Playing the odds.
I often get questions amounting to “Will doing X make me secure?”
No matter what “X” is, it will not make you (or your computer, your accounts, your whatever) secure.
You can get more secure, but there’s no such thing as “secure” in an absolute sense.
Become a Patron of Ask Leo! and go ad-free!
Security isn't Yes/No
We want absolute security, which is unattainable. There is no best and there is no secure — there is only better and more secure. Trying to reach absolute security is an exercise in frustration. Instead, focus on being more secure, making better choices, and stacking the security deck in your favor.
Black and white is comforting
People crave absolutes.
It’s true not just for data security, but almost every aspect of life. Absolutes drive political and religious arguments, after all.
Shades of gray are more difficult. They require more thought and understanding. It’s easier to say things are one way or another.
When it comes to security,1 we need to think.
The fallacy of the best
There are plenty of comparison sites that will try to give you an answer. Be it via experience or some kind of detailed testing or analysis, products are compared and one emerges as a winner.
The problem is the illusion of objectivity. Different tests prioritize different factors. Different review sites often have biases — sometimes explicit, sometimes hidden.
And as a result, different sites give you the worst possible answer of all: a different answer than each of the others.
There is no best. There’s good. There’s perhaps even better, depending on what you’re comparing.
But there is no best.
Products love to promote best
Naturally, each product with some kind of best designation promotes the heck out of it, even though it’s ultimately meaningless.
It’s a competitive world. If product A says they rate best in some test, then it’s important for product B to respond somehow — usually with a best of their own.
Unfortunately, it only serves to confuse the average consumer. More importantly, it doesn’t help us make decisions.
In search of perfect passwords
Passwords are another realm where we want absolute security when there is none.
Yes, a 12-character password is harder to crack than an eight-character one. That does indeed make it better at preventing a particular style of attack.
But both are equally vulnerable to keylogging or provider database hacks, particularly if the provider does a poor job of storing passwords.
A long, random password is important. Without a doubt, it makes your account more secure.
But it doesn’t make your account absolutely secure.
Moving to more secure
The goal is not to be secure. There’s no such thing. A search for a black-and-white answer to a shades-of-gray question will only frustrate you.
The goal is to be more secure. The goal is to be as secure as is practical for your situation.
Aim to continually evaluate the security decisions you make to keep making more secure decisions.
And that means having a good basic understanding of the risks, the trade-offs, and the ramifications of a security issue.
The basics are a great place to start:
- Choose better passwords.
- Use reputable services.
- Use good security software.
- Don’t upload sensitive information without encrypting it.2
- Be skeptical.
Develop good habits that avoid risky behavior, identify potential pitfalls, and take ownership of your security.
Secure is an unreachable destination. But we can absolutely make decisions and take action to get us closer.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Footnotes & References
1: And politics, and religion, and a raft of other topics as well.
2: Even here, the shades of gray get even more nuanced – there’s sensitive information and there’s very sensitive information – it’s a spectrum as well. As a result, the approaches you take could easily vary, depending on how sensitive things are.