…and THIS is the reason that I’m just as happy my extremely non-tech savvy mother isn’t on the Internet.
I’ve got a pretty solid computer background. I started learning programming using machine language on a PDP-8 in high school. (Nixon was President.) We didn’t even have a monitor, or punch cards, we used paper tape. (Uphill both ways!)
I saw my first computer monitors at Dartmouth (25×80, monochrome), then took programming classes at UC Irvine where I was a physics major. Following graduation I worked for five years as a programmer. I’ve built PCs from the ground up, and I’ve upgraded more than I care to remember.
One of my functions for the next 25+ years was to be “the tech guy” in the office, which meant not only keeping the office computers running (hardware, software, training, upgrades, backups, the whole magilla) but also performing those tasks for the computers at my boss’ house.
If there’s a computer problem, I’m probably “smarter than the average bear.”
Today was my personal tech support day as I opened the can of worms that is the Heartbleed security flaw and the need to change passwords. What a mess!
First of all, from everything I’m seeing, now that the patches to close the security hole are being installed, you really, really need to be paying attention to the warnings and changing your passwords.
SIDE NOTE: If you want or need a simple explanation of how the flaw worked, check out today’s XKCD comic. If you want a good review of how to make a good password, read this XKCD. If you just want to be a decent and more intelligent human being, read XKCD every day.
This morning I was just going to change a couple of passwords from major sites (Google, Facebook, Dropbox) that were known to have been compromised, but were now safe. Six hours later…
Part of the time-suck was that I also was activating two-step verification where I hadn’t already done it. But once you do that, then you have to go through every stinkin’ computer you have (or at least the ones you’re using regularly) to update the password, then get an application specific password for the mobile devices, then get access verified, all the while making very damn sure that you are entering the correct password (there’s a system) and updating all of your records in case you forget one, as well as printing and filing away the emergency backup verification codes…
To me, none of this was rocket science, it’s just tedious and you have to be very meticulous. Very bad things can happen if you skip or mess up one little thing. But conceptually and practically, I’m not lost. But that’s just me. I’m well aware that I’m well above average in tech proficiency.
For folks who don’t have my background, who just want the freakin’ thing to work, this has a huge potential to leave them confused and pissed off. Which, in turn, is why so many folks have passwords like “none” or “password” or “abc123.” These folks won’t be bothering to change their passwords now when they really should. These folks won’t be making sure that they have a different password for each site.
Then I think of how my mother would react to this mess, and I shudder in terror. Mom’s not stupid at all — but she’s very inexperienced when it comes to tech. She had a cell phone, once, for a while, but receiving or sending text messages was beyond her skill set. I don’t know if she’s ever had a bank ATM card, but I suspect not. I do know that she has never had an email account. Ever. She has trouble looking up channels on the programming guide channel for her cable service. If she were to go online, it would be tough enough for her to keep track of a handful of simple, weak passwords, let alone strong passwords or the processes to change them.
So when the next security crisis comes along (and it will), or even when the consequences of this one come home to roost in a few weeks or month, more and more people will be hesitant to trust the security of the internet.
But there’s no way to not use computers or the internet if you’re in a first, second, or even a third world country. I guess in theory you could demand to be paid in cash and pay for everything you buy with cash, but even then, if your “cash paycheck” isn’t coming from some illegal and undercover activity, you’ll end up in the computer systems run by Social Security, state and federal tax agencies, and so on. How would you have a driver’s license or register a car or pay property taxes without ending up in the DMV or county assessor’s computer system? If you get sick or end up in the hospital, you’re in their system and some sort of insurance or Medicaid computer system. Get a traffic ticket? Someone hits your car?
You get the drift. I’m pretty sure even the Amish and the survivalists up in the Rockies can’t really and truly get out of the system and off the grid.
Let’s hope that the powers that be get their act together and learn a little bit from this mess. There will be another mess to follow, and more beyond that, but if we learn a little bit each time and we get a little better each time, maybe we can stay ahead of the bad guys.
In the meantime, realize that your online life has many analogies with your real world life. There are bad guys out there who want to hurt you and steal from you. The cops can’t catch them all, and sometimes the “cops” have their heads stuck where the sun doesn’t shine. You’re the first, second, and third line of defense, like it or not.
Make sure to do as much as you can to keep your cyber stuff locked up, the cyber burglar alarms armed, and the cyber watch dogs alert. If you’re going to do the equivalent of leaving your doors and windows wide open with all of your possessions out in plain sight, don’t be surprised when said possessions turn up missing.
Do it even if it is a tedious and meticulous can of worms.
We Love The Stars Too Fondly 