July 29, 2014 12:12 pm

Beware this latest digital contagion

Lisa Pollack finds the perfect answer to password paranoia but password snobbery is addictive
File picture illustration of the word 'password' pictured on a computer screen, taken in Berlin May 21, 2013. Security experts warn there is little Internet users can do to protect themselves from the recently uncovered "Heartbleed" bug that exposes data to hackers, at least not until vulnerable websites upgrade their software. Researchers have observed April 8, 2014, sophisticated hacking groups conducting automated scans of the Internet in search of Web servers running a widely used Web encryption program known as OpenSSL that makes them vulnerable to the theft of data, including passwords, confidential communications and credit card numbers. OpenSSL is used on about two-thirds of all Web servers, but the issue has gone undetected for about two years. REUTERS/Pawel Kopczynski/Files (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY)©Reuters

After a long period of incubation, I fear the boyfriend’s digital paranoia has fully infected me. It began when I started to suffer from a lingering sense of inadequacy about how many times I’d reused the same eight-character password across multiple websites. The boyfriend is a software developer and online security is one of His Things, just like sipping the same coffee for several hours while reading in a cafe is My Thing. So I knew using the same weak password over and over again was a security risk, but it’s also just as temptingly convenient as going to Pret A Manger every work day instead of making packed lunches.

Accompanying these feelings were sensations of doubt about the permissions I’d granted to apps downloaded from the Google Play store on to my smartphone. Sending SMS messages doesn’t seem like something a puzzle game should need to do and by allowing the app to do it, I may have opened the door to theft. The app’s programmers could make my phone send messages to premium numbers they’d set up. I knew I should’ve stuck with Sudoku.

More

On this story

On this topic

Lisa Pollack

The queasiness about sharing too much on Facebook is, I’ve found, the easiest of digitally paranoid problems to manage. Looking at the inaccuracy of the ads clears the feeling instantly: there’s no way I’m drinking Starbucks, I don’t want a credit card and I’m not going to adopt a child in Lambeth. It’s just ludicrous I’d want to drink coffee that tastes boiled 10 times over.

But it’s the password inadequacy that was causing the most irritation, so I resolved to do something about it. Piggy-backing off the boyfriend’s research, I downloaded a password manager. It stores all of your passwords in an online vault. The vault is only accessible by means of a single master password that, if set correctly, is so long and complicated that it makes memorising passages from The Canterbury Tales in Middle English seem easy. And while I don’t mean to imply that length is an important measurement for all things, I have observed that my master password is longer than the boyfriend’s.

The thing that makes the solution effective is that having passwords stored encourages resetting them to assorted randomly generated ones that are different for every website. That way, the boyfriend explained, if a given site has its security compromised, the damage is limited. Cybercriminals won’t be able to access my PayPal account just because they compromised AirBnB’s database, though they will be able to cancel our stay in a lovely converted barn in Somerset come winter – but surely no one is that mean?

Password managers also offer the possibility of accessorising, and I’d hate to do things only halfway, so looked into it. The boyfriend ordered a dongle to put on his keychain called a “YubiKey” while I opted for downloading an app on my phone called “Google Authenticator”. Both methodologies allow for an extra security measure known as “two-factor authentication”, but my accessory allows me to cultivate the appearance of a CIA agent rather than a janitor. The codes generated by the Google app, which are periodically entered into the password manager, self-destruct every 30 seconds, so it looks far more puckish.

While all this has soothed my password insecurity, it has had an unexpected side effect. When I see a colleague type in a seven-character password from memory, I can’t help think how quaint that is. All my passwords, except the master password, are 12-15 characters long and randomly generated. Even knowing more than a few passwords seems outdated. My level of digital snobbery has increased so much, and so rapidly, I could forgive my coffee obsession for feeling threatened.

The Heartbleed Bug, that compromised the encryption method used on about two-thirds of all websites, made matters even worse. The vulnerability, discovered in April, allowed hackers to steal information from an untold number of websites. I had stockpiled food before the famine, stored water in advance of the drought – I was found ready when the digital apocalypse arrived!

This has strengthened my resolve to digitally protect myself further. Should I consider a more secure cloud storage facility perhaps? Or install a different operating system on my phone that would allow me to download yet another app to have more granular privacy settings at my fingertips? It was then that I knew: my digital paranoia had become a chronic condition. And I fear I may be contagious.

lisa.pollack@ft.com

Twitter: @LSPollack

Related Topics

Copyright The Financial Times Limited 2014. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.

SHARE THIS QUOTE