Defense Against Crime

07/08/2014

Protect Your Online Account With Multi-Layered Authentication.

Yesterday I tweeted (@PepperEyes), and posted on the Defense Against Crime LinkedIn page the latest cyber-breach story about the Billions of Stolen Passwords from the Russians
(http://news.msn.com/science-technology/report-russian-hackers-steal-12b-passwords). Communications connectivity

So just to keep count and to bring you up to speed,  here is a list of cybersecurity issues that we know happened in 2014.

  • There have been over 447 in 2014 according to the idtheftcenter.org
  • There was the heart bleed virus threat of 2014
  • There have been reports of fake mobile banking apps that are stealing sensitive data
  • There is always new viruses/malware being released to exploit security breaches.
  • Cyber Thieves can now hack many wireless Security Systems
  • China and Russia Hackers are continuously cyber attacking US Computer networks.

Have you heard enough?   Are you scared yet?

One IT Security specialist I know says he doesn’t even leave his home computer plugged into the network or turned in to prevent any kind of attack.  What about the rest of us who live on the net? Is there a better way to secure your computer accounts without having to create new elaborate passwords every month?

One of the methods I use to secure many of my online accounts (PayPal, Google, Facebook, Bank..etc) is 2 key authentication or what is called Multi-Factor Authentication (MFA). The device that serves as my second key receptacle is my cell phone (UPDATE: Most services use your cell phone instead of using a separate device)

What is Multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a cybersecurity approach to security authentication which requires the presentation of two or more of the three independent authentication factors: a knowledge factor (“something only the user knows like a password“), a possession factor (“something only the user has a fob or cell phone“), and an inherence factor (“something only the user is”). After a presentation, each factor must be validated by the other party for authentication to occur. You have probably seen system used in many movies where the person types in their security password (knowledge) and then either has to have a palm scan or retina scan (possession) and a certain terminal (inherence).  For example, to access on-of my online accounts I enter my username and password (knowledge), their system then sends me a text message (possession) and the system will let me in.  So if someone in China steals my username and password and sells them to someone in Nigeria, without my cell phone, the information is kinda useless and they move on to their next victim.  Google actually monitors where you log in and will question if all of a sudden you try to log in from France when your last login was in New York City.

PayPalFob

PayPal Provided FREE MLA Devices 

 

 

 

 

Cyber-thieves are really clever

According to many security advocates, MFA could drastically reduce the incidence of online fraud, online identity theft, and other cybercrimes, because the victim’s password would no longer be enough to give a would-be thief permanent access to your information.  However given the persistence and cleverness many cyber-thieves, many MFA approaches remain vulnerable to Phishing, man-in-the-browser, and/ or man-in-the-middle attacks. Think about all those movies or TV Shows where the criminals got access by to cleaver bit of technology or hacking.

In addition to such clever direct attacks, three additional aspects must be considered for each of the factors in order to fully realize the potential increase in confidence of multi-Factor authentication:

  • The inherent strength of the mechanism, i.e. the entropy of a secret, the resistance of a token to cloning, or the uniqueness and reliability of a biometric. For example, the new iPhones added a fingerprint security system. Within a week someone figured out a flaw.
  • Quality of provision and management. This has many interesting aspects, such as the confidence you can have that a token/fob or password has been securely delivered to the correct user and not an imposter, or that the correct individual has been biometrically enrolled, as well as secure storage and transmission of shared secrets, procedures for password reset, disabling a lost token, re-enrollment of a biometric, and prompt withdrawal of credentials when access is no longer required. For example, some of the online systems have a link that allows the user to bypass the MFA by saying that they don’t have the key. The hacker only has to know some of the other information about you like mother’s maiden name of last 4 of your driver’s license to access your account, change your mailing address and have another fob mailed to them.
  • Proactive fraud detection, e.g. monitoring of failed authentication attempts or unusual patterns of behavior which may indicate that an attack is underway, and suitable follow-up action. Many systems only allow you three login attempts and then it locks you out. You either have to call their 800 to have your password reset or hit the I can’t remember my password which will usually link to your email account that I hope you have an MFA for.

The Bottom Line

In the age of continuous data breaches and cyber attacks, just changing your password on a regular basis is not enough, you are going have to add extra layers of security to your cyber life. Many of us have two locks on the doors of our residence, plus an alarm system and perhaps a dog. We are going to have to take steps to secure our cyber homes against cyber-robbers. Multi-Layered in a great st

Related articles

 

PepperEyes.com is dedicated to providing you with the best and most affordable self-defense products, and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high-quality discount self-defense products and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option.

Advertisements

Create a free website or blog at WordPress.com.

%d bloggers like this: