Defense Against Crime

07/08/2014

Protect Your Online Account With Multi-Layered Authentication.

Yesterday I tweeted (@PepperEyes), and posted on the Defense Against Crime LinkedIn page the latest cyber-breach story about the Billions of Stolen Passwords from the Russians
(http://news.msn.com/science-technology/report-russian-hackers-steal-12b-passwords). Communications connectivity

So just to keep count and to bring you up to speed,  here is a list of cybersecurity issues that we know happened in 2014.

  • There have been over 447 in 2014 according to the idtheftcenter.org
  • There was the heart bleed virus threat of 2014
  • There have been reports of fake mobile banking apps that are stealing sensitive data
  • There are always new viruses/malware being released to exploit security breaches.
  • Cyber Thieves can now hack many wireless Security Systems
  • China and Russia Hackers are continuously cyber attacking US Computer networks.

Have your heard enough?   Are you scared yet?

One IT Security specialist I know says he doesn’t even leave his home computer plugged into the network or turned in to prevent any kind of attack.  What about the rest of us who live on the net? Is there a better way to secure your computer accounts without having to create new elaborate passwords every month?

One of the methods I use to secure many of my on-line accounts (PayPal, Google, Facebook, Bank..etc) is 2 key authentication or what is called Multi-Factor Authentication (MFA). The device that serves as my second key receptacle is my cell phone

What is Multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a cyper security approach to security authentication which requires the presentation of two or more of the three independent authentication factors: a knowledge factor (“something only the user knows like a password“), a possession factor (“something only the user has like a fob or cell phone“), and an inherence factor (“something only the user is”). After presentation, each factor must be validated by the other party for authentication to occur. You have probably seen system used in many movies where the person types in their security password (knowledge) and then either has to have a palm scan or retina scan (possession) and a certain terminal (inherence).  For example to access on-of my online accounts I enter my user name and password (knowledge), their system then send me a text message (possession) and the system will let me in.  So if someone in China steals my user name and password and sells them to someone in Nigeria, without my cell phone, the information is kinda useless and they move on to their next victim.  Google actually monitors where you long in and will question if all of a sudden you try to log in from France when your last login was in New York City.

PayPalFob

PayPal Provides FREE MLA Devices

 

 

 

 

 

 

 

Cyber-thieves are really clever

According to many security advocates, MFA could drastically reduce the incidence of online fraud, online identity theft, and other cybercrimes, because the victim’s password would no longer be enough to give a would be thief permanent access to your information.  However given the persistence and cleverness many cyber-thieves, many MFA approaches remain vulnerable to Phishing, man-in-the-browser, and/or  man-in-the-middle attacks. Think about all those movies or TV Shows where the criminals got access by to cleaver bit of technology or hacking.

In addition to such cleaver direct attacks, three additional aspects must be considered for each of the factors in order to fully realize the potential increase in confidence of multi-Factor authentication:

  • The inherent strength of the mechanism, i.e. theentropy of a secret, the resistance of a token to cloning, or the uniqueness and reliability of a biometric. For example  the new IPhones added a finger print security system. Within a week someone figured out a flaw.
  • Quality of provision and management. This has many interesting aspects, such as the confidence you can have that a token/fob or password has been securely delivered to the correct user and not an imposter, or that the correct individual has been biometrically enrolled, as well as secure storage and transmission of shared secrets, procedures for password reset, disabling a lost token, re-enrollment of a biometric, and prompt withdrawal of credentials when access is no longer required. For example some of the online system have a link that allows the user to bypass the MFA by saying that they don’t have the key. The hacker only has to know some of the other information about you like mother’s maiden name of last 4 of your driver’s license to access your account, change your mailing address and have another fob mailed to them.
  • Proactive fraud detection, e.g. monitoring of failed authentication attempts or unusual patterns of behavior which may indicate that an attack is under way, and suitable follow-up action. Many systems only allow you three login attempts and then it locks you out. You either have to call their 800 to have your password reset or hit the I can’t remember my password which will usually links to your email account that I hope you have a MFA for.

The Bottom Line

In the age of continuous data breaches and cyberattacks, just changing your password on a regular basis is not enough, you are going have to add extra layers of security of your cyber life. Many of us have two locks on the doors of our residence, plus an alarm system and perhaps a dog. We are going to have to take steps to secure our cyber homes against cyber-robbers. Multi-Layered in a great st

Related articles

PepperEyes.com is dedicated to providing you with the best and most affordable self-defense products, and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high quality discount self-defense products and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option.

Advertisements

Blog at WordPress.com.

%d bloggers like this: