Your manager is only as strong as your password and your password is only as strong as your manager. If you don’t use something like 1Password or LastPass already, you’re probably using a lot of repeat passwords–you may still. I have my own secure personal cloud password storage vault and Enigma based password manager that I built myself and I still do it, too (though, I’m working on it).
You think, “well, it’s not that important of a thing. Who cares if someone hacks my membership account to YouWillOnlyUseThisSiteTwiceInYourLife.com anyway? I only use repeat passwords on accounts I don’t care about.” But, of course, we know that’s wrong–or at least should know, or hopefully will by the end of this article.
If someone can glean even one repeated password and starts hitting every site they can to see if you’ve used the same credentials, even if they only get two or three total, they can start piecing together more than just what you have, what you’re called, or where you are, but who you are on a personal level–and that’s a problem.
Our brains are much more sophisticated than computers in both in philosophical terms and in the complexity of our data processing and storage; However, the brain still has an underlying operating system with instructions, scheduled tasks, background processes, and even a hardware abstraction layer of sorts. And this is where we must realize that we are susceptible to hacking. Exploits are abundant.
You can be hacked–and in case it wasn’t clear in the previous paragraph, I’m talking about you as a machine. You as a repetitious, gooey bag of algorithms. Attempts are being made to hack your mind and body all the time–often hundreds and thousands of times a day that you don’t even notice. And, fortunately, we win most of those battles.
Like a computer, our brains come with some level of defense. We have sufficient antivirus most of the time, a decent active firewall to stop unwanted communication, and we even come with malware detection. Have you ever thought someone was completely full of shit? Chances are that they were, and your malware detection flagged it.
The problem we have as machines is that we don’t patch up very often. Not a lot of malware definitions being downloaded. We get some updates, particularly about viruses, but only if we get a manual update–via needle interface–or catch the virus and our machine doesn’t crash.
We also occasionally rewrite our firewall rules as we observe, experience, and learn, but there are holes in the fence. Necessary routines and programs we have for beneficial reasons can be exploited. Things like kindness, empathy, sympathy, fear, love, desire, and so on. Normal programs run amuck. And unfortunately, our brain’s OEM defenses are a bit of a Jenga tower.
Like many larger networks, once an attacker is in, they often have free reign to move about the complex as they see fit–many times rewriting a few instructions as they move through your various programs and processes. It’s difficult to fight these threats and intrusions, but not impossible as long as you understand what you’re up against.
The more these attackers know about your programming, the easier it is for them to insert malware into your brain’s operating system. The more someone knows about your routines, your community circles, or your interests, the more ammunition they have for tearing down your emotional firewall. It may seem like a leap from reusing passwords to being mind-hacked, but it’s not.
Consider the immense fueling of division all around the globe presently. That isn’t manufacturer default behavior. There are zero day threats we haven’t addressed since day zero. It’s not entirely our fault. We are interdependent machines. It’s in our core programming to survive as a species just as much if not more than as an individual–otherwise, we wouldn’t generally find reproduction so very enticing.
So, how do you mitigate attacks on your brain? Well, first, we should probably try to limit the number of other machines we open communications with. One thing that absolutely isn’t in our programming is how to deal with too many connections. We were manufactured with hardware supporting much smaller networks than we currently interface with. Let’s try to keep our networks small. Not isolated from the cloud, but primarily concerned with the local area 192.168.1.0/24 or 10.10.0.128/25 if you’re into that sort of thing (you weirdo).
Next, before we assume some other machine is trustworthy to get information from, we should check with at least one third-party Certificate Authority. Too many of us are entirely too willing to get all of our driver and firmware updates from malicious sources leading to compatibility issues with other systems. This is suboptimal.
Most importantly, though, we need to be more careful about how we secure our external interfaces. Let’s not rely on “it’s not important enough to warrant another password,” or, “aw, someone already has this info, what could it hurt?” The fact of the matter is, if you’re not secure even on the most innocuous seeming sites, you’re potentially opening the door to your network by allowing your personal cloud to be compromised. You might even cause a security hole for another brain machine in your network.
It could start with reusing your hotel rewards password and end with your name being used to make puppet accounts for criminal transactions, your credit being destroyed, or someone you know being spoofed. Even if it’s just increasing daily the harassment that you or your friends deal with every time you check your email or your phone rings and you see “Spam Likely”. I know we’re all tired of that crap, and it seems too prolific to deal with legally, but we can make it harder for the attackers or at least make ourselves less susceptible to the attacks.
A little vigilance and acceptance of the minor inconveniences or “I don’t wannas” is not only a small price to pay to stay more secure in this “modern age”, it’s a necessity unless you want to avoid the internet altogether–and try doing that today… A topic for another time, perhaps. All you need is a way to keep your passwords safe and make sure you’re not reusing them. Also, making complex passwords that are easy to remember is possible, but subject for another article.
I’ll be writing more of these as time allows–and I definitely want to talk about what a secure password really is or if such a thing will even be possible in ten years time. I hope this gives you something to think about–or something to nod your head at while reading because your opsec makes most banks jealous. Whatever the case, stay safe out there!