Securing My Digital Identity – Part 2: Risk Assessment


It’s 2 AM. I’m sitting at my desk watching the lights blink on my broadband router. And I can’t stop wondering: Is there someone else watching? I’m reading about how to create perfect passwords and at the same time I’m wondering if I should just get a puppy to play with. Can I trust this site to do what it says? What kind of a dog should it be? I don’t trust all dogs either.

It’s a really hard world out there for a person who trusts no one. This whole idea of digital identity is getting way over of my head. I’ve been giving this project a lot of thought. I keep asking myself is this stuff too hardcore. Should I just get a tin foil hat? It has now become clear to me who is my worst enemy in the digital world. It is me, myself and I.

Ultimately, I cannot trust anything including myself. Eventually I might forget things. I might even go crazy, as happened to a good friend of mine who crypto-locked his Bitcoins in an erratic state of mind. The point is that the only valuable thing I possess are my device network interface cards, CPUs and GPUs. All the other stuff is only valuable to me, like my personal photo albums and videos. They hold little or no value to possible attackers. Except for foreign big brothers. Is it my devices or my services that I want to protect? Or both? And for what cost?

Problem with security and the missing layers

I once encrypted my Android smart phone and secured it with a PIN code of 6 numbers. Whenever I wanted to call my friend, read or send a text message, read my emails, and take a photo, I had to enter my PIN code. While on the move I consistently managed to mistype it. This became such a nuisance I eventually had to let it go.

The problem is that in the first place I did not want to secure my camera or my phone. I only wanted to lock services like email, online banking, and my two-way authentication code generator. I currently use pattern lock on a non-encrypted device.


The real problem and conclusions

“I came to realize that the best way to protect myself in the online world is to stay out of it.”

As noted earlier, I am the real problem. If I really want to protect something, it requires a lot of work and attention. And I don’t want that. I started of by clearing my laptop’s hard drive off of all personal temporary files and unnecessary stuff. I went through all my internet services and considered their real value to me. I think this whole thought process changed me in a way. It made me think what really is important to me.

  • I want to be happy. I don’t want to spend my time typing in passwords and credentials for services that have little or no real value for me.
  • My assets for hackers are my device network cards (NIC), CPUs and GPUs. I really want to secure my devices with anti-virus and security software.
  • My online banking credentials are naturally important and I should not use my credit card on sites I do not trust. Finnish banks use 2-way authentication by default. Off-line credentials that are stored in my pocket. That makes them quite safe.
  • My personal information like photographs are valuable to me and I want to backup them in a separate off-line drive. I already bought a 1TB USB hard drive. I’m thinking of getting another one for a backup of a backup. I need a device to carry with me and a device to keep safe from theft.
  • Against identity theft I am registered in most of the popular internet services. When I’m online, it’s unlikely for that to happen. I try to live my life in a way that no one has the incentive to do anything harmful to me or my loved ones.
  • My personal information and preferences are relevant only for marketer’s and foreign big brothers. I have already given up that information on my Facebook and other social media sites. That is a trade-off I have chosen to make. I need social media sites to spread the word of this blog. And a fact I rarely want to admit: I want to be seen.
  • Google and Yubico are launching U2F in 2014. That is something I’m looking forward into. I already have Yubikey NEO and I will be writing more about it later.

P.S. I am going to get a puppy next year.

Blog series: Securing My Digital Identity

  • Part 1: Preface
  • Part 2: Risk Assessment
  • Part 3: Securing My Devices
  • Part 4: Securing My Connection
  • Part 5: Passwords and Credentials
  • Part 6:  Backing Up Everything

Stay tuned for more…