You are here
Safeguard your identity in the data breach era
Ideal password: A long, nonsensical phrase
WHILE the death of the password has been long predicted, they're currently a core method of access for most systems and must be created with care.
While the "rule of thumb" for passwords in the past has focused on complexity - at least eight characters combining letters, numbers and characters - guidance in recent months suggests longer "passphrases" - several unrelated words tied together, at least 20 characters - are actually harder to crack and easier to remember.
Store passwords in a digital vault
Reusing passwords is one of the worst things one can do, because if just one of the passwords gets compromised, an attacker can access other accounts as well. But memorising a different password for each account is virtually impossible, which is why 81 to 87 per cent of people re-use passwords in the first place.
Rather than try to memorise multiple passwords or store them insecurely on your phone notepad, use a password manager - which not only acts as a vault for existing passwords, but can also generate stronger passwords for you. Rather than managing over 10 passwords on your own, you'll just have to remember the one key to your digital vault.
Lie on your security questions
Many account security questions ask about information that could easily be found online these days (former addresses, your mother's maiden name, etc). Consider either selecting questions that are opinion based - such as your favourite colour or movie - or even using fake answers for these questions to ensure that only you would know the answer.
Double dip on security checkpoints
Many services nowadays, particularly sensitive accounts such as email and banking, allow for two-factor authentication (2FA,) which adds an extra security checkpoint when certain risk factors are present - such as logging in from a new location or device. Determine which accounts are at risk/sensitive and add an extra login step to avoid a single point of failure.
The most popular example is an SMS sent to your phone at login, asking you to enter a one-time code in order to access the account. But second factor can be anything from an email to a phone call, an extra question before login is granted, or a hardware token generator that stands alone and produces time-based codes. Picking the right measure depends on your service provider, but you can also use your own judgment to secure your accounts.
Get down with biometrics
Even applying the best practices above, we're quickly approaching a future in which the use of passwords as the sole method to establish identity isn't enough.
Biometric authentication uses physical and behavioural characteristics, such as fingerprints, as a means of protection and can use the identifiers that are uniquely you as a safeguard.
At the same time, experts have devised ways to make sure this data is collected and applied in a way that ensures privacy for consumers while preventing the ability for this information to be used by hackers.
Consider using the fingerprint option to unlock your mobile device, and back it up with a lock code.
Some providers use voice signatures, others use facial recognition - the race to replace the password is in effect, and adopting these new methods can help test them and enhance them over time to make your digital identity more secure.
The Internet, our identities, and the ways by which we need to protect ourselves online have evolved considerably in the past decade.
Almost everyone has a digital identity nowadays - nearly 60 per cent of residents across Asean were Internet users in 2016, therefore attackers have a vast playing field.
Learning to outsmart the bad guys in this reality is no different than knowing the perils on the street, and can go a long way in helping to secure our identities.
- The writer is head, channels/alliances for the Asia-Pacific at IBM Security.