Friday, March 13, 2015

Protecting Your Online Identity

Have you had your online identity stolen? Had your Twitter or Facebook account compromised? Do you use the same username and password across multiple sites on the Internet? Everyday, hackers are exposing weak security practices of not only company websites but also attacking online identities, putting you at risk.
Having to remember multiple usernames, passwords and the websites used for those credentials is a problem for everyone. Some people write them on a piece of paper, a text file or spreadsheet stored on their computer, or use the same credentials across all websites. These poor password management practices greatly increase the risk to your identity. There are a number of ways to simplify the problem by utilizing multifactor authentication or using a password management application.
Multifactor authentication is best described as something you know, something you have, or something you are. When authenticating to an application you need to use two of the three before the application allows access. This is not a new concept. If you use a debit card, you use this type of authentication all the time without realizing it. When you make a purchase or withdraw money out of an ATM, you first insert your card (something you have) and then type in your PIN (something you know).
The difference between your debit card and using multifactor authentication online is the PIN changes at a particular interval, usually 60 seconds. Once that PIN has been used, and authentication is successful, that PIN cannot be reused. This prevents someone who may have seen your username, password, and PIN, so they cannot use it themselves.
Banks, social media, cloud storage companies, even Apple, Microsoft and Google have integrated multifactor authentication into their applications, as they understand how important it is. Some send out text messages to a registered cellular phone, while others provide the second factor through a smartphone app. There are other companies which will consolidate all the applications into one, saving you from having multiple smart apps which all do the same thing.
In the event a particular service does not provide multifactor authentication, there are password management applications that can help. These tools not only remember the username and password for a service, they will also generate secure passwords for you. These applications are independent of password managers which are part of a particular web browser and are encrypted. Some password management services sync passwords to the cloud so they are available on any device. There are password management services which provide "zero knowledge" to your information, so only you have access to your credentials and allow multifactor authentication when accessing your passwords from an untrusted device.
To begin, use your favorite search engine and look for both “password managers” and “multifactor authentication smartphone app.” These services are generally free or have a low monthly cost for personal use. Integrating these services with your online identity will not only streamline the authentication process, it will greatly increase the protections to that identity.