How many of you will start up your car and leave it running in your driveway to warm it up a bit before you leave? My wife does that because cold weather really bothers her arthritis; a warm car is almost a necessity. Although we hardly live in a high crime neighborhood, I ask that she at least leave it locked while it's sitting unattended, but she doesn't always do that.
Obviously leaving an unlocked car running in your driveway increases the chances of it being stolen - more so in some neighborhoods than others, but the convenience of a warm car decreases security. Even your key clicker - that handy little radio device that locks and unlocks your car - is a security problem: should you lose your keys in a public parking lot, the person who finds them can probably also easily find your car even in a large lot. The clicker makes this much easier than walking around trying keys would be.
Why am I thinking about this? It's this Security glitch exposes OS X account passwords post.
My first reaction was "Oh, so what? Physical access again. It's always physical access!. You aren't going to get my machine that easily: I have a strong password, a strong firmware password, I encrypt important files.."
Yeah, right. And then I blow it all for convenience. My worriesome encrypted files are left open and unencrypted most of the time. When I go out for "just a few hours", I don't shut my Mac down - I just put it to sleep. Even sometimes when I know that there will be no one here for a few days, yes, I shamefully leave my Mac sleeping - and don't even require a password to wake it up!
It's not that I don't have a procedure that I could follow. I do have the passwords, and they'd have some value if I'd just shut the machine off. In case of break-in, I even have a mostly broken old laptop that I keep around just so that I can leave it out as an easy swipe. I figure that if I leave it sitting at my desk, any thief will quickly grab that and not bother to look for my well hidden MacBook. I do the same thing with my box of poker money: it's transparent so that you can see it's an instantly available pile of cash and I leave it in plain sight always. At most there's a hundred dollars in there, but it might be enough that a nervous thief would just grab it and the old laptop and scurry off.. unless the thief is in the habit of reading this website, and in that case you'll want to know that I often take the MacBook with me, so you shouldn't spend too much time looking for it. Actually you shouldn't spend much time anyway: that's not much here beyond books. Lots of books, the box of poker change, that crappy old laptop: not much that's worth your trouble. Our TV's are old and bulky, we have very little jewelry.. other than the 'puters, there's not much here worth stealing.
Losing the computers would be more than annoying, so I really should be more religious about at least shutting everything off so that passwords have a chance to work. I'll really regret it if my convenience habits lead me to big inconvenience some day.
Convenience almost always lessens security. That, of course, is exactly why Microsoft has had so many security problems: their focus has been much more on ease of use than hardening security. But good security is hard. Another example is passwords: you should never re-use passwords, of course, but most of us do, at least to some extent. Even I have a "common" password I use in a lot of places that I don't think of as important. I shouldn't do that and neither should you, but we both know we're just kidding ourselves: we do it for convenience.
Well, one thing I do NOT do is let Firefox or the Mac OS X Keychain memorize any passwords. Though if I'm going to leave files open and unencrypted and the machine just gently snoring while I'm off at the gym for half the day, that's not going to help much, is it?
But it certainly is more convenient, right?
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2012-07-23 Anthony Lawrence