22 January 2007
It would be nice if there existed a straightforward security solution for every security problem in the world. Unfortunately, security is not that simple. Managing your security requires that you recognize an important point: security is not a switch
Security is a matter of degrees, and it involves tradeoffs. Perfect security doesn’t exist, but you can almost always be more secure than you are now. And once you’ve made yourself more secure, you could choose to become more secure still. That’s the matter of degrees.
Wherever you stand on the security spectrum, then, you can spend more time and more money in an effort to gain greater security. That’s why the level of security you eventually decide on involves tradeoffs. Ideally, your chosen level of security should correspond to the value of what you want to protect. For example, you should put more time and effort into protecting your bank account password than into protecting an average hotmail account (unless the account contains some really valuable information!).
How secure do you need to be?
So, if you need to make tradeoffs and can never be perfectly secure, how far should you go? How much should you spend in terms of time and money to protect yourself?
In coming to an answer, I’m reminded of an old joke that starts with two friends running from a hungry bear. The bear is closing the gap quickly. One friend turns to the other and screams, “We’ll never outrun him! What should we do?” The other shouts back, “I don’t have to outrun the bear. I only need to outrun you!”
The advice on this website follows a similar strategy (with respect to security, not bears). It provides you with the techniques you need to be more secure than average without overdoing it. As long as you are protecting the same things most other people are protecting – say, a bank account, email account, and private data on a personal computer – you need only make yourself more secure than the average person to be fairly well protected.
The reason is straightforward: Criminals trying to steal information are (usually) perfectly content to dine on the easiest prey. It turns out that you don’t need to spend an incredible amount of money and effort to be secure, because the average person spends almost none of either thinking about or acting on security issues.
That’s good news (for you, not those other hapless souls), and it should help guide your thinking about the degree of security you want and the tradeoffs you’re willing to make to get it.