Security vs Convenience: The Battle for Balance

ROKKEX
Rokkex
Published in
6 min readNov 2, 2018

The internet, although we all love it, can be a very dangerous place. There’s phishing, malware, cryptolocker attacks, and really, that’s just a few of the things you should be paranoid about. Good news: you can do something about it. Bad news: doing the right thing is rarely fun.

If you’re anything like me, you’ve probably used the ever-convenient Facebook sign-in on third-party apps. Well, they just made history with a massive data breach that affected at least 50M users. The funny thing is that this really doesn’t mean apps are going to stop offering Facebook sign-in, or that a lot of people will stop using it.

As humans, there are two things we really hate: change and effort. Unfortunately, if you don’t fancy your data flying around the internet, either doesn’t put any online (which is hard to do, because even browsing leaves a lot of digital traces) or start protecting it better. Let’s talk about the semi-simple things to do that will make your account much more secure.

Security Hates Convenience. Why?

Let’s put it simply — convenience is the fun friend who’s a blast to go out with, but then she gets drunk and starts crying at 3 AM and you end up with her puke in your car. Yikes. Meanwhile, security is not somebody you’d want to have fun with, but she’s also that only friend that helped you move and didn’t even mind that your sofa weighs like, 500 pounds.

But I digress. In reality, companies who want to sell us stuff should really take a lot of blame for getting us used to overwhelming convenience. Every app and website ever want it to be extremely easy and quick for you to sign up for their service. So, they made it more convenient.

The problem is that they either a) don’t care about your security, b) care about getting your money more or c) aren’t security experts and are going with the flow. Whichever option that is, it isn’t good news for you. Sure, it super easy to sign up for everything with your already-existing Facebook or Google account, but then you’re also making the job easier for hackers.

But you’re not going to do a 180 just because you’ve read about a Facebook breach that — numerically — affected entire Spain’s population (although they’re only at 45M so there’s room for breathing). So, can you at least balance security and convenience? Well, that depends.

What’s Balance?

I feel like balance is one of the fashionable, trendy words that gets thrown around a lot these days. We talk about things like work-and-life balance, fun-and-health balance, and yet the majority of us can hardly say we’ve got it.

So for starters, you should define what’s your security-vs-convenience balance. First, you should realise you leave your data when you browse, comment, watch, or post anything. Next step is to precise which accounts are key to you: for example, that’s probably your email, your bank, and your LinkedIn. Maybe your social media, too.

Great! Now make sure that all the accounts you don’t really care about have very little valuable info on you. They shouldn’t have your personal details (name, address, main email, etc.), your credit card number, or anything similar. Delete anything that’s sensitive.

Now that you’ve got your key accounts you want to make sure nobody can access, you can start doing the dirty work. Make sure they ONLY have your necessary information. Then, update every password to a strong one (you can use this database of common passwords to see if your passwords really suck).

Do you know how I found that database that probably has 80% of your passwords? It took me less than five seconds to Google it. Do you know what else I can find in less than 5 secs? Password crackers.

Brute-force attacks still work because of people insisting to reuse the same, easy passwords. You can take a look at hashcat, for example, which is a self-proclaimed world’s fastest password recovery tool, but really, it’s a notorious password cracker.

But we talked about some semi-easy ways to secure your accounts more. Well, let’s get to it, then!

2FA: Great if You Have Common Sense

2FA, or two-factor authentication, is the concept that you should confirm your identity at least twice while logging in. The first bit is usually entering your password and the second bit is a little piece of info that you get on your second device: it can be an SMS with a code or a notification you have to tap to confirm it’s really you who’s trying to log in.

Sounds kinda easy, right? It really is — once you get used to it, you can barely notice it. But of course, there’s a catch (there’s always a catch). Enter common sense — or the lack of it. To be fair, in some cases, that may simply be the lack of good old fashioned paranoia.

Social engineering is still one of the best ways to get access to accounts and networks. So, even though 2FA makes it harder for scammers to trick you, believe me — it doesn’t get as hard as you’d like. Even smart people can fall prey to scammers who have been doing this since the dawn of the internet.

Another fun fact is that you can also bypass 2FA, although it does take some hacking skills. So, does that mean it totally sucks? Well, no. No security method is perfect, but that doesn’t mean you should just give up. The more you do to secure your accounts, the harder it is to get in — so at least try to keep the noobs away. Big-time hackers will, hopefully, focus on bigger fish.

Bad Memory Woes: How to Remember All the Passwords

We already talked about how important it is to create strong passwords. Passphrases are a new trend — basically, you should come up with a phrase that’s pretty random, but easy for you to remember.

For example, grandmascasserolewasfishy is a thing that might still haunt you, but wouldn’t be easy for me to guess (unless you keep telling people about it, in which case it’s a sucky password).

But what if you, like most people, suck at remembering passwords AND at creating good ones? Get a password manager! While again, they’re not foolproof and I can’t promise you your tool won’t get hacked, it really is so much better at creating and preserving passwords than a person. Plus, you only need to create and remember one decent master password.

Of course, do your research before you pick your password manager. You really don’t want to feed all your data to a scam program, or software that’s notoriously easy to hack, so do a quick Google search and get a tool you can rely on.

Here are some rock-solid pieces of advice on what your password should look like.

So, What Now?

Nothing. While the biggest enemy of security is a convenience, the second-biggest foe is human inertia. Changing your ways isn’t the easiest thing to do, and that’s just our nature. But if you know what can happen if you continue ignoring your security online, maybe it can become a trigger for your first steps towards noob-proofing your bank account. Fingers crossed!

At ROKKEX, we take security extremely seriously and our crypto exchange is built on ‘Security First’ principle. We want to share our expertise with the broader public for the world to become happy, safe, and wise :)

If you have any ideas and suggestions, contact us at

Website . LinkedIn . Facebook . Twitter . Telegram . Reddit . Instagram .

--

--

ROKKEX
Rokkex
Editor for

Security First! ROKKEX is a cryptocurrency exchange built by cybersecurity and fintech professionals. Start trading now! https://www.rokkex.com/