Posts

How do the RICH protect their Online Accounts?

, ,

 Watch Tech Geek Curtis Nasalbaum’s Response from the Leonard Nimoy Cruise

Every year, several of my keynote speeches are to ultra-high-wealth audiences. Because they have a lot of net worth to protect, their incentive to prevent identity theft and online fraud is on steroids. But for the average family with a normal amount of wealth, the incentive is just as important, because their wealth (albeit smaller), is just as vital to their lifestyle as it is to the wealthy.

And this isn’t just about wealth. All of us want to be able to keep hackers out of our private and often valuable online accounts, including: Gmail, Facebook, Dropbox, Twitter, Hotmail, Yahoo, banks, investment companies and all types of sensitive communications.

The answer, regardless of your wealth, is two-factor authentication (which is way too complicated a term for such a simple concept – I think the IT department named it that to ensure their job security). Two-factor authentication is also referred to as multi-factor authentication, two-step verification, 2FA and security tokens, none of which you need remember.

What is two-factor authentication?

Instead of two-factor authentication, I prefer to use the more practical phrase: two-step logins. In other words, to login to an online account like Gmail, you need to complete Step 1 (entering a password that you KNOW) and then Step 2 (entering a secret code that you HAVE for a limited time). The simplest form of a two-step login is at your ATM machine.  You provide two things: an ATM card that you HAVE and then a PIN number (password) that you KNOW.  It’s a two-part procedure. Without both of those, it’s hard to hack.

So how does two-step verification work online?

One form of two-step logins online is called text verification (see this in action on the video above).  This is where you get a code texted to your mobile phone the minute you’ve entered your password on the website. So the password is something you KNOW and the mobile phone, with the text on it, is something you HAVE. Two factors to unlock the account – two steps needed to login. It’s more than twice the protection for very little work.

Why do two-step logins protect us so well?

Simple – it would be nearly impossible as the thief will almost never have your password AND your cell phone at the same time.  So even if identity thieves hack your password out of a database (like in the Target data breach), it’s useless without the code that comes to your phone. In most cases, the hackers are located overseas and would have no way to compromise your phone.

How do I set up two-step logins for my specific online account?

If you want to learn more about two-step logins for specific online accounts, click on the relevant link: Gmail, Facebook, Twitter, Instagram, Dropbox, Evernote, SalesForceYahoo, Wells Fargo, Bank of America, Citibank, Etrade, Charles Schwab, US Bank. Alternatively, check out this list of two-step login pages or google the account you want to protect with the words two step verification (e.g., Gmail two step verification) and you will find the answer yourself!

John Sileo specializes in making technology, identity and privacy fun for audiences, so that security sticks.  His keynote appearances include engagements at The Pentagon, VISA, Homeland Security and Pfizer as well as TV appearances on Rachel Ray, 60 Minutes, Anderson Cooper and Fox Business. Book John directly on 800.258.8076.

Two-Factor Authentication

Biometric Identity Theft: Stolen Fingerprints

,

Identity Theft is a huge and growing problem. According to the recent 2009 Identity Theft Fraud report by Javelin Strategy & Research, victims increased 22% in 2008 to 9.9 million. When businesses are involved, the companies face billions of dollars in theft, millions of dollars in fines and, perhaps most important, the loss of customer trust.

The large impact that identity theft has on individuals lives and corporations’ bottom lines has made inexpensive biometrics look attractive for authenticating employees, customers, citizens, students and any other people we want to recognize. The most recent debate is on whether the pros outweigh the cons. (To see some of the materials that influenced this article, please visit George Tillmann’s excellent article in Computerworld).

fingerprintBiometrics uses physical characteristics, such as fingerprints, DNA, or retinal patterns to positively verify individuals. These biological identifiers are electronically converted to a string of ones and zeros and stored on file in the authenticator database.

[intlink id=”899″ type=”post”]Biometric Statistics[/intlink]

The downside or weakness of biometrics is that the risk of data breach remains relatively the same. Just as a credit card number can be stolen, the numbers that make up your biometrics and are stored in a database can be stolen.  It may take longer for thieves to understand how to use these new pieces of information, but they will eventually be used.

Ultimately, this could be more dangerous than having your ATM PIN, credit card number, or Social Security Number stolen, and it will take longer to clear up.  In a worst-case-scenario, someone inside of the biometric database company could attach their fingerprint to your record — and suddenly they are you. The reverse is also true, where they put your fingerprint in their profile so that if they are convicted of a crime, the proof of criminality is attached to your finger.

What will stop thieves from electronically sending your stolen fingerprints to your bank to confirm that you really do want to clean out your bank account through an ATM in Islamabad? Fingerprints, when stored in a database, are nothing more than long strings of numbers. What will you do when your digitized fingerprints wind up on a government No-Fly list? If you think it takes forever to board a plane now, wait until every law enforcement agency in the free world has your fingerprints on file as a suspected thief or, worse, a terrorist.

The reality is that biometrics could be a great alternative to securing one’s identity – and they are quickly becoming a part of every day identification.  But we can’t go forward into the new world of biometrics thinking that it solves all of our problems. Like the “security codes” on the back of our credit cards, like the two forms of authentication required for most banks, like wireless encryption standards – thieves eventually find work-arounds. And so too will they work around biometrics. If we implement biometrics without doing our due diligence on protecting the identity, we are doomed to repeat history — and our thumbprint will become just another Social Security Number.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Contact John directly on 800.258.8076.

Follow John on: Twitter, YouTube, Facebook.