view all posts by Tim Bray

Not the Softest on the Block

Tim Bray Posted by Tim Bray | Tue, 07 Aug 2012
see the original posting from ongoing

We moved into our current place in early 1997 and, almost immediately, were badly burgled. Last week, Mat Honan got badly hacked. We took home-security measures and havent had any problems since. I protect my online presence, with similar results. Some lessons apply to both cases.

Home Security

Our freshly-purchased-but-old house was a security disaster waiting to happen: flimsy external doors and lots of them, no alarms, old single-glazed basement windows, you name it.

So in the aftermath, we did away with a redundant door, fixed up the rest, and went shopping for a security system. The first guy we talked to wanted to put dozens of active alarms all over the place, including on an elevated side window, because, as he pointed out, the bad guys could climb up on the side fence and (precariously) get at it. He wanted a lot of money.

The next guy proposed something much simpler at a quarter of the price. When we worried about covering all the bases he made a little speech:

Look, its like this: The bad guy goes down the back alley looking for the softest touch on the block. If youve got nice new doors and windows, and a security-system sign, he wont waste his time working around that stuff, hell go find someone who doesnt. Just dont be the soft touch on your block.

Online Security

Just like Matt Cutts says you should, Ive turned on two-factor authentication. And heres the most important thing: Its hardly any hassle at all.

Also, for every place I go on the Net, I use a strong password generated by 1Password, a different one for each. This is in sync on my Mac and Android devices, and once again: Its hardly any hassle at all. Currently, its storing a hundred or so different strong passwords.

(Of course, this shouldnt be necessary and in my current job Im trying to do away with this whole multiple-passwords thing. But were not there yet.)

Should I Worry?

When I saw Matts piece I tweeted: For me, 2-factor + 1Password = 0 worry. (Links removed.)

Almost immediately, Nelson Minar, whos a smart guy, tweeted back I have a similar setup (LastPass, not 1Password) but I still worry a lot. So, should I worry more?

Well, yeah, a bit. If there are motivated experts who really want something you can access, they may go to extreme measures: stand on the metaphorical side fence to get at your metaphorical high window.

And of course, the Mat Honan hack depended critically on social engineering and online-service loopholes. Social engineering isnt going away any time soon; but I think this will probably raise the level of consciousness among service providers.

But Im pretty sure that my online presence isnt the softest touch on the block. And that removes an amazing amount of worry.


see the original posting from ongoing

Back to top