Mario called the meeting to order at 7pm. The entirety of the meeting was devoted to Stephen Huston presenting a shortened version of a security talk he’s presented to other MUGs. Stephen brings his expertise as a private consultant specializing in FileMaker data systems.
As Stephen described it, the main problem with security is that it’s “the opposite of ease of use”, which conflicts with strong security. Ease of use typically wins out, and as a result devices will default to a less secure status, like how the iOS Camera app defaults to embedding GPS data on pictures (this is not technically correct as it prompts the user for location permission first, but most people will likely opt in without considering the potential repercussions).
On top of this, hacking for profit is a far easier prospect than it once was; Stephen asserted that anyone with $3,000 can put together a machine dedicated to fast, efficient hacking, able to generate three billion passwords per minute and quickly crack the average person’s security measures.
To combat the current state of affairs, Stephen recommends altering default security settings to better protect one’s personal information. Full details of this setup can be found at his website:
Passwords should be at least twelve characters long to prevent quick brute-force cracking, shouldn’t be a dictionary word, and shouldn’t be repeated on other sites. Password Haystack can tell you how secure any given password is if you’re having trouble coming up with one (but don’t give them your actual password!). Stephen suggested what he called a “padded password phrase”, where you shift positions of single characters in a novel phrase (e.g. “
Quilted*86Crystal” and “
Stephen doesn’t consider it a good idea to use password hints, as they’re often easier to figure out than a password itself. Security questions should be treated like passwords (using secure strings rather than actual answers to questions) for the same reason.
On top of this, he suggests creating multiple redundant backups to protect one’s data in case of theft or device loss. He follows a 3-2-1 Rule of backups: you should have three copies of your data, two of which are stored on different media (i.e. don’t store the backup on your Mac’s built-in hard drive) and one of which is kept offsite.
Stephen covered the following topics in our post-discussion Q&A:
- password management software such as 1Password can be useful if needed, but he recommended that we be aware of who’s providing them and how they’re securing the information stored
- don’t link accounts together, as the weakest link will allow entry to all linked services
- don’t save passwords in the browser, as it defers security access to the computer level
- AirPort Extreme and Time Capsule hardware from the last few years can create dual wireless networks if you want to split traffic from guests and outsiders
The meeting concluded with the traditional Board Meeting at the local Denny’s.