While looking at the 'grade chart' produced by the architect of a scam designed to separate the naive from their money, it suddenly struck me that it looked remarkably like the skills and perks tree for a video game (Skyrim).
This should be no surprise of course. Video game designers and the operators of cults are both attempting to create an addictive product. Giving awards for progress is one way to persuade people to play a game long after they might otherwise become bored.
If the bad guys can use these techniques, why not put them to good use instead? A seven (or more) step program for taking personal control of your digital security.
Backups are by far and away the most important security precaution. You may be targeted by an Internet criminal but hard drive failure is a virtual certainty.
The importance of backups is something even security professionals sometimes fail to recognize. A friend of mine who was doing a system administrator gig once told me how they had 'backup all sorted out'. The process was completely automated with onsite backups being made every evening and hard drives being sent out for off site storage every week. They even audited their backups to check that they could restore information if needed.
It was a very impressive system and my friend was rightly proud. There was just one problem: He was putting all his time and effort into backing up the wrong data. Making sure that backups were done correctly was his number one priority at work, but at home it was just another item on a long list of household chores he would 'get around to sometime'.
The very worst that could happen to him if a hard drive had failed at work was that he would lose his job. That isn't good but which would you rather lose, your job or all the pictures of the children growing up, their first day at school? It really isn't a difficult question to answer.
Fortunately, there are now some reasonably cheap devices that make backing up all the digital assets in your home quite easy.
[Own your DNS domain]
Pretty much everyone agrees that username/password authentication is insecure and inconvenient. Unfortunately making the use of other schemes possible requires more than just a better alternative technology. Web sites don't want to support alternatives to username and password until they are used by a large number of people. And people don't want to spend time or effort on a wonderful new technology that nobody supports.
The problem with passwords is not just the fact that they are chronically insecure, most of the 'security measures' designed to make them safer actually end up making them worse.
Most sites require users to choose passwords with a mixture of upper and lower case with at least one numeric character. Anyone who has read the literature on this knows that all this does is to force the user who was going to use 'password' to change this to 'Password1' instead.
Public Key cryptography provides the king of authentication mechanisms.