What techniques do you use to protect information?

Thursday, June 16th, 2011 by Robert Cravotta

The question of how to protect information on computers and networks has been receiving a lot of visibility with public disclosures of more networks being hacked over the past few weeks. The latest victims of hacking in the last week include the United States CIA site, the United States Senate site, and Citibank. Based on conversations with people about mine and their own experiences with having account and personal information compromised, I suspect there are a number of techniques that each of us use that could prove useful to share with each other on how to improve the protections on your data.

Two techniques that I have started to adopt in specific situations involve the use of secure tokens and the use of dummy email addresses. The secure token option is not available for every system, and it does add an extra layer of passwords to the login process. The secure token approach that I use generates a new temporary passcode every 30 seconds. Options for generating the temporary passcode include using a hardware key-fob or a software program that runs on your computer or even your cell phone. The secure token approach is far from transparent, and there is some cost in setting up the token.

I have only just started playing with the idea of using temporary or dummy email addresses to provide a level of indirection between my login information and my email account. In this case, my ISP allows me to create up to 500 temporary email ids that I can create, manage, and destroy at a moment’s notice. I can create a separate email address for each service. What makes these email addresses interesting though is that there is no way to actually log into the email account with those names as they are merely aliases for my real account which remains private. I’m not positive if this is a better way than just using a real email address, but I know I was worried the one time I had an service hacked because I realized that the email address that was connected to that service was also used by other services – and that represented a potential single point of failure or security access point to a host of private accounts.

One challenge of the dummy email accounts is keeping track of each one; however, because there is no access point available for any of these addresses, I feel more comfortable using a text file to track which email address goes to which service. On the other hand, I am careful to never place the actual email address that I use to access those dummy addresses in the same place.

Do you have some favorite techniques that you have adopted over the years to protect your data and information? Are they techniques that require relying on an intermediary – such as with the secure tokens, or are they personal and standalone like the dummy email address idea? Are any of your techniques usable in an embedded device, and if so, does the design need to include any special hardware or software resources to include it in the design?

Tags:

2 Responses to “What techniques do you use to protect information?”

  1. Bharath says:

    A few things I do at a personal level are -

    * I use and recommend truecrypt to encrypt entire partitions with secure data. However, this also involves passwords. This is only used when it is okay to loose data, but not okay to have it compromised.

    * Any where I write important numbers (CVV / SSN / CreditCards), I obfuscate it by writing several similar numbers with similar patterns and use simple ceasar cypher on it that I can decrypt in my mind.

    * I have scratched off the CVV numbers from my credit cards.

    * Use virtual credit cards when purchasing from HK, chinese vendors. Unfortunately AmEx does not offer this anymore :-(

  2. L.R. @ LI says:

    I am sorry to disappoint you, but the most widely used secure token vendor RSA (subsidiary of EMC) has been recently hacked, and all of the tokens it sold, hard and soft, are now considered to have been compromised.

    http://arstechnica.com/security/news/2011/06/rsa-finally-comes-clean-securid-is-compromised.ars

Leave a Reply