Simple Security Tips: from Car Registration to KeyloggersThe registration renewal for one of our vehicles arrived in the mail today. As usual, I immediately scanned the registration and modified the copy. California requires a current registration or copy to be carried in a vehicle at all times. But this presents a security breach approximately like logging onto a public Wi-Fi as administrator with no password and with a shared C: drive.

The registration has our names and address on it. Like many vehicles, both of ours have GPS units installed. Both GPS units have a “Go Home” function. Both cars have built-in garage door openers. Together, these convenience features could allow a thief to steal our car perhaps while we are at a movie, quickly navigate to our probably unguarded house either with the GPS or by looking at the registration, open our garage door, and take whatever could be loaded quickly.

Just as we can protect our laptops and tablets with some simple actions such as logging on as a user with limited privileges and using strong passwords, we can also protect our houses and vehicles with a few no-cost actions. With the vehicle registration, I erase the address on the copy and print it out. The address-free version gets stored in my vehicle. I was assured by a CHP officer that this is legal, but since I am not a legal expert, do not take my word for it. There might be a website somewhere that addresses the legality, but I am willing to take my chances because it seems like a sensible compromise. An officer can certainly get enough information off the registration number to identify the vehicle and anything about it that is needed, including my address. A common thief would not likely have access to the CHP database, so by erasing the address, I assure myself that I will attract a higher class of thief.

But that still leaves the matter of the GPS and the door opener. My “Go Home” command is set to take me to a random location several blocks away from my actual home. The random address is far enough away that the garage door will not respond to the opener. A thief could in principle drive around the neighborhood repeatedly trying to open garage doors until one opens. But that takes time and can look like suspicious behavior.

Then there is the matter of getting from the garage into the house. This is particularly important if you are going to be away for an extended period. Lock the door to the house so that even if someone can open the garage door, they would have to break into the house proper. They might do it, but again, that takes time and can draw attention to suspicious activity. BTW, opening a typical garage door by inserting a hook through the top to release the opener is trivial.

Although this has nothing to do with thieves, I always turn off the water to the house if we are going to be gone for a few days or longer. Returning home to find a flood caused by a toilet valve breaking or a washer hose bursting is not a good welcome.

So I put the doctored registration in the glove compartment and then affix the stick-on tag showing we have paid for the year. Then, just because it does not cost anything, I slash the tag several times. Since it is already stuck to the plate, this causes no harm, but if someone did try to steal my tag, it would come off in pieces. Such a theft is unlikely, but like I said, slashing the tag takes only a moment and costs nothing.

Thinking of cheap and easy ways to increase security without compromising utility can become like second nature after you practice it for a while. The techniques developed for general security can be adapted to increase computer security. Sitting in public places in such a way that other people cannot easily read your screen is something that we all should do. If I have to enter a password in a public place, I prefer to open a text file — any lengthy text file will likely do. Then, instead of entering the password by keystrokes, I find the first character in the open file, copy it, and paste it in the password window. Then I do the same for the next character and so on until the password has been created in this highly artificial way. Why bother? People with keylogger programs might be able to detect your password as you type it, but the keylogger will only know that I am copying and pasting, and might not even know that, depending of the software being used.

Another ploy that can be used for greater security in public places is to boot with a live version of Linux. One simply puts a USB stick in the laptop (which has had the boot sequence modified to give precedence to USB) and Linux will run in memory without bothering the hard drive at all. Data can be saved on the USB stick if desired.

The point of all this is to argue that thinking about security is not simply a local thing that applies to computers and Internet scammers. Thinking about security is a way of life, and if done correctly does not cost much or take much energy. Copying a vehicle registration and erasing the address is not a big deal. Re-programming the GPS to hide the home location is not a big deal. Logging on as a limited capability user in public places is not a big deal.

Coming home and finding it has been cleaned out by thieves is a big deal. Getting spurious charges on your credit cards is a big deal. Getting nasty emails from your contacts who have been exposed to a scammer because your email account has been compromised is a big deal.

Being alert to potential security gaps is a good deal.