As I mentioned last week, when I talked about Ring cameras and why NOT to buy them, some accountability for our digital security has to fall on our, the end user’s, shoulders.
Little to none of our sensitive information stored in cyberspace is completely immune to data breach. That’s horrifying, but it’s our reality. Hundreds of huge companies from Adobe to Zynga have encountered some form of data loss.
Yahoo! wins the award for most affected users in a single breach. As in ALL of their users in 2013, to the tune of around 3 billion people. Facebook has fallen victim to data loss no less than 5 times and has potentially exposed over 850 million total user’s data. Those are platforms we choose to give our information to. What about organizations that have our most sensitive personal information, you ask? Information that we never volunteered to give? Well, Equifax, the consumer credit reporting agency, was hacked in 2017 and an estimated 143 million people had their financial data stolen, so even going off the grid won’t fully ensure we won’t end up victims of a data breach.
This article from CNET states that there are 2.2 billion usernames and passwords available for free or cheap on the dark web. Chances are very good that a few of your accounts are in there. I know for a fact that mine are.
One of my email accounts is very old (probably circa 1999) and collects a LOT of junk mail so once in a while, just for funsies, I skim through them to see how many Nigerian fortunes I’m the heir to, how enormous they can make my package, or how many “hot singles” are in my area. One email caught my eye and then made my stomach turn. It not only claimed to have my password but it showed me my password for that very email account. It also claimed to have webcam footage of me watching some less-than-family-friendly videos and threatened to send this footage to everyone in my contacts list if I didn’t pay them X amount of dollars in cryptocurrency. After the shock wore off, I started doing some research on extortion emails and found an article like this one from CNBC that assured me that those emails are sent out by the thousands by people who paid next to nothing for your passwords, don’t have any video of you, and aren’t going to follow through with their threats. These idiots just want to squeeze what they can out of people with the least amount of effort.
In the age of information, we take a risk every time we set up an account online or even open a browser window, but there are steps we can take to protect our privacy and sensitive information.
Don’t give out your passwords. Loose lips sink ships.
Don’t reuse passwords between accounts. Create a unique password for every account, even if that means only altering a character or two each time. There are many password generators available to use for free on the web and both Apple and Android devices offer password suggestions natively.
Use a password keeper. They are about as safe as the internet gets. I recently began using LastPass to store my login info and have found it easy to use but, if you Google around, there are many very good managers available and most for free.
Multi-factor authentication is best.
According to Wikipedia, “Multi-factor authentication (MFA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).
“A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out.”
Large companies often use tokens as a form of MFA. Users of company-owned devices are either given a dongle that provides an authentication code or the code will be pushed to another device (such as a smartphone) and must be entered as an added layer of security. Recently, the use of security tokens has been more widely adopted.
Yahoo!, for obvious reasons, is one company that now uses a two-step verification. When logging in using a new device, they will text or call with a code that must be entered before access is granted.
This technology isn’t limited to companies, though. It’s not even that pricey. Yubico is a company that makes MFA devices for normies like you and I, and the YubiKey Security Key NFC (note: this product doesn’t work with every smartphone but Yubico has lots of options on their site) is a $27 dongle that you can either plug into a USB drive on your computer or tap with your phone to authenticate. This is a cheap and easy way to guarantee your passwords are more secure than anyone else on your block.
The bottom line is: we can’t be sure that our information won’t be stolen, but we can take (fairly simple) measures to ensure it won’t be easily taken.
If you have any further questions about online security, call us at 1 (424) 256-8541 or visit us at www.ownit.help