viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Securing your digital life, part two: The bigger picture—and special circumstances
Technology

Securing your digital life, part two: The bigger picture—and special circumstances

27/10/2021

Securing your digital life, part two: The bigger picture—and special circumstances

ANDRZEJ WOJCICKI / SCIENCE PHOTO LIBRARY / Getty Images

Securing your digital life

View more stories

In the first half of this guide to personal digital security, I covered the basics of assessing digital risks and protecting what you can control: your devices. But the physical devices you use represent only a fraction of your overall digital exposure.

According to a report by Aite Group, nearly half of US consumers experienced some form of identity theft over the last two years. Losses from these thefts are expected to reach $721.3 billion for 2021—and that’s only counting cases where criminals take over and abuse online accounts. Other valuable parts of your digital life may not carry specific monetary risks to you but could still have a tangible impact on your privacy, safety, and overall financial health.

Case in point: last September, my Twitter account was targeted for takeover by an unidentified attacker. Even though I had taken multiple measures to prevent the theft of my account (including two-factor authentication), the attacker made it impossible for me to log in (though they were locked out of the account as well). It took several weeks and some high-level communication with Twitter to restore my account. As someone whose livelihood is tied to getting the word out about things with a verified Twitter account, this went beyond inconvenience and was really screwing with my job.

The attacker found the email address associated with my Twitter account through a breach at a data aggregator—information probably gleaned from other applications that I had linked to my Twitter account at some point. No financial damage was done, but it made me take a long, hard look at how I protect online accounts.

Oh hey, it's this guy again. (Maybe this is the guy who tried to get into my Twitter account?)
Enlarge / Oh hey, it’s this guy again. (Maybe this is the guy who tried to get into my Twitter account?)

Aitor Diago / Getty Images

Some of the risk tied to your digital life is taken on by service providers who are more directly impacted by fraud than you. Credit card companies, for example, have invested heavily in fraud detection because their business is built on mitigating the risk of financial transactions. But other organizations that handle your personal identifying information—information that proves you are you to the rest of the digitally connected world—are just as big a target for cyber crime but may not be as good at preventing fraud.

Advertisement

Everything counts in multiple accounts

You can do a number of things to reduce the risks posed by data breaches and identity fraud. The first is to avoid accidentally exposing the credentials you use with accounts. A data breach of one service provider is especially dangerous if you haven’t followed best practices in how you set up credentials. These are some best practices to consider:

  • Use a password manager that generates strong passwords you don’t have to remember. This can be the manager built into your browser of choice, or it can be a standalone app. Using a password manager ensures that you have a different password for every account, so a breach of one account won’t spill over into others. (Sorry to again call out the person reusing letmein123! for everything, but it’s time to face the music.)
  • When possible, use two-factor or multi-factor authentication (“2FA” or “MFA”). This combines a password with a second, temporary code or acknowledgment from someplace other than your web browser or app session. Two-factor authentication ensures that someone who steals your password can’t use it to log in. If at all possible, don’t use SMS-based 2FA, because this is more prone to interception (more on this in a minute). Applications like Authy, Duo, Google Authenticator, or Microsoft Authenticator can be paired with a wide variety of services to generate 2FA temporary passwords or to send “push” notifications to your device so that you can approve a login. You can also use a hardware key, such as a Yubico YubiKey, to further segment authentication from your devices.
Artist's impression of how to troll your IT department.
Enlarge / Artist’s impression of how to troll your IT department.

vinnstock / Getty Images

  • Set up a separate email address or email alias for your high-value web accounts so that all email regarding them is segmented off from your usual email address. This way, if your primary email address is caught up in a data leak, attackers won’t be able to use that address to try to log in to accounts you care about. Using separate addresses for each service also has the side benefit of letting you know if any of those services are selling your personal information—just look at where and when spam starts showing up.
  • If you’re a US resident, make sure to claim an account for your Social Security number from the IRS for tax information access and other purposes. Much of the refund and stimulus fraud over the past few years has been related to scammers “claiming” accounts for SSNs that were unregistered with the IRS, and untangling that sort of thing can be painful.
  • Register for account breach checkups, either through the service provided through your browser (Firefox or Chrome) or through Troy Hunt’s haveIbeenpwned.com (or both!). The browser services will check stored passwords against breach lists using a secure protocol, and they can also point out risky reused credentials.
  • Consider locking your credit reports to reduce identity theft risks. Equifax provides an app called Lock & Alert that allows you to lock your credit report from all but existing creditors, then unlock it from the app before you apply for new credit. TransUnion has a similar free app called TrueIdentity. Experian charges $24.99 a month to lock your credit checks, and TransUnion has a “premium” version of its service that locks both TransUnion and Equifax reports on demand for $24.95 a month. In other words, if you want to have tight control over all your credit reports, you can do it for $300 a year. (You can, with some searching, find the free versions of those credit freeze services—here’s Experian’s and here’s TransUnion’s—but man, those companies really, really want to lift a giant pile of money out of your wallet in exchange for a bunch of highly dubious “value-adds.”)
Advertisement

When 2FA is not enough

Security measures vary. I discovered after my Twitter experience that setting up 2FA wasn’t enough to protect my account—there’s another setting called “password protection” that prevents password change requests without authentication through email. Sending a request to reset my password and change the email account associated with it disabled my 2FA and reset the password. Fortunately, the account was frozen after multiple reset requests, and the attacker couldn’t gain control.

Artist's impression of two-factor authentication. In this example, you can't log in without both a password <em>and</em> a code generated by your phone.
Enlarge / Artist’s impression of two-factor authentication. In this example, you can’t log in without both a password and a code generated by your phone.

dcdp / Getty Images

This is an example of a situation where “normal” risk mitigation measures don’t stack up. In this case, I was targeted because I had a verified account. You don’t necessarily have to be a celebrity to be targeted by an attacker (I certainly don’t think of myself as one)—you just need to have some information leaked that makes you a tempting target.

For example, earlier I mentioned that 2FA based on text messages is easier to bypass than app-based 2FA. One targeted scam we see frequently in the security world is SIM cloning—where an attacker convinces a mobile provider to send a new SIM card for an existing phone number and uses the new SIM to hijack the number. If you’re using SMS-based 2FA, a quick clone of your mobile number means that an attacker now receives all your two-factor codes.

Additionally, weaknesses in the way SMS messages are routed have been used in the past to send them to places they shouldn’t go. Until earlier this year, some services could hijack text messages, and all that was required was the destination phone number and $16. And there are still flaws in Signaling System 7 (SS7), a key telephone network protocol, that can result in text message rerouting if abused.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

2020 will be a big year for online childcare — here are 7 startups to watch
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

Asian stock markets fall as COVID-19 is declared a pandemic

2020 will be a big year for online childcare — here are 7 startups to watch
TechCrunch ist jetzt Teil der Verizon Media-Familie. Wir (Verizon Media) …

Facebook bans deceptive deepfakes and some misleadingly modified media

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Modern Warfare is the most-played Call of Duty this generation
    February 2020 NPD: Spending dips after another …
    14/03/2020
  • At CES 2020, 5G hype shifted from phones to PCs, cars, and infrastructure
    At CES 2020, 5G hype shifted from …
    09/01/2020
  • Rep. Gomez demands answers from Amazon CEO Jeff Bezos on facial recognition
    Rep. Gomez demands answers from Amazon CEO …
    18/06/2020
  • Google’s MixIT AI isolates speakers in audio recordings
    Google researchers use quantum computing to help …
    14/08/2020
  • In “60 Minutes” appearance, YouTube’s CEO offers a master class in moral equivalency – TechCrunch
    In “60 Minutes” appearance, YouTube’s CEO offers …
    02/12/2019

Popular Posts

  • Top 10 Dumbest Products on Shark Tank …
    21/05/2022 0
  • The World’s 10 Most Dangerous Beaches – …
    22/04/2022 0
  • Hackers hammer SpringShell vulnerability in attempt to install cryptominers
    Hackers hammer SpringShell vulnerability in attempt to …
    22/04/2022 0
  • 10 Times Florida Man Saved the Day …
    23/04/2022 0
  • Ten Chilling Murders of Baseball Stars at …
    23/04/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh