Saturday, February 01, 2014

Getting To Know Me

It's a fine balance, this access anywhere anytime with absolute security. We want to be able balance our checkbook, invest in a mutual fund and curate our Etsy account on our phone at the supermarket, while making damn sure no one else can do it in our place. And so we layer in passwords and PINS and secret questions known only to us, securing the kingdom with personal tidbits we're sure no Edward Snoden-esque hacker would be able to ferret out.

At the same time, there's an inherent contradiction between this privacy-security thing, and living out loud through social media. It's tough to both wall yourself off from the crooks, while at the same time wanting everyone to know your take on the guacamole at Pedro's. The more you tell, the more they know, and the easier it is to pretend to be you.

Still, we think we have it all safely under lock and key. Then, whamo, Target goes and leaves the barn door open. And before you can say "Red Dot Special," one in three of us is at risk of identity theft for having bought a two-pack of deodorant. And let's be real: do I really care if the Feds get the metadata on who I called? What is far more important to me are my spending habits day after day, knowledge of which would allow hackers to use my credit cards without arousing suspicion. I can withstand a little FBI query; what I can't handle is not being able to swipe my card to buy a tank of gas.

That means that many of us are diving back into our online accounts to change the locks. Not that it's not a good idea in any case. If you're like me, a good number were set up in more innocent times, when passwords were more about preventing casual access from snoopers as opposed to preventing global fraud from international crime cartels. And so you find ones that haven't been updated since 1984, and even then it was simply "Password."

So I'm trying now to at least be a little security conscious. My passwords are longer, more random and far more involved. I use it all: letters, numbers, capitals, special symbols, Greek hieroglyphics, even things that Prince used to call himself. Now a professional will need more than the thirty seconds it used to take him to break my key; it should take him at least a minute.

I am also getting a little help from the various sites themselves. No longer is the answer to the question about my mother's maiden name sufficient to prove I am who I am. They have offered me challenge questions which are far more difficult to research, mainly because I don't remember the answers myself. What street did I grow up on? Who was my third grade teacher? What was the name of my elementary school? These arcane bits of personal trivia are not easily accessible via Facebook, and more and more frequently, my own brain.

But these days there are databases after databases out there that have old addresses and school enrollment logs going back for years. If you want to be really secure, what you need is the kind of inside dope known only to your closest friends and family, knowledge you have not shared for reasons of embarrassment or insecurity. And so at one site, I was offered as a challenge question to be asked the nickname of my first stuffed animal. Another possibility was the boy or girl I only wished I had asked out in high school. Still another was the name of the college I didn't attend but really wanted to. Not only would the right answers prove it was me, but confronting the information again and again might just take the place of years of therapy.

Soon none of this may be necessary. After all, the new iPhone has a fingerprint reader. And some others let you use face recognition to unlock them. But until all these biometric approaches take hold, we will be forced to prove who we are by simple call and response. So at least for now there's the possibility that the only thing standing between your bank account and the bad guys is the answer "Mr. Squiggles."

Marc Wollin of Bedford no longer uses "idiot" as a password. His column appears regularly in The Record-Review, The Scarsdale Inquirer and online at, as well as via Facebook, LinkedIn and Twitter.

No comments: