We exist in an age where our lives may be read like an open book, and while many of us still believe in guarding our privacy, our habits – and our friends, too – make this nearly impossible.
As we adopt social media as a measure of our social life, we do need to also accept the reality that the more we share, the less private our personal information becomes. We post up pictures of our favourite food on Instagram, create mood boards of our favourite colours on Pinterest, publish our entire work history for all to see on LinkedIn, mark our every move on Foursquare.
And it gets worse; where birth dates were once commonly used as passwords and ATM card PINs, all it takes now to find out when your birthdate is to check your Facebook profile to see when your friends wished you happy birthday en masse (and maybe even your birth year, if someone spouts out your age as well). Of course, this means your online family and friends can potentially open up more of your key milestones in life: your wedding anniversaries, your children’s names and when they were born, and as the first of the world’s earliest social media-savvy generation transition into their golden years, even your mother’s maiden name can be sourced online.
With so much of your personal information available online, your banking or credit card information won’t need protecting; one simply needs to call your bank, verify your personal information, initiate a change of address, and have a replacement bank card sent over, PIN number and all, and… you can imagine what’s next.
The solution to protecting yourself from identity theft is painfully simple; don’t use any personal information at all. In fact, we have to slowly move away from password-less solutions or convert to using a Two-Factor Authentication (2FA) methods, as advised by the FIDO Alliances. We have to accept that technology is already so advanced that we can no longer depend on our own human brains to defend ourselves. And indeed, such is the foundation which the cyber security industry is built upon.
Password managers like LastPass and Dashlane not only provide a way for users to store multiple passwords without remembering, many also are able to generate complex passwords, thus eliminating the risk of unauthorised access to personal accounts guarded with easily attainable personal information as passwords.
But major technology providers are taking it a step further with OAuth apps and devices, which provide a second layer of authentication for high-sensitivity services such as banking and health records.
Web Servers should begin adopting Public Key Infrastructure (PKI) and 2FA solutions to provide security and an ease of mind to users, in addition to the use of username and fix password for our internet security to bring the solutions deeper into the background. When solutions become less and less obvious to the global connected population, not only creating more seamless user experiences with every step we take, but ensuring Internet users are well-protected from what is arguably the greatest threat in cyber security – ourselves.
About Shigeto Miyamoto
Shigeto Miyamoto is the Managing Director of Cyber Secure Asia. He is a business strategist and evangelist for cyber security and is a key player in the DigiCert-Cybertrust Japan partnership.