What I Shed Today

lightening up a little at a time

outdated security practices

on April 30, 2014

A public service announcement from WIST …

Not all that long ago, I was satisfied with my internet cyber-security. I had a unique password for every account, and I never reused one. I created relatively strong keys with mnemonic phrases. (Take the first character of “The first Earth Day was held 44 years ago on 22 April 1970” and you get TfEDwh4yao2A1, which I defy anyone to simply guess.) I stored the keys and phrases in a spreadsheet without encryption, but it was kept on a home computer running Linux behind a hardware firewall. I knew that, with the inputs of more time and trouble, I could gain greater protection, but I judged that what I was doing lowered my risks enough.

In the last few months (and, I admit, if I’d really been paying attention, I’d say the last couple years), it’s become obvious that my measures were behind the times. Back when we mostly worried about computer viruses, we protected ourselves against what was essentially vandalism. It was irritating, it could ruin a day or a week (or really hurt, if you hadn’t implemented regular backups), but it was random. Now, beyond our firewalls, a very dangerous world hungers for our personal information. The thefts of Target customers’s transaction data and reports of mass filings of fraudulent tax returns point to a large class of criminals who have made computer crime their full-time jobs. They know what they’re doing, they’re cooperating, and they’re hard to bring to justice.

I’d acknowledged those facts, and said to myself that I really ought to review my measures and bring them closer to best practice, when news of the Heartbleed vulnerability broke. Nuances aside, it was best to assume that any password I’d ever used on the internet was compromised and should be changed.

This shed has no size, shape, nor weight in the world, but it’s big. I’m changing habits reinforced by daily practice over a period of years. My muscles knew my login to Google! Now I’ve installed a password safe on my computers and phone. I’m enabling two-step authentication where it’s possible and practical. I’m visiting every site where I have a record of an account, deleting those I don’t use if I can, changing the passwords to randomly generated, very strong keys for everything else.

It feels as big a waste of time as insomnia in the night, and as hard as cycling into a 20-mph headwind. I hate it. But I’ll keep at it till it’s done.

And I urge you to do the same. Because the best way to stop these crooks is for we, the herd, to make ourselves immune: install strong locks and let ’em starve out there. And insist that the corporations that have our data treat it as if we were top-tier stakeholders … which we are.

shedding style: replace

Comments welcome … keeping in mind that WIST is G-rated, what burden is computer security to you?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: