Modernizing Authentication — What It Takes to Transform Secure Access
Date: 12/14/2017 @ 1 p.m. ET
Have you seen my PDA?
I have a confession to make... I'm really hard on personal electronics. In just over two years, I have eliminated two pagers, three cellphones and two PDAs. I lost a pager to a toilet and another to a sewage treatment plant (don't even ask about that). I left a cellphone on a train, and I sat on a PDA.
I have been fortunate, though. While the data was lost to me forever, with the exception of the cell phone, information on these devices wasn't recoverable by anyone else, either. Plus, I subscribe to the back-up-early-and-often theory, and so rebuilt my ''memory'' without too much aggravation.
Of course, there was the small issue of explaining to my boss why I needed another pager... especially that second time.
We rely ever more heavily on electronics to provide us records, note-taking space, contact information and scheduling services on a minute's notice and in any location. We use them for impromptu pictures of things to be dealt with later, and we download pages of data we'll need soon and quickly.
So we all cringe when someone in the office says, ''Have you seen my PDA?'' We know the poor guy already has scoured the house, the car (both of them), the gym bag -- maybe even the diaper bag -- and the office, before exposing himself to the inevitable derision about losing his electronic mind.
There's an important consideration here. What really has been lost?
Yes, there's the inconvenience that our victim will be late or miss every appointment he's scheduled over the next three months. Unless he's backed up his data to his computer or some other device or drive, all his business contacts are gone. (Ask yourself how much overlap there is between your personal cell phone and your business contacts listed on your PDA if you don't have a business phone.) He might be able to recover personal numbers from his cell, but what about mailing addresses and birthdates of the people (business or personal) important to him?
If your PDA is like mine, it has plenty of functions that allow for sketches, notes, and other bits of trivia that go into daily business activities. Are these drawings part of the prototype for your company's ''next big thing''? Your cell phone allows you to take photos, download Webpages of company documents, and list bullets for the big memo to your boss's boss about the status of the secret project. If this goes missing, what happens then?
If you've destroyed it, as I am wont to do, it's almost OK. That data is marinating in its own juices, never to be seen again.
If you've left it behind on the train, the bus or the airplane, you can hope that whoever finds it isn't very savvy, and won't be interested in examining the contents too carefully. You could take the view that people, as a whole, are primarily good guys and you'll see it again sooner or later. Or not.
There's also the possibility that people are primarily self-motivated, and whatever benefits them most is their likely course.
This means they may call you and ask for a reward. This is a good thing. They may call your boss and offer to sell the contents back to the company. (Here's an interesting thought: would you want your boss to see ALL the content on your PDA? That might include all those appointments with the competition when you were thinking about changing jobs?) They may call the competition, and offer to sell the data to them. Or, they may choose any combination of choices.
Imagine thinking you're safe because you paid a reward for you PDA, and got it back safely. Then imagine being called into the boss' office a few weeks later to explain why the competition is going to press with the project you were directly responsible for. And maybe in the course of that conversation, your boss asks you why you met multiple times with said competition several months ago.
Let's make matters worse. Were all your usernames and passwords on the missing PDA as well? What about your bank account numbers? (Ooooh, it would be so handy for someone to have the name and phone number of your broker, along with your personal/question answer, too.)
How hard would the theft of your identity be, at this point?
I know I'm asking tough questions here, and they are questions that don't have simple answers.
The manner in which we use our PDAs is due to the need they fill in our lives. It isn't just about convenience. This is a situation we ignore at our own peril. But options are few. Recovering your own data is the simple part. Back your stuff up... somewhere.
Protecting it from others is something else entirely.
There are packages available for encrypting all the data on your PDA. They're handy and fairly simple to use. The key here is that you have a single point of failure. If you forget the password, you might as well have dropped your PDA in the lake. The data is safe from everyone... including you.
The important thing is to think about possible implications and complications resulting in the loss of any small electronic device.
When I drowned my pager, and I couldn't be ''found'' for several days, it wasn't much of an inconvenience. When I sat on my PDA and made all my information disappear, I was a little more annoyed.
Had I lost it, I would have had to change all my root passwords, my credit card accounts, and dealt with a number of other major aggravations. Now, I choose not to keep that information on my PDA. I still have all my phone numbers and addresses, for both personal and business contacts, meeting notes, appointments, schedules and deadlines on it. I back it up religiously, and when synching, I review what's outdated, or what's already been transferred or revised on my laptop or desktop system. If that information is already somewhere else, I take it off. If it's not, and should be, I make the time to move it.
In the end, I was lucky. I only had to hear comments about being an overachiever. I couldn't just drop my pager in a toilet, I had to drop it in everybody's toilet.