I
COLUMNS26 April 2019 _ PopularMechanics.comASKED HIM, the chief technology offi-
cer of a private equity firm that manages
hundreds of billions of dollars, about his
job. About the people he hires, the success
of Slack, building systems that work w ith
such sensitive data. At the end of our con-
versation, an admission: “I haven’t t urned
on the Gmail two-factor authentication,” he
said, referring to the feature in which you
sign into your Gmail or Apple or Dropbox
account from a new device and have to enter
a code that G oogle or Apple or Dropbox sends
you. “I should. I know I should. It’s just. Ugh.”
Of all people, an industry-top CTO
should understand the importance of dig-
ital security, and be motivated to put up
with the annoying bits. But like all of us
who’ve had to deal with Your Username
and/or Password Is Incorrect, he’s frus-
trated by how inconvenient it can be to use
these tools of convenience. The months since
we spoke have been filled with headlines
about Facebook data breaches and hackers
stealing Instagram and Snapchat accounts
from people with desirable usernames,WHY REUSING
PASSWORDS IS BAD
If a thief buys or steals one
password, he or she will then
try that password on other
accounts. As in, if your Apple ID
is [email protected] and
p@$$w0rd, the thief might
also try the same combination
for Amazon. That’s why one
company’s data breach can be
so catastrophic.usually resulting in more articles from
people like me advocating spending on a
password-management app or using two-
factor authentication. But the more I, too,
try to practice my own advice, I realize
that those are unrealis-
tic expectations. So let’s
relax those expectations
a bit, at least until better
solutions arrive.
First, the bad news:
Passwords aren’t going
away. Facial recognition
and fingerprint read-
ers make verification
faster and easier, but
biometrics will remain
shortcuts for the basic
foundation of numbers
and letters we use to convince apps and
devices that you are really you.
The two-factor authentication the CTO
mentioned adds a security layer—in the
form of your phone number, to which Drop-
box or Amazon texts a verification code—onStop Worrying
About Digital Security
Realistic advice for consumers in the
age of constant data breaches.top of a name and password. Recently,
though, criminals have been using tech-
niques to manipulate wireless carriers’
customer suppor t ser v ices to hijack a v ictim’s
phone number, gaining access to those codes
and loads more information. Those headline
data breaches can give criminals a social
security number or home address needed to
trick the person at the carrier’s call center
into thinking that the person calling is who
they say they are.
Every time a source tells me about some
new hacking technique, I’ll write a news post
about why we should all buy password man-
agers and not give out our phone numbers.
Then, I get briefly motivated to clean up my
web identity. I go through my 1Password
app, update the accounts where I’ve used the
same password, and delete my identity for
places that I no longer use, usually through
a multistep process ending in emailing cus-
tomer service. It’s a drag, and I’m far from
finished. This is coming from someone
whose job it is to do these kinds of experi-
ments. Having to change, then reenter, a
new, long Prime Video password on my T V,
phone, and laptop is a pain even when I’m
on the clock. And we expect the same from
the average 2019 connected civilian to do
this after a full day at work? And for all the
apps and devices we’ve had to activate over
the years? All those vulnerabilities? Please.
Here’s the advice I follow: List the half-
dozen or so accounts that, if you lost them,
would really ruin your day. For me, that’s
Amazon, Apple, Google, and my banks.
I’d extend that to social media accounts,
too. Come up with passwords that are sen-
tences, not single words. Push through the
confirmation emails and update them. It’s
totally fine to write them in a notebook to
keep in your desk drawer. Be stingy with
your phone number
(really). Think hard
before signing up for
any account. When you
get email from a service
you haven’t touched
in years, delete your
account right there,
on the spot.
The lessons I got
from last year were that
we can’t expect tech
companies to behave
with much accountabil-
it y, and that the “free” ser v ices they prov ide
aren’t always worth that price. Yeah, it’s
grim. But the issue is improving. And as we
get closer to a more secure digital future,
I’m going to relax my grip and try to enjoy
the benefits of connectivity as best I can.