“I’m no good with technology” isn’t an excuse.
Foreword: skip to the end if you want to know how to fix your online security holes.
I’d like to discuss something with you all, but before I do I want to get some stuff out of the way.
I work in technology. My literal job is keeping a small slice of the Internet visible to people who want to get at the information we host. I have to deal with recalcitrant servers, strange app behaviour, connectivity and security every day. I suppose you could say I have ‘tech privilege’.
I also grew up fascinated by computers as kid. I trashed a couple by accident in my early ‘career’, back when 64Mb hard drives were de rigueur and I thought that command.com was taking up far more space than was reasonable, so I deleted it.
I still remember the days when “multimedia” computers were all the rage and being told ‘No, you can’t have one’. Over the course of five or so years, they became the standard. Ho hum.
Accelerated change
Tim Urban wrote a fascinating series of articles on AI in which he talks about the pattern in the rate of human technological advance. This pattern shapes more than just the technology available to any given generation — it also informs our collective attitudes towards it.
I want to address the growing trend of holding on to ignorance as a shield against the future.
This is a replica of one of the graphs in the article above. It roughly charts technological progress over the past 30,000 years. We’re on the cusp of the explosive growth spike today. We’re just waiting for the Singularity to happen.
However, that’s not what we’re here to discuss.
Here’s another graph.
We’re looking at the tail end of the graph, just before the Singularity. What I’d like to discuss is the growing disparity between technological advance and how humans are starting to fall behind the curve. More than that, I want to address the growing trend of holding on to ignorance as a shield against the future.
It’s too easy to use the phrase ‘Oh I’m no good with computers or technology!’, usually followed by a self-deprecating giggle as an excuse for some technical gaffe or frustration at your TV that refuses to change channels.
We all have that one relative or friend who obstinately uses that excuse any time they’re called upon to install an app on their phone or set up their TV. Mostly, we sigh inwardly and carry on.
Some of these folks didn’t grow up with the absurd tech we have now and their online presence is minuscule. The worst that will happen to them is someone might see emails from friends and occasional invites to Bingo.
What is more concerning is that there are still many people who grew up with the same tech but have been infected with the misconception that all technology is unfathomable and therefore just A Mystery. It’s those folks that are risk. Beneath the self-deprecating humour and giggles lies a genuine issue.
Change & Consequence
Over the past decade and a half, the rate of technological evolution has accelerated, but our collective attitude to technology has not evolved at the same rate.
The consequences of ignorance were insignificant for the vast majority of the population.
In the 80's and 90’s, as computers began their march to ubiquity, most people had no idea what these new-fangled gizmos were or what they could do. They were the domain of bespectacled nerds in their basements or of white-coated lab boffins typing out mystical symbols on glowing screens.
Nobody really knew what these new machines could do or indeed would do, so the prevailing social attitude of leaving the weird techno-gizmos to their acne’d overlords and pretending like they didn’t exist was validated. Computers were so ludicrously expensive and specialised that nobody felt their lives would be affected in any meaningful way.
Someone saying ‘Oh, I don’t know how these things work!’ and giving up was normal. The consequences of ignorance were insignificant for the vast majority of the population.
Over the next two decades, the staples of the Internet started to emerge into the mainstream consciousness: email, web pages, even instant messaging. People rushed to jump on the digital bandwagon and companies were only too happy to oblige the crowds with free trials, email mailboxes for the whole family, curated content and, yes, your very own ‘web space’.
Email, especially, was a novel way to communicate with friends, family and coworkers across the globe. It was a marvel of its age and helped all manner of communities grow closer. At the time, though, it was still primarily a means of communication.
The connected world
In the new millennium we saw the birth and subsequent explosive growth of portable computing, interconnected systems and, more than anything, an explosion in the number of web services which use Google or Facebook to allow users to create accounts and log in.
When Google released GMail as a beta product on the 1st of April 2004, it was far ahead of its competition in the likes of Hotmail, Lycos and Yahoo, to name a few. People flocked to it like never before.
Facebook had the same effect and no sooner has both companies realised the potential in monetising their user base and having the ability to track which sites they used, they invested heavily in the infrastructure and technology to allow users to use their services as authentication proxies to sign in, foregoing the need to even register on many sites on the web.
Many are still stuck in the mindset of seeing the likes of Google or Facebook being islands of information. Email, especially, is still seen by the vast majority as a communication tool.
Your GMail account is now much more than that.
It is, without any trace of hyperbole, the gateway to your entire online life. With access to just your email inbox, it’s trivial for a malicious actor to totally take over vast swathes of your online presence.
I’m deliberately focusing on the external services connected to your email account rather than the obvious privacy implications of having your mailbox raided. In some respects, the privacy impact is the lesser evil.
Above are just four examples of the services that access to your email could compromise. All those accounts could be swiftly taken over by the simple expedient of changing the relevant passwords and locking you out. In the case of Amazon and PayPal, this can carry real financial risk as many have credit cards and their home addresses registered there.
For many, however, a combination of a wilful disregard of and resistance to reality— think of That Relative who insists on opening every email and clicking on every link and is surprised by the malware and porn — and a belief that “It won’t happen to me — what do I have to lose?” makes them especially vulnerable.
In building ever more complex systems, we run the risk of alienating users or overwhelming them with information. While it is certainly the job of the developers making and maintaining these systems to mitigate this, it’s not going to change.
Earlier I referred to the growing trend toward wilful ignorance with regards to technological progress. Many would look at times of huge technological change, measure the societal impact and shrug it off.
- Commercial air travel allowed for greater movement of people and goods, sure, but it didn’t radically change the average person’s life.
- Radio and television allowed for propagation of new ideas and opened up whole new avenues for creativity, but the overall potential for direct impact on your personal life remains low.
- Antibiotics made it possible to survive once-fatal diseases but unless you were struck down by one and needed the drugs, you didn’t really care one way or the other.
Online technology is not like that.
In today’s increasingly connected world, opting out is not a feasible choice for many. That level of connectivity must by necessity bring with it much greater awareness of the risks that you face by exposing your digital self to an environment where coming under attack is not a random chance.
It’s statistical certainty.
Certainly, those developing the next generation of services and systems must work to make them comprehensible and design with security in mind, but there’s only so much that can be done without users doing their part.
We no longer live in a world where wilful ignorance of technology and, more importantly, online security, is not a sustainable position.
There is just too much scope, in my opinion, for genuine, life-affecting damage to result from not bothering to secure the gateways to your online life. If you’d like to find out just how many services are tied to your Google login, for instance, check out this link: https://myaccount.google.com/permissions
Likewise for Facebook: https://www.facebook.com/settings?tab=applications
Fixing the problem
It’s easy for me to sit here and talk about how everything is terrible and everything is on fire but that’s not very productive. Here are some very simple steps you can take to protect yourself online:
Good passwords
A lot starts with choosing a good password. Common words are right out. They’re very easy to guess using a dictionary attack — where an attacker tries words from a list of hundreds of thousands in the hopes that you used one of them.
Character substitution — using Pa55w0rd123 over Password123 is also not useful as most software used to attack passwords will account for this.
Instead, you can use a complex string of characters which will require a lot of guesswork, like aNA5qBLz19ffc.
One problem, though: human brains are awful at remembering nonsense like that.
A good alternative is to just revert to a passphrase with correct sentence case, punctuation and so forth. There are BEES in my pants, dawg! is easy to remember and difficult to guess, even with a dictionary attack — even if they’re all Real Words, an attacker still has to figure out what order they’re in and adding punctuation ramps up the difficulty.
Password reuse
The standard advice is to never reuse your passwords, anywhere, ever. While I agree with this up to a point, for many people it’s just unfeasible without a password manager.
Use one of those, obviously, if you can. I’ll include a list later in this section. If you don’t, though, I would invite you to do a quick risk assessment on the likely consequences of whatever accounts share the same password being breached.
If your library has online features and you reuse the same password there as you do on your obscure gaming forum account, then the impact of someone cracking that password is going to be more annoying than actually dangerous. Sure, you might have to jump through hoops to get your access restored but it’s not that big a deal in the grand scheme of things.
If, however, you use the same password for your library account as you do for PayPal or GMail or Amazon, the consequences are potentially catastrophic — from someone spending hundreds or thousands of dollars of your money to potentially taking over any accounts tied to your mailbox.
The recommended solution, though, is to just use a password manager which can generate long and complex passwords for you for each site.
- Dashlane — https://www.dashlane.com
- OnePassword — https://1password.com
- LastPass — https://www.lastpass.com
2-Factor Authentication
This is probably the most effective and immediate way to secure your online life.
2-factor authentication creates an extra barrier between someone who guesses/brute-forces/steals a password. When someone tries to log in with your credentials from a new location, they will also be prompted to enter a second password — usually a code that you receive by SMS or generate using an app — as part of the login.
Without having access to the second code, any new logins will be denied.
Instead of listing out every service that supports 2FA here, here’s a link to how to add 2FA to the most common services.
Hopefully this will have given you some ideas on how and, arguably more importantly, why you should look at technical proficiency and security awareness as less of a chore and more of a necessity.
