Select Page

I came across this new word, coined by Brad Dinerman as reported in a recent article about IT buzzwords.

Combining the words “security” and “paranoia,” it means the condition of being concerned about security to the detriment of everything else. Most of us who’ve worked with computers during the last few years have encountered it – sometimes even in ourselves. And just as regular paranoia can sometimes go so far that it makes the paranoid more vulnerable instead of more safe, securanoia taken to the extreme can end up leaving your systems more likely to be attacked successfully rather than less.

A common example where securanoia often rears its head is in regard to password policies. We all know that password cracking is one of the most common ways for hackers to get into computers and networks without authorization, so it’s important that passwords be difficult to guess.

Users’ passwords should never reflect easy-to-discover information such as a spouse’s or child’s name, your phone number, your social security number, or the once-popular mother’s maiden name. In fact, strong passwords shouldn’t be real words at all, since the bad guys have software that can quickly try random words from the dictionary.

This has led many IT administrators to set up stringent password policies: no names or dictionary words, long minimum lengths (such as 14 characters), complexity requirements (must contain both lower and upper case alpha characters and numerical characters and symbols), etc. Then, for good measure, you may require that all users change their passwords every two weeks, and prohibit using the same passwords over again. In theory, this makes for passwords that are about as secure as you can get – but it fails to take into account one very important security element: human nature. By making the passwords almost impossible for users to memorize (and about the time they do finally get them memorized, it’s time to change them again), such policies may encourage those users to write their passwords down and keep them close by the computer – a security breach that completely defeats the purpose of having strong passwords in the first place.

I’m not criticizing the intent of those who want to keep their systems and networks as secure as possible; we’re bombarded every day with new stories of operating system security flaws and new viruses and attack methods, and it’s hard not to get a bit paranoid about computer security. But when our security measures start to interfere with our ability to use our technology for what we want, maybe it’s time to pull back and temper it with a little common sense.

A reader recently wrote (tongue in cheek) that “The Security People have a secret society that meets in deep dark places so they can dream up new ways to protect us from ourselves.” I’m a “security person” myself, and sometimes it even seems that way to me, too.

I live in a home with a beautiful lakefront view, and consequently, we have picture windows along the back of the house to take advantage of that view, which adds a lot to our quality of life. Now, it would be a lot more secure to put bars on all those windows, even more secure to live in an underground shelter with no windows at all, but I don’t want to go that far in the interests of security. And just as we must balance security and livability in our living quarters, we need to do the same thing when it comes to protecting our computers.

Do you suffer from securanoia? Do you know somebody who does? Are security concerns making it more and more difficult for you to get anything done on your computer? Do you think the quest for the perfectly secure system can be taken too far?

Deb Shinder, Microsoft MVP