“C” is for Controlled Access

When using devices and online services, always use modern, convenient and strong access controls. Fingerprint sensors are brilliant for controlling access to personal devices, a good password manager makes creating and remembering passwords a breeze, and adding multi-factor authentication is the best approach for protecting the accounts you really care about.

This blog is continuing from Michael’s blog on “Remember Your Security ABCs”. I wanted to expand on the “C is for Controlled Access” part of the ABCs. You will probably be surprised by how many people have chosen to not adopt the following security techniques and usually for the same old excuses: “I don’t have time”, “I don’t know how”, “Who would want to target me anyway?” “I’m simply not that special.” In this blog, I will discuss how you can stay safe online by controlling access to your devices and online services and explain why this is so fundamentally important.

Why do we need to control access?

Use of strong access controls is essential to protect the private and valuable information that you share when using online accounts. Whenever you initially sign up for services online, keep in mind the sort of information that you are asked to provide and consider what could happen if it ended up in the wrong hands. Here are just a few pieces of information that an attacker might be looking for:

  • Personal information (e.g. driver’s license, contact details);
  • Financial information (e.g. credit card information, salary information);
  • Health information (e.g. medical history, test & laboratory results, insurance information); or
  • Access credentials (usernames, passwords, answers to ‘secret’ questions).

There are plenty of creative ways that someone with criminal or malicious intent could use the above information to perform cyber crimes (e.g. identity theft, fraud, money-laundering etc.) which can have a lasting impact on you as an individual.  Which can range from having to prove you did not request credit or were involved in criminal activities through to having private information about you made public.

So how do I protect myself?

You can manage the risk of someone gaining access to your information by choosing to improve the security of your online accounts, and helping family and friends to do the same. There are lots of ways to do this, and here are a few suggestions:

Multi-factor authentication

Most online services, including Facebook, Outlook.com, Instagram, Google mail, and Twitter have two-factor authentication capabilities available. So, make sure you enable these settings. Multi-factor authentication can be achieved by combining at least two of the following forms of identification:

  • Something you know (e.g. username and password);
  • Something you have (e.g. hardware token, one-time verification sent to you via SMS text message); and/or
  • Something you are (e.g. biometric fingerprint).

Password Manager

Think about all the passwords you currently use. How many of these do you reuse across multiple services? If you tend to just use one password for every single online service you sign up for, you are essentially making it easier for an attacker to get a hold of all your accounts. One way to combat this is by using a reputable password manager, to help you create different and strong passwords for every site you use. You don’t even need to know what they are or to remember them as it can automatically fill these in for you. So then even if your account at one site is breached, your other accounts are still safe.

When using a password manager, it is highly important that access to it is protected using a strong passphrase, as all your passwords would be vulnerable if this were discovered. Coming up with a phrase or sentence to use to access your password manager is the best way to ensure that you remember it, and that it is sufficiently long enough (at least 16 characters) to take a considerable amount of time and effort to guess or crack. The longer this passphrase, the better.

When using the password manager, you can select the length and complexity of the passwords it can automatically generate for each site or service you use.  You won’t even need to know what the password is as most tools can input this field for you, or allow you to copy/paste the password, once you have opened the tool. The limiting factor may be the password complexity which a site will allow you to use. So if you must use shorter passwords, using a combination of numbers, symbols, uppercase and lowercase letters is your best option.

Tip: If you choose a password manager which can be used across the different devices you use, whether they are mobile phones, tablets or computers, then this will save you having to synchronise multiple password managers across devices.

There are a lot of password managers and each has its own advantages and disadvantages. Make sure you research and compare the available options then pick the most suitable one that fits your needs.

Privacy and Security settings

Online accounts may contain a lot of personal information related to you, your relationships, hobbies, etc. Make sure that the privacy and security settings on your accounts are selected to control who can see your posts, who can send you messages, or friend requests. This will help you to avoid oversharing of your personal information on social media, especially if your profile is very public.

Keep in mind that following the above suggestions will not fully eliminate the risk of unauthorised access but will help you to improve the protection of your online accounts and the information they hold.