6

I have two email addresses, one for work and one for home. I have have two cellphone numbers, one for work and one for home. But I am just one individual (and only have one social security number which is something it would be inappropriate to have two of). Right now I have just one Twitter handle, just one Stack Exchange ID, etc.

From a security viewpoint, what are the benefits/drawbacks for having a single persona versus having two or more personas? Note this question has two viewpoints - from the individual's viewpoint and from the provider's viewpoint. And they might have conflicting views on which is more appropriate - single or multiple. Does the answer differ by application? E.g. might it be more appropriate on Twitter and less on Facebook or Stack Exchange?

A related question with regards to multiple personas on Stack Exchange is at https://genealogy.meta.stackexchange.com/a/1592/157 where it seems obvious to me that multiple personas is bad from the provider viewpoint.

Duncan
  • 503
  • 3
  • 11
  • 1
    @Jeff Ferland - could you provide any comments on what could be used to improve the question? I assume 'not constructive' is because it would solicit debate as opposed to the answer is not useful. How can I find out the security benefits/drawbacks to the persona issue? – Duncan Dec 14 '12 at 13:02
  • As a person who flagged it commented, "This is a great question... to write a book on." Aside from that, there isn't actually a **security** implication unless one of your persona's is upsetting mobsters, governments, etc. Providers widely vary in how they care: Twitter, for example, doesn't care how many accounts you spin up, or how many people use them. Facebook only wants you to have one account for yourself, but it isn't because of security. Then there's the question of your situation, and whether (and why) linking them might matter. I think you would simply have to be far more narrow. – Jeff Ferland Dec 14 '12 at 17:36
  • PS, this is [being discussed in Meta](http://meta.security.stackexchange.com/questions/1102/could-this-question-be-rewritten-as-a-risk-assessment/1103#1103), so you may wish to follow / chime in on that thread. – Jeff Ferland Dec 14 '12 at 17:48
  • 1
    @JeffFerland - thank you for heads up to the meta discussion and to your comment. Your comment contained the phrase 'As a person who flagged it commented' - where are those comments? I'm an old hand at security but a newbie to stackexchange so still learning the tricks of navigating the site. The reason I asked my comment was because I didn't see any comments (and still don't other than yours). Where do I look to find what else is in the comments besides what you quoted? Is it because I'm a newbie I can't see certain things? – Duncan Dec 15 '12 at 00:47
  • 1
    Duncan, great questions. Thank you for your positive and constructive attitude; it's great to see! I confess I'm not 100% sure what would be the best way to improve the question. One thought: Have you done any research or reading on this? (If so, edit the question to provide that background.) Also, can you say anything about any reasons you may have to expect there would be a security impact? I can see how there would be many other impacts, but I think it's possible that Jeff Ferland's skepticism comes down to whether there are any *security* implications. – D.W. Dec 15 '12 at 02:48
  • Duncan, I'm afraid there's no way you can see flags or the comments that appear in flags (unless a moderator reveals them, as Jeff Ferland did here). I imagine Jeff's point is not that you did something wrong by ignoring the comments in the flag, but rather his goal to help you understand his reasoning about why the question was closed, and to that end, it was helpful to quote from the text that went with the flag. – D.W. Dec 15 '12 at 02:50
  • @D.W. - wrt 'Have you done any research or reading on this': I work for a large ISP in the Chief Security Office and I am chartered with architecting our next generation security systems for our mobility enabled cloud. I have asked the same question of our security researchers but thought I'd throw it out to the wider community in this forum. We're trying to be more open and crowdsourced and I'll confess it's a different paradigm for me so I'm not very good at it. – Duncan Dec 15 '12 at 14:20
  • 1
    @D.W. - wrt 'can you say anything about any reasons you may have to expect there would be a security impact' - it seems to me more identities increases the chance of compromise while decreasing the risk of any given compromise. It also increases complexity (the bane of security, particularly where humans are involved) from the individual's viewpoint (more to keep track of) while potentially decreasing it from other's viewpoints (they get just the piece of the person they care about). It also raises the person vs persona vs identity issue which have subtle security differences. – Duncan Dec 15 '12 at 14:22
  • I've appreciated the discussion about this topic. My role is a moderator in the site is to keep things "clean" and prevent an influx of cruft in various manners. Sometimes things are obvious, and sometimes they're close to the middle and a judgement call must be made. I've seen no strong support for my closure, and some suggestion that there's good cause opening this up.Let's see what happens. Reopening. – Jeff Ferland Dec 15 '12 at 21:13

2 Answers2

4

As a systems admin & developer

I use different personas in Production and QA.. so that a script in QA doesn't go awry and inadvertently do bad things to production systems.

As a systems admin and a user

I use different personas for my day to day email activities, so that if my email account were to get virus-filled spam, or if I were to surf the web and hit with a zero day, the maximum harm that virus could do is affect things my user account has access to.

As an employee and personal user

If I were to do work-related business over a personal email account, then any legal issue my office runs into may allow them to sopena the emails in my personal account. Depending on what I say in that personal account that may be undesirable. This is especially important for FINRA-covered registered reps (for example) as any financial advice they offer or claim they make, it must be monitored by a 3rd party (such as Smarsh, or internal compliance review).

Disclaimer / IANAL

I focuses primarily on email in the above areas since that is where I work in day to day activities, but I'm also not a lawyer and don't know the local country/region laws that affect you. The stewardship that each user must maintain for separate accounts (or identities) may be ultimately defined as the amount of legal risk that the individual or company wants to take on.

Finally, the more accounts that your users use to do business in, and if that business has its records subpoenaed, then the legal costs have just increased unnecessarily. From a cost savings perspective alone (risk mitigation) then separate accounts may be warranted.

On the flip side, I have seen people use many accounts and not worry about this because it would cause undue burden on the business. I'm not sure if this argument holds water, but it has been done. I just hope those people never get sued.

Summary

Is it worth it to have many different personas? I'd say it depends on why you're doing it. Loss of data, service availability, and permission elevation would be one of many reasons to do it.

The general user should

  • Use different personas (usernames and passwords) for banking vs forums and email
  • Create a generic account that, if hacked, nothing important is lost.
  • Limit exposure with the generic account by setting up multi factor authentication (lots of good links there)
  • Create additional generic account as the risk exposure dictates
makerofthings7
  • 50,488
  • 54
  • 253
  • 542
  • See also: [How do I use Windows 7 virtualization features to prevent transitive trust of admin credentials?](http://security.stackexchange.com/q/7735/396) – makerofthings7 Dec 16 '12 at 05:54
  • 1
    See also: [Benefits and drawbacks of giving an Administrator two accounts for elevated rights and another for daily use, such as email](http://security.stackexchange.com/q/7437/396) – makerofthings7 Dec 16 '12 at 05:55
1

Multiple personas can mitigate impact of compromise of one of them. Makes you more difficult to track.

Konrads
  • 589
  • 1
  • 5
  • 15