Data Security

I just got The Email from Target.

Sorry.  The Bad Guys got your name, phone number, email, and mailing address from us.  We know you hardly ever shop here and only ordered that one thing from us online years ago but, hey, we hold onto all that data. We have and now they have it.  You might want to sign up for this credit-reporting service because who know what's going to happen now.

I'm signing up and Target is footing the bill which is the responsible thing for them to do at this point. I hope its not too late as the theft of the data was weeks ago.

We all shop online because of the convenience but convenience has a cost and when it comes to computers, that cost is often in terms of security of data.  Many website that allow/force you to have an account will keep you logged into the site as a convenience to you.  Whenever you go to the site, you enter it already logged in; no password typing.  Of course, that means anybody using your computer will also enter the site logged in as you.  Spouses, kids, person who broke-in and stole your computer, whoever.

And if that site is a retailer, many go the extra mile and will automatically or upon your non-refusal (that is, by default) store your shipping information for you to make checkout easier.  Some will even offer to store your payment information to provide a one-click shopping experience.

Over the course of the past few years, Intuit, the makers of TurboTax has been offering an online version of said software.  Rather than buy a disc and install TurboTax on your computer, you go to their website and do your taxes there.  Being online, they are able to suck in a bunch of data from other online sources and save you some time from manually entering in the data yourself.  To use the software on your computer can, depending on the version you use, cost you more than the online version.

There are a broad range of attitudes and perspectives when it comes to data security.  We each have to decide what level of inconvenience we are willing to bear for a desired level of peace of mind.  But without any experience involving identity theft, it is easy to overvalue the convenience and underplay the risk.  Due to my recent experience of being hit by a car, I imagine it feels similar how I thought about insurance.  It wasn't until I was dependent on the other party's insurance and saw the actual price of emergency medical care did I realize how important insurance was. The financial side of that collision would have played out very differently if the details of our coverage had been slightly different.

I don't know what changes I am going to make in light of this personal data theft.  The data that was stolen from Target is probably enough to do some damage but pales in comparison to what a theft of my tax data would provide access to.  For the foreseeable future, I'm using TurboTax on my computer and not the online version.  With one big exception, I don't have any online retailers store my payment information and I choose to actively log in and out of accounts when I visit various sites and retailers.  The exception is Amazon.  I'm going to have to think long and hard about the convenience/security trade-off there.

I've thought about using my Mac's whole-drive encryption for my home computer.  Any computer made today has enough horsepower to run this service with virtually no loss in performance.  That would provide another layer of protection in case my computer was stolen. I'm going to have to do some more reading on it before I make a final decision.

Even though it is highly related, I don't even want to talk about passwords; that's a whole separate topic.  I'll briefly say I use the Mac's Keychain (and I've mostly been able to get my wife to do the same) and I think everybody else should too.  I've considered going one step further and using a more full-fledged password manager so that all of my passwords are a mess of un-memorizable characters but I'm not sure how that would play out in my life.  I routinely work on two computers and a mobile device and am not sure I how much of a hassle it would be.

See, convenience versus security.  Even nerds have to make choices.