personal website of Dan Catchpole.

Risk Management

Wrote this up a few months ago, I've updated it with some new information about multifactor authentication and some improvements to Undercover.

Undercover + 1Password + Authy = Awesome.

Recently a totally awesome internet pal (and UI/UX designer on the wildly popular PS3 game The Last of Us) had the misfortune of having her gear stolen from a car.

Total nightmare scenario, right? (she's taking it in stride, because she's cool like that)

After a chat, I offered to write up some software recommendations on how to mitigate awful situations like theft or loss through a handful of really great apps, and some might even help to recover your stuff.

Recovery

There's two (technically three, but I'll get to that later) really great pieces of software out there worth looking at that I've had experience with.

Prey

Prey is a cross-platform application that installs and runs silently on your laptop, desktop, and even Android and iOS devices. When activated, Prey kicks into gear by connecting to nearby open wifi hotspots and starts recording screenshots and webcam photos, IP information, location information (based on Wifi location). All of this data is then available through Prey's website, downloadable as a running report. It also offers functions like forcing a device to blast an alarm (helpful in finding a misplaced or hidden laptop) or completely locking out all access. Prey is an open-source application, and offers a variety of plans, including a free option, with a limited number of device installs and available reports.


Undercover

Undercover by Orbicule Software is a Mac-only recovery software. They offer many of the same features of Prey (screenshots, webcam snapshots, IP and location data) along with a few unique tools to thwart a would-be thief. Once you've reported a theft to the police, Undercover's web portal allows you to build a report consisting of the logged data that will automatically email the detective assigned to your case.

Undercover v6 has added a new feature called **Undercover Watch** that allows it to trigger it's tracking mode as soon as your computer connects to an unfamiliar wifi network or when a user logs into the Guest account (or a dummy account you create)

Keylogging & On-Demand

Keylogging can be a very helpful tool to help recover a stolen laptop. The thief, thinking they've gotten away with it, starts using their new laptop for the things people do with computers; pay bills, shop online, and waste time on Facebook. While all of that is going on, Undercover is quietly tracking every keystroke, getting you valuable info like logins, credit card info, and phone numbers, all of which can be invaluable to the police in their recovery efforts. Undercover also includes an On-Demand mode, giving you the option to monitor a thief's activities in realtime.

Plan B

Another clever tool in Undercover's arsenal is "Plan B" mode. By emulating a hardware failure (a dying backlight on the laptop) it forces a thief to either resell the laptop or bring it in for repair. At that point, the next time the laptop is booted up, the screen is locked displaying a message indicating that the laptop was stolen, and instructions on how to turn it in.


So which one should you use? If the only item you're worried about is a Mac, Undercover is an excellent pick. It's a one-time $60 for a license, vs the subscription models of several other alternatives like Prey. Orbicule, Undercover's creators, also offers recovery assistance.

If you have several devices, or a Windows or Linux laptop or desktop, Prey is a great choice. As both services have similar feature sets, it's more a matter of 'Does it work with my devices?'

Heck, if you wanted, on a Mac you can install both and have two layers of recovery protection, as the folks at 1Password suggested:


Backup Backup Backup!

Backups. Everyone thinks about getting around to making one, or maybe they have one sitting in a drawer on an external drive they haven't touched or updated in months. A good backup can make the difference between a minor inconvenience or the loss of hours of work or years of important documents, family photos, etc.

Both Windows 7 and OSX have built-in backup tools, but what happens if a thief makes off with the backup drive, or you discover your backups are corrupt or otherwise unusable?

Cloud-based backups are an excellent place to start. Most are fairly affordable. I've been very pleased with Backblaze. At $5/month per computer (with discounts for annual plans) it's a very affordable way to securely back up your entire computer. After an initial backup (best to do it over a weekend when you're away or during the week while you're at work) Backblaze monitors your system for new files and changes, and pushes them out to their storage centers. Backblaze even has a locator feature, similar to that of Prey and Undercover to help locate a lost or stolen laptop!

In the event you need your data, their site provides a file-browser-like experience for digging into specific drives or folders. If you just need a few small files, they can provide you with a downloadable zip file. Larger files or entire drives can be mailed to you on thumb drives or hard drives for a moderate fee. There's no storage limits for backups, and it's a very simple install on Windows or OSX.

The best backups are the ones you don't have to think about, which is why I feel that Backblaze (along with similar software like CrashPlan or a personal cloud alternative like Transporter) are excellent because they tend to be set-it-and-forget-it affairs. Dropbox is another option, though it's not meant to be a whole-drive backup (their plan pricing isn't the greatest, in my opinion), and is geared more toward backing up a small set of important files.


Passwords & The Rest

Most people (my past-self included) get into a terrible habit of reusing passwords. With as many different sites and services people use on a regular basis, it's hard not to fall into the trap of password reuse. This is where software like 1Password shines. By coming up with one really great, memorable, but otherwise un-guessable password, 1Password handles the heavy lifting of generating lengthy and inscrutable passwords like:

&.9q4i8x7YCcnMQ8sCMP

and keeping them safe for you. Combined with their browser extension, you can easily log in to sites with just a few keystrokes (⌘+\ on Mac). In addition to passwords, 1Password is great for storing credit card info securely (for faster online shopping) and software licenses (when you replace/recover that stolen laptop.) With cross-platform support on OSX and Windows (and a fantastic new iOS app, and Android client) and sync via Dropbox, it's one of the first apps I suggest to people who keep using password1 to get to their sites.

1Password put together a video explaining how it (and other password managers) work:


1Password Introduction


Multifactor Authentication

Multifactor Authentication (more commonly known as 2 Factor Authentication) is a way to secure your online accounts by combining two forms of authentication

  1. Something you know, like a password
  2. Something you physically have

2FA has been around for a long time in the corporate and banking worlds, but many personal sites and services over the past few years have started to implement it. Evernote, Dropbox, Google, Mailchimp, Microsoft and more are getting on the 2FA bandwagon. You can find a comprehensive list of sites that support multifactor authentication at twofactorauth.org.

Several companies have replaced the more traditional hardware token (think old-school Blizzard Authenticator) with software tokens, accessed through smartphone apps, making it easier to manage multiple 2FA-enabled accounts. Authy provides on such app. Google has their Google Authenticator app available for iOS and Android. There's also Duo Mobile, Toopher, and several others that are cross-platform. Some are using Low-Power Bluetooth to help authenticate you without even needing to enter in your authenticator one-time password.

Adding this extra layer of security makes it tougher than ever for someone to access your accounts. Think of it like adding a deadbolt to a door. That little bit of extra effort will make would-be hackers pass on cracking your account for easier pickings.


In summary, I hope this gives you some options and something to think about. You certainly can't predict something as unfortunate as theft or disaster when it comes your digital goings-on, but with software you can gain some peace of mind by knowing that even if something happens, you're prepared and your stuff is safe.

© 2010,