider is checked and Yubikey challange-response is selected.

Obviously save the secret to recover the database someplace safe in case the Yubikey(s) should fail or get lost.  And once again, if you’d like more details or screenshots see the Kahu Security guide.

KeeChallenge Linux Install

Also, this is easily setup in Linux.  Using Ubuntu Gnome 16.04 Beta:

(although KeeChallange doesn’t need it, I’ve found most plugins for KeePass2 on Linux need mono-complete installed or it fail to load the plugin with a plugin incompatibility error).

What Security Does YubiKey Provide for KeePass?

This method causes KeePass to encrypt the database which can only be unlocked with a response to the challenge stored in an XML file in the same location as the KeePass database.  Only the YubiKey (or of course the recovery key) can provide the answer and it does so without revealing the secret which means an interception doesn’t give an attacker the ability to respond to future challenges.  This challenge/response changes each time the KeePass database is modified.  If an attacker were to intercept the Challenge/Response he would only be able to use that information to decrypt that particular version of the database–not future or past versions–and only if he also was able to intercept the rest of the composite key (such as the password).  This isn’t foolproof of course, and there are certainly other attack vectors that this offers to no protection against, but adding challenge/response to the composite key does add another layer of security.

Caution with Synchronizing

I should note that if you’re using something like DropBox, Google Drive, Syncthing, etc. to keep the KeePass database on multiple devices in sync that both files: the KeePass KDBX file and corresponding XML file must be kept in sync.  The XML file is updated with a new challenge/response for the kdbx file on each KeePass save.  An older version of the xml file will not open the latest kdbx file and vice-versa.  Probably the only time the files would go out of sync is if changes on one file synchronized but you lost connection before the other one was updated.  It’s probably a rare event but something to be aware of and another reason to have decent, versioned backups and also have a recovery key.

Yubikey Challenge/Response with Android

KeePass2Droid can use Challenge/Response encrypted databases if YubiKey’s YubiChallenge app is installed.  Open KeePass2Droid, select “Password+Challenge-Response”, enter your master password and hit “Load OTP Auxiliary file…” which should open YubiChallenge.  I think it may prompt for the auxiliary file the first time, if so choose the .xml file with the same name as the KeePass database.

KeePass2Droid screenshot. Select master key type set to Password + Challange-Response. Click Load OTP Auxiliary File.

Swipe your YubiKey to unlock the database.

KeePass2Droid Screenshot. Dialog says Challenging, Please swite your YubiKey NEO.

LastPass

LastPass also supports Yubikey using OTP for the paid versions of LastPass.  The YubiKey isn’t used as part of a master composite key to encrypt the password data like it does with Keepass, instead it’s only used to authenticate against the service.

FIDO U2F Authentication

Some services like Google, GitHub, etc. are starting to support FIDO U2F (Universal 2 Factor) auth.  The main disadvantage I’ve found to this method is you need a backup method for logging in if you lose the YubiKey since you can (with the services I’ve tried) only associate one YubiKey with an account using U2F.  That said it is very simple to use… and some services let you use OTP, an Authenticator or SMS as a backup which I think is reasonable.  Typically after providing a username/password the service will have you insert your YubiKey to authenticate the user.

Google 2-Step Verification Screenshot. Instructions say Insert your Security Key (showing graphic of YubiKey inserting into USB port)

Yubico Authenticator

OTP Auth codes can also be stored using the Yubico Authenticator for Android (just swipe the key near your phone’s NFC antenna to get your auth codes) or the Desktop Authenticator (Win, Mac, or Linux).

YubiKey authenticator screenshot showing several entries with auth codes.

Yubico Authenticator works like the Google Authenticator, but the auth secrets are stored on the YubiKey instead of the Android device.  I like this because it means if my Android is dead I can just use another Android phone, or run the desktop authenticator app on a computer and insert the YubiKey.  Password protection is also available to secure the auth codes adding one more layer of security.

Yubico Authenticator showing New Credential screen

I was able to get YubiKey to work with pretty much any service that works with the Google Authenticator.  And I was also able to program the secret into multiple YubiKeys.

YubiKey as a Battle.Net Authenticator

(Note that this is not supported by Battle.Net, use at your own risk).

I found a project called WinAuth and the latest BETA version is able to generate a virtual Battle.Net Authenticator.

Create the virtual authenticator…

WinAuth Screenshot of generating a Battle.net Authenticator

Export the WinAuth config to a text file…

Screenshot of WinAuth. Click on Gear, Choose Export.

Copy the secret…

Screenshow showing WinAuth Export of Battle.Net Authenticator, with Secret highlighted.

Add it to YubiKey and you’ve got a Battle.Net Authenticator!  This should work with all the Blizzard games like StarCraft and WarCraft and whatever else they have these days.  Register the device with Battle.net using the Serial number in WinAuth.

Yubico Authenticator Screenshot showing secret key pasted in from WinAuth export.

I also tried to emulate a Steam Guard Mobile Authenticator but it won’t work with YubiKey’s Authenticator out of the box–however, since the YubiKey Authenticator is open source I’m sure it would be fairly easy to implement for someone that has a bit of time on their hands.

And More…

I certainly haven’t explored everything that can be done with the device… it can store PGP keys and be used for SSH authentication, be used for PAM or AD authentication, etc.  What I really like about Yubico is the devices are affordable, the company stands behind their product, the software is open source (with pages of projects on GitHub) and works on Linux, Mac, Windows, and Android making it a great cross platform solution.  For people that use several different 2FA methods against a variety of services this single USB device will probably handle most, if not all of them.

Of course, 2FA isn’t going to make anyone immune to hackers, but it does add an additional layer of security on top of passwords.

Hoppin’ John

hoppin_john_bowl_2016

I didn’t get a chance to make my annual King Cake this year for Eli’s birthday since I was away most of the day.  But when I got home Kris surprised me by making not only gluten free dairy free King Cake, but Hoppin’ John!

A popular New Years meal, Hoppin’ John was traditionally eaten in the southern United States to bring in wealth and prosperity for the New Year.  I think the meal was lesser known among wealthy people, the point of it was that it was inexpensive.  In fact, if you have it for leftovers the next day the meal is called Skippin’ Jenny which only adds more to the New Years prosperity–probably because of one’s frugality.

Robert Moss has an excellent article on the Historical Problem With Hoppin’ John which explains that our modern Bacon, Rice, and Peas are so degraded which is why we have so many ingredient’s in modern recipes to try to get back the traditional flavor.  That said Hoppin’ John is one of my favorite dishes, right on up there with Shrimp Gumbo.  Here’s more or less what Kris put it in it (roughly based on Gigi’s Hoppin’ John Soup recipe)

Ingredients
1 Tablespoon olive oil
1 cup onion, diced
1 cup green pepper, diced
1 cup celery, diced
1 Tablespoon garlic, minced
1 lb ham, chopped
1 can black eyed peas, not drained
1-2+ cups stock or broth (may add more to adjust to desired thinness)
6 large collard leaves, washed, dried, and chopped
½ teaspoons red pepper flakes (can use upto 1½ teaspoons if little ones aren’t eating)
½ to 1 teaspoon sea salt, to taste
¼ teaspoon black pepper
¼ tsp dried thyme (may substitute parsley or rosemary)

Instructions
In a large soup pot over medium heat, heat olive oil and cook onions, carrots, green pepper, and celery until tender, about 5 minutes.

While the veggies cook, wash and remove center rib from collard leaves by cutting leaves in half length-wise and discarding center rib. Stack the leaf halves and chop; set aside.

Add garlic to the veggies in the soup pot and stir 1-2 minutes, until garlic becomes aromatic. Add ham and peas with liquid until simmering, about 2 minutes.

Add broth, collards, red pepper flakes, salt, pepper, and thyme, and stir. Cover the pot and simmer over medium-low heat for 30 minutes. Check occasionally and add broth as needed to keep food from sticking to the bottom of pot.

Remove the lid. Stir and check vegetables for desired firmness/tenderness. If needed simmer an additional 15 minutes and add broth as needed.

And of course it’s good to cook it in advance and let it sit for a bit.

hoppin_john_2016

Since the rest of my family is gluten and corn free we didn’t have French Bread slathered in butter or Cornbread, but if you can eat those things I highly recommend having one of those for your side.

Of course, the King Cake, was great too!

king_cake_2016

 

Merry Christmas 2015

Merry Christmas!  Looks like a white Christmas for us… It’s been snowing almost non-stop for the last few days.

One of the things I’ve started to understand more this year is Christ’s humility, not only in dying on the cross to offer us salvation, but also in leaving heaven and revealing Himself by stepping into His creation and becoming a man.  Here’s an except from our church newsletter:

He deserved the worship of myriads and myriads of angels. He enjoyed unbroken fellowship with the Father from eternity past. He was untouched by sin and human sinfulness. He was unaffected by this creation and its fallenness. He had the conveniences, pleasures, and joys of Heaven. The glory of that place was His.

If He were to leave that and come to the greatest palace on earth, to be fawned over by thousands of servants and waited on hand and foot, it would be an infinite condescension. If He were to leave Heaven and have His every need met, His every wish fulfilled, and receive the best treatment ever afforded a King, the incarnation would still be an unimaginable humiliation.

Osman, Jim. “A Savior Who is Christ the King” Kootenai Communicator Dec 2015

The gift that God gave is something to ponder.

IMG_0234

Well, off to shovel more snow.   It might be time to buy a snow blower.  |:-)

TracFone on Verizon MVNO Review

We’ve been using Ting for Kris’s phone the last 3 years, it’s been great (see my Ting Review)–but at our new house Sprint’s signal isn’t that good–it can’t really pull in a 3G signal consistently.  In rural North Idaho the best coverage is indisputably Verizon, so I limited my search to Verizon MVNOs which have a BYOD (Bring Your Own Device) program and also only considered plans with access to LTE data.

SmartPhone plan < $10/Month on Verizon LTE

After doing some research and asking questions on HowardForums I finally settled on TracFone, which offers a great plan for light to moderate Android users.  Looking at Kris’s past usage over the last 2 years TracFone (at today’s pricing) would have averaged $7.82/month!  This is for a full SmartPhone service that includes voice, texts, MMS, and data on Verizon’s LTE network. If we use it more we pay more, if we use it less we pay less.

TracFone is very confusing actually–the idea is you buy an airtime card or refill plan (25+ to choose from!) which gives you one or a combination of voice minutes, texts, megabytes, and service days.  There are six types of cards you can buy–for the most part they provide the same service just with a different way and frequency of paying for them.

TracFone Airtime Cards

tracfone_triple_paygo

TracFone 400 minute card

  • 1-year cards.   Provides 365 days of service.  For SmartPhones the face value of the minutes triples, and also provides an equal amount of tripled megabytes and texts.  So a 400 minute 1-year card provides 1200 minutes AND 1200 texts AND 1200MB (Could this be any more confusing?)
  • Pay As You Go Cards.  Provides 90 days of service.  For SmartPhones the face value triples and you get an equal amount of minutes, megabytes, and texts just like the 1-year cards.
  • Auto Refill.  Provides 30 or 90 days of service.  For SmartPhones the face value triples and you get an equal amount of minutes, texts, and megabytes like the 1-year and Pay As You Go cards.  These can be set to auto-renew every 30 or 90 days.  I should note that they won’t auto-renew when you run out of something.  They just renew every x days.
  • SmartPhone / BYOD cards.  The face value does not triple on these cards.  Provides 90 days of service along with the minutes, texts, and megabytes printed on the card.  These cards are cheaper in terms of minutes and texts, but contain a little less data and only 90 service-days.
  • Monthly Value.  Same as auto refill but refills monthly instead of every 90 days…except for the 30 day auto-refill card.
  • Data only, Text only, and Service only cards.  Then there are individual bucket options–you can purchase data, texts, and also pay to extend service.  The only bucket you can’t purchase by itself is voice minutes.

tracfone_smartphone_only_plans

Warning: I should also note, that some cards say “Double” but they are actually a worse deal.  As far as I can tell the 1-year 800 double minute card doesn’t double or triple on a SmartPhone but it costs more than the 400 minute card!  Also, bonus codes don’t work with SmartPhones–probably because tripling the value is already a great deal.  Also, if you use the monthly-value or auto-refill I’d suggest buying a buffer of at least 30 days airtime in case the refill or renewal fails.

All of the buckets on the cards: minutes, texts, and megabytes never expire.  They carry over and stack with each other.  So if you buy two 90 day cards your service end date will get pushed out 180 days. One great thing about TracFone is if you don’t use up a the units in a bucket you get to keep it–essentially let it rollover forever as long as you don’t let the service lapse.  You can build up your minutes, texts and data and keep them forever as long as you keep extending the service–which you can do by extending the service online for $50 to push the service end date out a year or by purchasing a card with service days on it.

I listed out the TracFone cards below and roughly calculated their value efficiency (far right column).  You can download my TracFone Pricing Spreadsheet (LibreOffice / OpenOffice format but it should open in Excel as well).  I make no guarantee to the accuracy of the spreadsheet.  I used the prices from TracFone or Ebay (whichever was cheaper).  Screenshot below:

tracfone_pricing2

Surprisingly the larger cards aren’t always the most efficient.  However, they /might/ be depending on your usage (see below).

I calculated the value based on the cheapest way one is able to obtain units in that bucket.  The cheapest way to acquire data is 4GB for $50, texts are 1000 for $10, Service is 365 days for $50.    It’s kind of tricky to value minutes, but the cheapest way of obtaining them is the 1-year 400 plan for $85 (if the card is bought off eBay) so after subtracting the value of the other buckets that leaves the value of a minute at $0.007.  This gives us:

Cost per Month: $4.17
Cost per MB = $0.0125
Cost per text = $0.01
Cost per minute = $0.007

tracfone_value

On the Value tab of the spreadsheet I also added a multiplier.  The reason is some people may not ever use very much of a particular bucket so you can set that multiplier to zero to rank cards that favor that bucket lower on the Value Efficiency column.  Likewise you may at times find yourself with an excess amount in a particular bucket.  For example if your service-end date is 3 or 4 years into the future you don’t get much value purchasing service days so you can set the Service multiplier to 0 (or maybe 0.5 if you still want to give it some value) to lower the value efficiency of that bucket (which would make the SmartPhone plans or Pay As You Go more attractive than the 1-year plans).

This is not an exact science, but close enough for me to help decide on which card to purchase.

(also, I found a similar spreadsheet that Hands Henderson maintains on Google Sheets.  He will likely keep his more up to date.)

Cell Phone Taxes, Fees, and Surcharges

Cell Phone Taxes and Fees

One thing I should note is if you buy the TracFone Cards through TracFone’s website you’ll also pay taxes, fees, and surcharges.  If you’re in a high tax state You can save some money purchasing the airtime cards from other sellers such as Ebay (just make sure you use a reputable seller and complete the transaction through a safe method like PayPal).  Some sellers on eBay will email a pin number to you within an hour of purchase.

Okay… how is this better than a regular cell phone plan?

Because, a regular cell phone plan is a “Use it or Lose it” model.  You pay for a bucket of minutes, texts, and megabytes (sometimes for an unlimited bucket).  In practice you have to choose a bucket based on your maximum usage in a month to avoid a service cutoff or overages.  But anything you don’t use is lost.  Generally for heavy users you’re better off with an expensive monthly plan, but for light users pay for what you use makes perfect sense.

Analyzing the last 2-years of usage

Phone Usage Last 2 Years

One thing to note is the peak data usage was just over 1GB, and data usage comes close to the 500MB threshold regularly enough that the minimum monthly use it or lost it plan we could comfortably get away with is one that provides 1GB of data.

What-If  — Running Cost Analysis Over 2 Years With Various Providers

I looked at several wireless providers (also included Ting for Comparison).

  • Ting (Sprint MVNO).  Pay for the bucket you fall into.
  • TracFone (Verizon/AT&T MVNO) – Prepaid with rollover.
  • PagePlus (Verizon MVNO) – $29.95/month for 1GB data, 1500 minutes, unlimited texts.
  • Verizon Prepaid – $45/month for 1GB data, unlimited minutes/texts.
  • Project Fi (Sprint/T-Mobile MVNO)  – $20 + $0.01/MB.  Unlimited minutes/texts.  Fi would likely still have the same coverage issue at our house but it can also work on WiFi.

If I took the last ~2 years usage and put it on either of these plans at today’s pricing this is what the total running cost would be:

Total Cost Analysis Over 2 Years - Ting, TracFone, PagePlus, Verizon, Project Fi

I excluded government cell phone fees and taxes, depending on the state you live in this can be a significant portion of the cost.  Currently it is possible to purchase TracFone and PagePlus cards without having to pay taxes.  With Ting, Project Fi, and Verizon Prepaid you won’t have an option to avoid the tax. (Interesting to note how closely Ting and Project Fi are matched in price for one device.  For multiple phones Ting would pull ahead).

Also, I didn’t include the time-value of money.  On a pre-paid service like TracFone you’re probably pre-paying anywhere from a few months to a few years in advance depending on how much buffer you want.  However, the ROI is so quick (usually within 3-4 months) that the value lost pre-paying is trivial next to the cost savings.  There is also additional risk with pre-paying–for example, if you for some reason need to cancel service with TracFone you’ll lose any airtime that’s been purchased in advance.  Once again the ROI is fast enough I don’t think it’s an issue.

Monthly Price Variance

Price consistency almost never pays…

monthly_price_variance3

A light user that uses around 100MB, 100 minutes, and 100 texts / month will pay $85/year or $7.08/month on TracFone.  A moderate user averaging 600 minutes, texts, and MB will pay $290/year, or $24/month.  When you start averaging above $30-40/month on a consistent bases is probably the point it would make more sense to switch to a Use it or lose it model like PagePlus, Red Pocket, or Selectel Wireless.   It’s hard for me to see how people would use their phone that much though… 600 minutes is 10 hours on the phone every month!  I’m not sure my ear would be able to handle that much talking.  Certainly I can see using that much one or two months out of the year.  And that’s a great usage scenario with TracFone–it doesn’t matter if you use up $80 worth of service in a month–what matters is your average usage over long periods of time.  That’s where you will save over Use it or lose it plans.

Hotspot with TracFone

This seems to work fine.  The Nexus 5X will Hotspot without checking for a subscription on TracFone (unlike Verizon UDP plans which charge an additional $20/month hotspot fee).

Coverage

TracFone partners with several networks, including Verizon Wireless and AT&T.  I opted to use Verizon’s network because of the better coverage in rural North Idaho.

TracFone Verizon BYOP Coverage Map

TracFone has a few limitations–it does not roam outside of Verizon’s network, and also there is no international roaming.  If you’re a frequent traveler outside the U.S. or in an area with poor Verizon coverage this wouldn’t work well.

Voice / Texting / MMS / Data / Shortcode messaging.

Voice, Texting, MMS, and Data all seem to work great.  There is a feature called short-code messaging that TracFone does not support.  I guess if you watch ridiculous shows on TV you can text to a number to vote or something of that nature.  If you like to do that this isn’t for you.

Google Voice Integration  / Conditional Call Forwarding

I don’t like normal voicemail, I prefer to have VM transcribed  so I use Google Voice for this.  Verizon’s Call Forwarding codes worked fine.  *71yourgooglevoicenumber sets your phone up to forward to Google voice if you’re on the phone, reject a call, or don’t answer.  This works as expected.

Website.  The horror

The TracFone website is really not that great.  It’s slow, you can’t do basic things like port a number in.  And often when you try to do something it errors out.

Support

I had to engage support to port Kris’s number to TracFone since their website couldn’t do it.

They have a chat support on their Facebook page (fortunately doesn’t require a Facebook login) or an 800 number.  800-367-7183.  The chat often was down but I was always able to get help on the phone.  One thing I do like about support is if they need to escalate to another person the original person stays on the line with you (at least that was the case for me).

I found support pretty helpful but not as informative about the processes as they could have been.  However, support was polite and always got things moving in the right direction.  One thing support didn’t inform me of is when porting a number in to replace an existing TracFone number the airtime gets wiped out (I was suspicious that this may happen so I bought a very cheap airtime card to test with).  After the port completed successfully the phone wasn’t working and support told me we needed to wait up to 48 hours—however it wasn’t working because of lack of airtime.  My assessment of TracFone support is that if you need hand-holding or will get upset over a glitch this isn’t the best service.  If you have patience you should be okay.

BYOD (Bring Your Own Device)

TracFone has a great BYOP program.  I activated with a Nexus 5X and it was simply a matter of activating with the instructions in the SIM card kit.  It was up and running in minutes.  The only reason I needed to involve support was I wanted to transfer Kris’s old number in.

ESN Number Issues with Carlos Slim

Carlos Slim owns a lot of pre-paid wireless MVNOs.  One issue is all of them share the same database–so if you activate an ESN number on TracFone it will be impossible to move it over to some of the other Carlos Slim owned MVNO provider (if you should ever want to move in the future) because it gets locked to that MVNO in their system.  However, because this is 4G LTE, the Sim Card will be used to activate the correct ESN on Verizon’s network, so if you have an old or broken Verizon Wireless phone you can provide TracFone that ESN instead of the ESN for your SmartPhone.

Getting Started

tracfone_sim_card_kitYou’ll want to buy or have a Verizon phone that will work.  I bought the Nexus 5X (read my review of it here).

Second, pick up a TracFone 4G LTE CDMA Activation kit (the 4G LTE without CDMA activation kit is for AT&T’s network).  You can buy it from TracFone or you may find it in a store like WalMart.  I followed the instructions that came with the activation kit.

 

 

Making sure you don’t run out

You don’t want to run out of a bucket or that particular service will stop working.  I really don’t want to babysit this, and I want plenty of units available in case they’re needed.  So to get started I purchased a 400 minute 1-year card off Ebay.   I setup a reminder to check the TracFone balance once a quarter (every 3 months) and if it falls below a certain threshold (say 800 minutes, 800 texts, and 1000MB) I’ll purchase the appropriate Airtime card to refill the balance and extend out the service-date.  I don’t mind pre-paying years in advance–compared to a $30/month plan (which is really the next best price on a Verizon MVNO).  Even paying a year in advance still has an ROI that beats the monthly use it or lose it plans at 3 months.

Final Thoughts

Beware of little expenses. A small leak will sink a great ship. – Benjamin Franklin

TracFone is a very affordable service for light and even moderate SmartPhone users who have the patience to figure things out.  Also, it’s easy to make mistakes on TracFone (like buying the 800 minute card that doesn’t triple)–if you’re the type to get angry over losing a few dollars over glitches and stupid policies this may not be the plan for you.  TracFone users will also need the  discipline to check on the  account every quarter or so to make sure they have plenty of airtime and service left before reaching the expiration.  If you can deal with TracFone the cost savings are well worth it.   Consider a $60/month plan, a $30/month plan, and TracFone at $10/month.  Look at it over a 2-year period.  The first plan will run $1,440, the second $720, but with TracFone only $240!  It’s hard to beat that pricing!

With T-Mobile shaking up the wireless industry, Google Fi introducing a service that spans across multiple networks, and Ting offering great auto-adjusting bucket plan the wireless industry is finally starting to get competitive.  For the consumers this is nothing but great news and I hope that we’ll see more improvement to infrastructure and pricing in 2016.