IT security solutions typically involve trade-offs, usually in the form of trading increased security for reduced convenience or added hassle. However, not all security measures require this trade-off.
Some solutions—aside from the initial expense in time and money to set them up—require virtually no compromise in convenience. In fact, some may even make tasks more efficient or add functionality. Below are three examples.
Passwords are not elegant. To be worth anything they must be hard to guess, which usually makes them hard to remember. To make matters worse, users are often required to change their passwords on a regular basis, like every 90 days.
But the Web is the worst part. A typical user might have 15-30 user accounts that each require a password. Perniciously, most users soon tire of mentally maintaining a portfolio of unique passwords and relent to using the same password for every web site account. It has been said that the easiest way to steal passwords is to create an online service that requires a password. Whatever password a new user submits is most likely the same password for a dozen other online services.
The way to stop this wheel of pain is to use a password manager. A password manager is software that securely stores all of your passwords. Instead of having to remember 30 or more passwords, with a password manager you only need to know one—the password that unlocks the password manager.
Because so many passwords people must remember are for web sites, the best password managers integrate with web browsers. Using a password manager, logging into a website requires no thought—a simple keystroke retrieves the password from the password safe and fills in the username and password fields. When creating a new account at a website, the password manager generates a password for you so you don’t have to waste any thought coming up with a unique, unguessable password.
My favorite password manager is 1Password for OS X. It has saved me a lot of time and grief. Life is too short to manage passwords.
Full Disk Encryption
Another elegant security solution is disk encryption, which encrypts part or all of a hard disk. It is probably the most transparent security solution on this list because aside from entering in a password, the user is unaware that data is encrypted—there is almost no perceptible slow-down in performance. And, once encrypted, you don’t have to worry about losing your hard drive or protecting certain documents. All of your data are protected all of the time. I currently use PGP Desktop 9.10 for Mac.
I’ve done a lot of traveling in the last few months and so have used a lot of public Internet access points at airports, hotels, and other locations. Public Internet access points are not always securely configured. In some hotels for example, it is possible to sniff or eavesdrop on the Internet traffic of other guests at the hotel accessing the Internet. This is an easy way to collect passwords and other information.
One elegant solution to this problem is a VPN, or Virtual Private Network. The purpose of a VPN is to create a secure connection through an untrusted network to a trusted one. For example, my VPN creates a secure, encrypted connection to Georgia State University, no matter where I am in the world. All my traffic first is sent to GSU’s network, which I trust, and from there it continues unencrypted to sites I wish to access.
A VPN is elegant because once the VPN connection is established, all traffic is encrypted seamlessly in the background. You can access the Internet as you normally would, but now all of your Internet traffic is encrypted and safe from eavesdroppers.
My favorite VPN client is Shimo. Not only does it support a wide variety of VPN types, it is dead simple. Creating a VPN connection, even with CISCO VPN’s, only takes one button click. Plus, if I suspend my laptop while a VPN connection is active Shimo will automatically create a new VPN connection when the laptop wakes.