Why is Good Internet Security Inconvenient?

"I don't want to remember too many passwords."  "I don't have anything of value in my accounts."  "The bad guys won't find me."  These are things I have heard from clients over the years and it's understandable why they might have said them. However, it's not that that they always want your stuff. The "bad guys" on the Internet have become relentless in the techniques they use to get into your accounts for their own purposes. One example is that they might hijack accounts to use them to perform nefarious or illegal activities on the Internet disguised as you. That way, it's YOUR door the FBI knocks on when they suspect that child porn is being downloaded at your home. So, it's really important to lock down your WiFi with a complex password (that's probably already done, right?) and it's extremely important to have a DIFFERENT password for each and every Internet account you have. Your online security is only as good as the weakest web site you use. If that site gets compromised by the bad guys and they find out your password for that site AND you use that same password everywhere else (or even on a few other sites), the bad guys now have a password they can try for Gmail, Amazon, Flickr, Yahoo, iCloud, etc.  

It's also important to understand the need for security questions (e.g. "On what street did you grow up?" " What was the name of your first pet?") and 2-Factor Authentication (when a code gets texted to your mobile phone) so that it's not just a password that gets you in.  Note the answers to those security questions don't have to be accurate -- you just have to remember what the your answer is. For example, if a security question asks "What was the model of your first car?" and you answer "Thursday!", that's much better than answering "Toyota" which is an easy guess. Good security is not convenient and gone are the days where just a simple password is all you need.

Mat Honan, then writer for Wired Magazine, wrote up what happened to him in 2012 when he was observing the "bad guys" hacking his accounts in real-time over a weekend. I remember this well and I was following his online posts explaining what was happening as he was going through this nightmare. His experience makes for a cyber-thriller screenplay and I strongly suggest you read it.