How much information should you store online? May 30th, 2008 at 5:07 pm
Putting all of your online information in one place may not be a good idea. A golden rule for financial investment is to make sure your portfolio is diversified. Diversification will protect you if one area of your portfolio does not perform as it should. What does this have to do with storing information online? I will focus on three services that aggregate data for a one stop source of information.
Earlier this week google announced the deployment of their new service that pulls all of your health information to one place under your google login. Maybe on first glance this sounds like a great idea. All of your health records, prescription information in one digital location. Lets forget for a moment the massive amount of information that google gathers everyday. Google employs the best and brightest for security but nothing is 100% secure. It only takes mistake and your information could be anywhere. Most likely the biggest threat comes from the user with poor password selection and management. Google has also teamed up with affiliates to offer a broader range of services such as faxing your health records to your doctor, managing your families health history and prescription management. All of these services linked to your google account. Is this the kind of information you want to store in one place?
How many login names and passwords do you have strung across the internet. A blog here, a forum there, bank accounts, shopping. To sign up for just about any service you have to create an account. OpenId is a movement to decrease the amount of online forms you have to fill out to create an account.
From their website
“OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience.
You get to choose the OpenID Provider that best meets your needs and most importantly that you trust. At the same time, your OpenID can stay with you, no matter which Provider you move to. And best of all, the OpenID technology is not proprietary and is completely free.
For businesses, this means a lower cost of password and account management, while drawing new web traffic. OpenID lowers user frustration by letting users have control of their login.
For geeks, OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be at their blog, photostream, profile page, etc. With OpenID you can easily transform one of these existing URIs into an account which can be used at sites which support OpenID logins.”
The way it works you sign up for an openID from a provider and instead of using a user name and password for each account you use your single openID URL to login to multiple sites. There is a great article here that sums up all the potential problems of using openID. In a nutshell this could potentially open you up to multiple types of attacks such as phishing and cross site scripting that will allow someone access to all of your accounts. By using a provider you are also telling that provider every site you access.
I think openID has some very valid applications if used properly. First by hosting your own openID URI and bypassing the providers it gives you more control. Secondly if you are using openID for fairly benign tasks like blogs and forums that do not contain any sensitive information it reduces your risk to an exploit.
Mint Personal Finance Managment
This is just one of several online financial management services that caught my eye. I’m always looking for a way to not buy another version of quicken and forever remove windows from my hard drive. The best part about this software is its free! Yep, free as in beer.
This service pulls all of your financial information to one location. It helps you budget, sends emails when accounts are low and even tells you where you can save money. The service also lets you compare your spending habits with others in the same area. It does this all online through your browser via a simple interface.
How is this free? Mint gets their revenue through affiliates that offer you savings alternatives. For example you spent “x” amount of money “here” last month, if you shop “here” instead we can save you “x” amount per month and “x” amount per year.
The problem with having all your financial information in one location should be fairly obvious. Regardless the company seems to be doing well with no shortage of users. The other side of the argument is that unless you store your financial information in some type of encrypted format on your local machine you are probably more venerable to a security problem than using a service like this. This is undoubtedly true. If your bank has a security problem they are responsible for your money. In most cases by using this service you have removed them from responsibility.
I’ll have to admit this service looks amazing but it also looks like a target. I’ll be watching them closely as my quicken software draws closer to reaching the “you must buy another version” point.
Conclusion
Have you ever seen the Life Lock commercial with the CEO driving around new york city, his SSN plastered to a billboard behind a truck? Yeah he got his identity stolen. Nothing is 100% secure and you have to weight the benefits to the risks. Google health? No way, not for me. Its just far too much information in one location and not just my health records. OpenID? Yes, I think it has its applications if done correctly although I have yet to use it myself. Online financial management? The service just looks too good for me to give it a thumbs down. My inner dork is overpowering my paranoia on this one.
Tags: Security