It is no use saying, ‘We are doing our best.’ You have got to succeed in doing what is necessary. Winston Churchill
The indispensable element of Winston Churchill’s famous quote is the implied action: taking steps to reach a goal. (Churchill was definitely a man of action!)
In today’s often jittery environment of online security and especially password authentication, as users we’re often told what we should do and shouldn’t do, and a lot of what we shouldn’t have done, but that’s where it usually ends for most of us – well short of actually doing what is necessary.
After all the listening and head nodding (lots of nodding heads over here, Carl), we return to our own personal business-as-usual way of dealing with passwords, or waiting for the perfect security solution to come along (which is about as productive as waiting for Godot).
“I know I shouldn’t use the same password on multiple sites, but my password is so amazing that no one is ever going to crack it.”
“No one is going to break into my accounts because I’ve got nothing worth stealing in my accounts.”
“All these hacks and breaches prove that nothing I can do is going to protect me, so I’m not even going to try using strong passwords – I’m going to wait until ________________ (fill in the blank, e.g. biometrics) is implemented everywhere and then I’ll be protected.”
These are some of the arguments of actual people who have tried to convince me that there’s nothing they can do for their own security.
In a classic example of learned helplessness, they’ve convinced themselves that they are helpless in the face of hackers and so they do … nothing.
With all the news of hacks of major companies, and stories full of the next best authentication solution that’s going to replace passwords real soon, there’s a tendency to wait for the silver bullet of security.
We frequently hear requests from folks who want security now! – usually it’s people who suddenly realize that they aren’t as secure as they’d like to be. The problem with security now is that – just like dieting – security doesn’t work that way. Like dieting, security isn’t a one and done thing: security is an ongoing process.
The good news is that there is a shortcut.
That’s the shortest route to attaining online security for yourself and for those you are helping with their online security.
Security isn’t a software package, or a type of device, or a single anything. Security is a habit – just like dieting and healthy living.
More good news: none of this requires you to become a security expert! Instead of being helpless, much of your security rests with you. Security isn’t about being perfect; it’s about doing the right things (like keeping your software up-to-date) and not doing the wrong things (like clicking on suspicious links from people you don’t know).
“If you think you can do a thing or think you can’t do a thing, you’re right.” Henry Ford
You can do security.
Start doing security now.