I started on my new computer at work with a simple-sounding security goal: never let anything save any passwords. My web browser is obviously the main culprit, and I also have a plugin called Vanilla that cleans up cookies - even those set not to expire - after 15 minutes, unless I am still viewing that page. But my resolve has been eroded by inconvenience, coupled with the fact that I don't actually know a lot of my passwords (they are auto-generated by KeePass).
First it was Astrid, the website I use for my action lists, because when I am trying to quickly record something to get it off my mind, I need it to be quick, and I can't spend the time opening the website, clicking to log in, then waiting for it to reload. Next came Delicious.com and Instapaper, for my bookmarklets. Again, they're supposed to be quick, no-brainer operations, but they rely on accounts, which means I would have to log in to each one when I use them. Now I've allowed Amazon to remember me, and I'm this close to allowing Google as well, because when I want to check my email or add a book to my wish list quickly, it's just annoying to look up my password rather than allowing the browser to remember it. I am less secure, but I have gained some convenience. That is the usual trade-off.
Mokalus of Borg
PS - "As secure as possible" also means "very inconvenient".
PPS - You should aim to be secure almost up to the point of noticeable inconvenience.
No comments:
Post a Comment