As long as we’ve had computers and gadgets, there’s been a tension between security and ease of use. On one extreme, there are the passwords that are so complex you intentionally can’t remember them, and emails that involve sending an encryption key to your recipients. On the other side, there’s the iPhone that you Slide to Unlock, then use to manage your email, finances, and photos from last night’s karaoke.
The middle space is hard to find. If your devices ask you to update your "virus definitions," you haven’t found it. If anyone who finds one of your devices can turn them on and start looking through files, you’re not there. Here is a guide to that promised land, culled from one geeky writer’s experience on both sides of the security quandry, and many arguments with friends and relatives about what constitutes a pain in the butt.
Lock your devices, but only when you're not home
The most basic layer of security you can add to your laptop, smartphone, or tablet is to set up a password on it, so that whenever it’s powered up or brought back from "sleep," it requires a password or PIN to be used. A very motivated and savvy thief might know of a work-around, but it often involves wiping the device entirely, saving at least your data from getting jacked. So head into your laptop or device’s settings, and set up a password or PIN that’s required to get in—from start-up, from sleep, or after a certain period of inactivity (i.e. the "screen saver passsword").
But you don’t want to enter that freaking PIN every time you just want to check your messages on your phone, right? So install an app that keeps your password off when you’re at home:
- Android: Unlock with Wi-Fi. Install it, open it, and add your home Wi-Fi network to the list of no-password-needed areas.
- iPhone: Unfortunately, turning off a passcode when you’re at home requires a "jailbroken" iPhone). If you do go the totally unofficial route, though, you can pay $2.99 and install the CleverPin app to control your passcode unlocking.
- Mac: ControlPlane can turn off your screen saver password when you're back within range of your home Wi-Fi network, among other conditions. (Thanks to Daniel Green for that tip.) And, while it’s not quite as easy as an automatic Wi-Fi unlocking, TokenLock can turn off your system password whenever you’re in range of a certain Bluetooth device (like your phone), have a particular USB device plugged in, or have an Apple Remote nearby to click and unlock (thanks to Bindu Wavell).
- Windows: Blue Presence can unlock your Windows system whenever you’re in range of your home Wi-Fi network, or your phone (thanks to Bill Clark for that tip).
Encrypt your important data (or your whole system)
Unless you’re rendering the next Oscar-winning computer animation epic on your system, encrypting your laptop’s file storage won’t slow it down too noticeably. The payoff is that it makes it much harder to break into your system, and even if someone does get in, they can’t get much off of it. If you have anything on your laptop that could get you fired if it got out, this step is a must.
- On a Mac, head to System Preferences, choose Security & Privacy, then click over to the FileVault tab to enable system-wide encryption.
- On Windows (Vista or 7), head to the Control Panel and look for the BitLocker Drive Encryption link.
Gradually upgrade and secure your passwords
Don’t take a half-day from work to change all your important web passwords that secure assorted items like email, bank data, and New York Times credentials. Instead, install LastPass on whatever browser/OS cominbation you have, and set up a very secure, actually challenging password for LastPass. Then, clear out your browser’s cookies, data, and cache.
Now, as you head around the web, and you’re forced to log into your corporate webmail, your Netflix account, and wherever else you stash your stuff, LastPass will ask to save your passwords as you enter them, and it notices changes when you make them. If your password is so weak that you feel a bit guilty, go ahead and change it while you can. Not sure how good your passwords are? Use LastPass’ "Security Challenge" to examine your passwords and see which among them is the most likely to end up causing you grief down the line. Over time, you'll develop a deep repository of secure passwords, and the only one you really have to remember is your LastPass master password.
Make sure your email provider has backups for email/phone
As odd as it sounds, most of the schemers and scammers who break into your email account don't bother to change your password and make it inaccessible. They just want to make sure they hit everyone you've ever emailed with a message about "Brand N3w Xb0xes for Che@p!!!" Regardless, you should make sure you've set up your online accounts with alternate email addresses and phone numbers, in case things go really wrong and you're in danger of losing your email, documents, and other important online stuff.
If you have a Google account—Gmail, Google Docs, Google Calendar, and so on—head to google.com/dashboard. Click the link near the top for "Manage account," then look for the "Change recovery options" link. Click that, sign in (again, sorry), and then peruse your account options. Make sure you have at least one "recovery email address" listed—whether it’s an alternate address you have access to, or a close relative’s email. Under SMS, ensure that you have your phone number in place to receive password recovery text messages.
If you get your email through Yahoo or Hotmail, log into your account, then look for a profile or account link in the upper-right corner. Make sure you have at least one alternate email address listed, and a phone number for sending recovery text messages. It takes just a minute or two, but if something ever goes wrong with one of these crucial accounts, you’ll save quite a bit of time getting things back to good.
[Image: Flickr User James Nash]