What’s the primary purpose of putting a lock on something? I’d argue that it isn’t to keep people from getting into that thing – it is to know when people have gotten in.

No lock is impenetrable just as no house can be fully secured. But knowing whether someone has made it inside that house is useful. You can look for stolen items and be on the lookout for an intruder that is still in your house.

A cheap lock can be picked with simple tools that don’t leave a trace. For many years, computer security has relied on cheap locks that we call passwords. A password can try to keep people out of your things but they are not good at letting you know when someone has broken them.

I read a fascinating criminal complaint today about a group that would break into people’s houses and steal their wifi passwords. The group used those passwords to use that person’s internet access for whatever purpose they needed without the activity being traced back to them as easily. The group could have easily used that password to track all the internet activity conducted in that home.

That is scary stuff and I’d bet that most people’s homes are susceptible to this attack. The default password for the wifi network is long and a pain to guess, but my internet company prints it right on the side of the router so anyone with physical access to it could easily get the wifi password.

This is scary stuff. What can you do?

If someone is inside your home, not a lot. Routers have reset buttons on them so someone can change the password back to the default one printed on the side even if you change it to something better. But that is like putting a better lock on your front door, because you’ll know that the password was changed. All the sudden, your devices won’t connect to wifi and you’ll start to wonder why. Even though you can’t stop someone from breaking in in the first place you are in a much better position than if you didn’t know they’d been there.

Just like you can’t fully secure your home, you can’t fully secure your technology. Work on finding ways to know when your security has failed so you can respond quickly.