We moved into our current place in early 1997 and, almost immediately, were badly burgled. Last week, Mat Honan got badly hacked. We took home-security measures and haven’t had any problems since. I protect my online presence, with similar results. Some lessons apply to both cases.
Home Security · Our freshly-purchased-but-old house was a security disaster waiting to happen: flimsy external doors and lots of them, no alarms, old single-glazed basement windows, you name it.
So in the aftermath, we did away with a redundant door, fixed up the rest, and went shopping for a security system. The first guy we talked to wanted to put dozens of active alarms all over the place, including on an elevated side window, because, as he pointed out, the bad guys could climb up on the side fence and (precariously) get at it. He wanted a lot of money.
The next guy proposed something much simpler at a quarter of the price. When we worried about covering all the bases he made a little speech:
“Look, it’s like this: The bad guy goes down the back alley looking for the softest touch on the block. If you’ve got nice new doors and windows, and a security-system sign, he won’t waste his time working around that stuff, he’ll go find someone who doesn’t. Just don’t be the soft touch on your block.”
Online Security · Just like Matt Cutts says you should, I’ve turned on two-factor authentication. And here’s the most important thing: It’s hardly any hassle at all.
Also, for every place I go on the Net, I use a strong password generated by 1Password, a different one for each. This is in sync on my Mac and Android devices, and once again: It’s hardly any hassle at all. Currently, it’s storing a hundred or so different strong passwords.
(Of course, this shouldn’t be necessary and in my current job I’m trying to do away with this whole multiple-passwords thing. But we’re not there yet.)
Should I Worry? · When I saw Matt’s piece I tweeted: For me, 2-factor + 1Password = 0 worry. (Links removed.)
Almost immediately, Nelson Minar, who’s a smart guy, tweeted back I have a similar setup (LastPass, not 1Password) but I still worry a lot. So, should I worry more?
Well, yeah, a bit. If there are motivated experts who really want something you can access, they may go to extreme measures: stand on the metaphorical side fence to get at your metaphorical high window.
And of course, the Mat Honan hack depended critically on social engineering and online-service loopholes. Social engineering isn’t going away any time soon; but I think this will probably raise the level of consciousness among service providers.
But I’m pretty sure that my online presence isn’t the softest touch on the block. And that removes an amazing amount of worry.