When Bruce pipes up about consumer security I listen. In this post, he digs into a particularly irksome list of security tips. What’s interesting isn’t the bad advice, but some of the security tips that Bruce gives a “meh”.
The most interesting might be using 2FA on everything. That’s kind of been my mindset, but Bruce gives some perspective on how effective it can be. When the second factor is a text or emailed code, it does nothing to prevent a SIM swapping attack, and just adds a layer of inconvenience.
Bruce is also not really that worried about using public Wi-Fi. I have to admit, I kind of take a “do what I say, not what I do” approach to it. I’ll be the first to chide my parents if they were to check their bank account at a coffee shop. But I’ve definitely done the same thing more than once.
I think the best approach to this isn’t to rely on a rote list of tips and practices, but to always be thinking about the security implications of behavior, and how you can limit your surface area for attack.
Bruce Schneier comments:
I wouldn’t think twice about using a wall jack at an airport. If you’re really worried, buy a USB condom.
Read more at: Bad Consumer Security Advice