I often get questions that amount to “If I do X, will that make me secure?”.
Well, no. No matter what “X” is, it will not make you (or your computer, your accounts, your whatever) secure.
You can get more secure, but there’s no such thing as absolute security.
And that confuses many.
Black and white is comforting
I know that absolutes are what people crave.
And that’s true not just for the security of their data, but in just about every aspect of life. It’s what drives political and religious arguments, after all.
Shades of gray are more difficult to deal with. They require some amount of thought and understanding of the topic at hand. It’s easier to be able to say, absolutely, things are one way or another without needing to think about the in-between.
Unfortunately when it comes to security1 we need to think.
The fallacy of ‘best’
Heck, there are plenty of comparison sites out there that will try to give you an answer. Be it via experiences, or some kind of detailed testing or analysis, products will be compared and one will emerge a winner.
The problem, of course, is the illusion that it’s all objective. Different tests prioritize different factors. Different review sites often have biases – sometimes explicit, sometimes not so much.
And as a result, different sites will give you the worst possible answer of all: a different answer than each of the others.
There is no best. There’s good. There’s perhaps even better, depending on what you’re looking for as you compare one against another.
But there is no “best”.
Products love to promote “best”
Naturally, each product that receives (or generates) some kind of “best” designation will promote the heck out of it, even though ultimately it’s pretty meaningless.
And I get that they have to. It’s a competitive world, after all. If product “A” says that they rated “best” in some test, then it’s important for product “B” to respond somehow – usually with a “best” of their own.
Unfortunately, it all only serves to confound and confuse the average consumer. And more importantly, it doesn’t help them actually make an informed choice.
In search of perfect passwords
Passwords are another realm where we keep wanting absolute security when in fact there is none.
Yes, a 12 character password is harder to crack than an 8 character one. That does indeed make it better at preventing a particular style of attack.
But both are equally vulnerable to keylogging or provider database hacks, particularly if the provider does a poor job of storing the password-related information.
A long, random, password is important. Without a doubt it makes your account more secure.
But it doesn’t make your account absolutely secure.
Move to the more secure side
The goal is not to be secure. That’s a state that doesn’t exist. A search for a black and white answer to a shades of gray question will only frustrate and disappoint you.
The goal is to be more secure. The goal is to be as secure as is practical for your situation.
The goal should be to continually evaluate what you do and the decisions you make in the light of security risks, and keep making more secure decisions.
And that means having a good, basic understanding of what the risks are, what the trade-offs are, and what the ramifications of a security issue might really be for you.
The basics are a great place to start:
- Choose better passwords.
- Use reputable services.
- Install good basic anti-malware protection and security software.
- Don’t upload sensitive information without encrypting it.2
- Be skeptical.
Basically, develop good habits that have you avoiding risky things, identifying potential pitfalls, and just generally taking ownership of your security.
“Secure” is an unreachable destination – but we can absolutely make decisions and take actions that get us closer – or further away.