In a comment posted in response to that article, a reader by the screen name of "BirdDog01" supplied a foolproof solution to the video portion of that equation: put a piece of duct tape over the camera lens. Aesthetics aside, that approach is about as simple and straightforward as they come.
A video has been making the rounds lately that shows crooks installing a card-skimming device and video camera at an ATM in the U.K. (Lifehacker provides a link to the video along with several ATM-safety tips.)
The video shows several ATM users shielding the keypad with one hand as they enter their personal identification number (PIN) with the other. I've been aware of this scam for some time and consider myself a prudent, suspicious ATM user, but I never thought to cover the keypad. D'oh!
Security software from the source
Over the last 10 years, I've used about a dozen different security programs at one time or another (sometimes returning to a product I abandoned years before). Every time I installed, uninstalled, or reinstalled a security app, I asked myself why Windows couldn't keep me safe all by itself.
Microsoft's free Security Essentials is the next best thing to antivirus and spyware detection as components of Windows. (Of course, considering the legal woes resulting from Internet Explorer's tight links to Windows, Microsoft would face even more scrutiny in Europe and elsewhere if it built antivirus software directly into Windows.)
I'm satisfied with Security Essentials' set-and-forget default settings, but you can customize the program to exclude specific files and locations from its security scans, scan removable media (off by default), create a restore point before each day's scan (also off by default, thank goodness), scan all downloaded files and attachments (on by default), and monitor all file and program activity (also on by default).
Security Essentials sends information about the software it detects to the Microsoft SpyNet community. The default Basic setting reports your IP address, operating system, Web browser, and some information you enter into forms or search pages. If you choose the Advanced setting, you share more information about your system configuration and how you use the machine, but Microsoft claims the information cannot be used to identify you.
It's possible to opt out of SpyNet by editing a Registry key or adding entries to your Hosts file. The MalwareHelp.org site provides instructions for disabling SpyNet. However, this disables the program's Dynamic Signature Service, which reduces your protection against new threats. Also, remember to back up the Registry by creating a restore point before you make any changes to it.
A simple(r) password may suffice
Back in February 2008, I listed the Password Commandments, one of which is to avoid writing your passwords down--ever! Unfortunately, some companies and Web sites require passwords of 14 characters or more and use of numbers and/or symbols in addition to letters. This almost guarantees that people will have to jot down the passwords to remember them.
Another one of the Password Commandments is to use a password manager. That post recommended Siber Systems' RoboForm, which comes in free and $30 versions (the free version disables some features when the 30-day trial period expires).
I described the free LastPass password-manager Firefox add-on in a post from November 2009. LastPass also works with IE, Chrome, and other browsers, and a $1-per-month version supports iPhones, Blackberrys, Android phones, and other mobile devices.
The search continues for an alternative to passwords so complex they must be written down. According to an article by Simson Garfinkel that appeared in the MIT Technology Review last July, Microsoft researchers who analyzed the password practices of dozens of companies and Web sites found no correlation between password complexity, value of the account, and likelihood of a hacker attack.
The researchers conclude that IT and Web site administrators must strike a balance between usability and password complexity. Perhaps the long-term solution is an innovative password alternative such as the map-based system proposed by AT&T researcher Bill Cheswick at the recent New York Institute of Technology Cyber Security Conference. Cheswick's system is based on selecting a location on Google Maps or another online mapping system and then using the 10-digit longitude and 10-digit latitude to create a 20-digit password. The user need only remember the location they selected (preferably not their home or other familiar location).
Until such a system becomes practical and widely adopted, we'll continue to rely on our memory (or a password manager) to remember passwords that aren't too simple or too complex but juuuuust right.