I was reading a brief blurb today at tcpalm.com about cell phones and other items being stolen from various phone kiosks. What arrested my mind is the following: “…cash had been stolen from the cash register, which had been forced open with a nail clipper in the key lock” [my emphasis]. I guess this is why some people confuse security measures, like full disk encryption, with “security measures,” like password?protection: the illusion of security. We’ve been conditioned to think, via our own experiences, that passwords mean security, just like locks mean security.
I’m sure you’ve all heard the stories about how locks are not really secure. If you’re like me, you nod your head in agreement. There are just too many examples where locks have failed people. The above case, obviously, but there was also the debacle about the Kryptonite bicycle locks; the ease in which Master Locks can be opened (thank you YouTube); or kicking in doors (Logan and Briscoe do a fine job in Law & Order). And yet, at the end of the day, your only protection for that door is the lock—maybe a chain. I know very little people who’ve decided to reinforce their apartment doors, or who jam a chair under the knob before going to sleep.
The locks in our everyday lives don’t really protect us, if you think about it. At best, they scream “please don’t come in / look in” with a heavy emphasis on please. The security provided by those locks is an illusion. Can you imagine if a bank decided to secure their vaults using the same technology?
Likewise, the security provided by passwords is an illusion when it comes to data security. I’ve had some people ask, well, if passwords don’t afford security, why is that my e-mail account asks for one, and more importantly, why are hackers so intent on getting mine?
My guess is it’s because that’s the weakest link. Remember, on?line e-mail accounts are powered by real computer servers. And companies like Yahoo! and Google definitely have physical security that will deter thieves trying to get into their data centers to steal the servers where your (and a million others’) data resides. It’s easier to trick you and get your password than run into a high?security area with guns blazing, literally. And trying to hack into Yahoo! and Google’s software itself is probably hard as well.
However, that’s not the case if someone’s trying to get to the data stored in your laptop computer. To begin with, the laptop’s probably physically secured behind a door; the same door that people can kick in. No security there. Secondly, the username and password on your Windows machine can be easily bypassed. Just like one can YouTube for examples on how to get past Master Locks, one can get the same information for bypassing the password prompt. Illusion of security. If you’re really looking to secure the data on your computers, you need to use some form of encryption like hard drive encryption (available from AlertBoot and others).
Let me put it this way. There are passwords, and then there are passwords, just like there are locks and there are locks. If you told me that you’re living in a converted bank vault, and use the original vault locks to secure the door, I’d hope you have a solid HVAC system—you know, so you don’t suffocate—but I would think “now there’s a safe home.” Using hard drive encryption to secure your computer’s hard drives is just like that, except the vault comes to you. No illusions; just security.