editione1.0.0
Updated October 9, 2023Looking at your list, it might feel daunting to get started on securing all these things. Now is an important time to learn about the 80% theory.
storyFirst, a confession: I used to be a perfectionist and completionist, and I also am a huge video game nerd. Every video game I started I would push to get 100% completion. My Pokédex in Pokémon Red was complete with 151 Pokémon. I found every Easter egg and secret ending there could be found. My goal in life was to finish level 255 in Pac-Man so I could experience the level 256 integer overflow glitch. When I started picking up more hobbies, my ability to complete games started becoming harder and harder.
Most of us probably know the experience of playing a game. You can play it from start to finish, and that represents roughly 80% of the game play. You can play again to finish up side quests and alternative paths to the ending and get closer to 100% completion, but it takes more or more time and investment the closer you get to 100%. You end up investing more time in that final sprint than you do playing the game for the first time from start to finish. And the value received is quite minimal at this point.
I try to apply that same thinking to securing everyday situations. There will be situations where you need to cover that final 20%. For example, when implementing a login function to a web application, you want to go that extra mile. But for most situations, you get the most value out of investing that first 80%.
Right now I am giving you permission to start with applying security for the areas on your list with 80% effort. When resetting your passwords to all your social accounts to unique passwords, it is OK to tackle only the accounts that come straight to memory—and perhaps forget about that old MySpace or Friendster account from the 2000s. When setting up two-step or two-factor authentication, it is OK to set up just a one-time password token generator app rather than going for a hardware security key, even though one is stronger than the other.
You can’t afford that extra 20% time. You have a business to run and other things to do, and I get that. I will tell you when there are areas where you might need to spend that extra time. For the rest of this part of the book, we’re going to look at protecting your email and devices. As you start securing the items on your list, if you promise to give it 80%, I promise to keep it practical.