Good advice, doomed to be wasted on folks who just want a quick, easy solution that lets them move on to the next item on their To Do list…
I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.
…because who wants to spend time thinking about all this stuff:
In this article, I’ll start by examining the benefits and risks of using a password manager. It’s hard to overstate the importance of protecting the data in your password manager, and having a recovery strategy for that data, so I’ll cover that next. I’ll then present a low-risk approach to experimenting with using a password manager, which will help you understand the tough choices you’ll need to make before using it for your most-important passwords. I’ll close with a handy list of the most important decisions you’ll need to make when using a password manager.
Visiting the comment thread on the Bruce Schneier post to see just how many different ways a bunch of (presumably) bright people can devise to avoid using a password manager in favour of their own home-brewed solutions.
[Via Schneier on Security]
Geoff Manaugh opens his story about spending six months following round a professional safecracker with an image that might have been hand-crafted to get my attention:
The house was gone, consumed by the November 2018 Woolsey Fire that left swaths of Los Angeles covered in ash and reduced whole neighborhoods to charcoaled ruins. Amidst the tangle of blackened debris that was once a house in the suburbs northwest of Los Angeles, only one identifiable feature stood intact. It was a high-security jewel safe, its metal case discolored by the recent flames, looming in the wreckage like the monolith in 2001: A Space Odyssey.1
No mysterious alien structures show up in Manaugh’s story, but it’s interesting just how much demand there apparently is for a legal safecracker. Me, I’ve never owned a safe in my life and don’t have anything I’d want to keep in one if I did have access to one.2