Being organized about computer security

Decision fatigue is always a potential problem when you’re uncluttering. You can get to the point where you’ve made so many decisions that making any more seems like more than you can handle. When you find yourself at that point, it’s time to take a break.

While I’ve often read about (and had experiences with) decision fatigue over the years, I recently read about a somewhat related concept: security fatigue, defined as “a weariness or reluctance to deal with computer security.”

After updating your password for the umpteenth time, have you resorted to using one you know you’ll remember because you’ve used it before? Have you ever given up on an online purchase because you just didn’t feel like creating a new account?

If you have done any of those things, it might be the result of “security fatigue.” …

A new study from the National Institute of Standards and Technology (NIST) found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal lives.

If you give into security fatigue, you really do put your information at risk. The following are some ways to make it a bit easier to use good security:

Prioritize your important accounts

You may have heard the advice that you should never reuse passwords. But in a 2010 interview with Ben Rooney of Tech Europe, security expert Bruce Schneier indicated that might be going a bit overboard:

“I have some very secure passwords for things that matter — like online banking”, he says. “But then I use the same password for all sorts of sites that don’t matter. People say you shouldn’t use the same password. That is wrong.”

Don’t try to remember all your passwords

There are two ways to avoid relying on your memory. The first is to use a password management program. I use 1Password, but other people like LastPass, KeePass, or one of the other available choices. A password manager can store your passwords (and your answers to security questions) so you don’t need to remember them all.

If you don’t want to use a password manager, writing your passwords down can be okay, too — Schneier has actually recommended that. I’ve had my wallet stolen, so I wouldn’t feel good about keeping my list of passwords there (as he recommends) unless I did something to obscure the password, as suggested by Paul Theodoropoulos in a blog post.

But keeping a list of passwords in a file folder with an innocuous name might be fine. Or you could write them inside a random book, as another blogger suggested.

Find an easy way to choose secure passwords

There’s no total agreement on the best formula for secure passwords, but two common approaches are:

  • A long string of random characters including letters (upper and lower case), numbers, and symbols
  • A set of randomly chosen unrelated words

The first type of password is easily created using a password manager. LastPass even has a random password generator anyone can use.

The second type is created using an approach known as Diceware, which is fairly tedious. But there’s at least one website that provides a Diceware app, making it extremely simple to generate these passwords. A Diceware password like doodle-aroma-equinox-spouse-unbolted might be odd, but it’s easier to remember than something like 831M5L17vY*F. (Of course, you can just cut and paste your passwords in many cases, but sometimes you really do want one you can remember.) However, Diceware won’t work on sites that set character limits that are too short.

Treat security questions just like additional passwords

Do you provide your pet’s name as an answer to a security question? On a banking site, you might want that name to be something like Z8#3!dP47#Hx or grill-anthem-tinderbox-baguette-cosmetics. On a less important site you don’t need to be as cautious, but using your pet’s real name is still a poor idea.

3 Comments for “Being organized about computer security”

  1. posted by Lori on

    Another thing to add to my list – computer security. I guess it’s something you don’t think about until it’s too late….

  2. posted by Maryann Aguilar on

    After getting more than 5 assorted passwords, I decided enough was enough. I got a nice 5 x 7 address book, and started listing passwords as I added new sites. The pages are big enough to include security questions, date last accessed, items ordered/received e.g. gift cards or rewards, membership numbers, problems with a particular site, etc. It’s particular useful for sites not often accessed, or sign-ups that ask for odd password add-ons. Works for me!

  3. posted by Abby Conn on

    I use the first letters of the words of a quote I like, and substitute numbers or symbols for some of the letters (I have a system for this, but it’s secret!)

Comments are closed.