By Susan Grant, Consumer Federation of America Director of Consumer Protection and Privacy
The massive Yahoo data breach is a vivid reminder that our online accounts are rich targets for hackers. They’re looking for personal information that can be fraudulently used to take over our accounts, open new accounts in our names, steal our tax refunds, apply for jobs or government benefits, or send spam to our contacts. When our email or social media accounts are hacked, there is also the risk of embarrassment if something that we’d rather keep private within a circle that we define is exposed for all to see. To the extent that we use the same login information for multiple accounts (and let’s face it, many of us do), the risks are multiplied.
Research reveals that 72 percent of Americans believe their accounts are secure with only usernames and passwords. The fact is, usernames and passwords are not enough to protect key accounts like email, finances and social media. We can make it harder for fraudsters to get into our online accounts, even if they have stolen our usernames and passwords, by taking additional steps to prove that we are who we claim to be. This is often called “multi-factor” or “two-factor” authentication.
One way to verify our identities is by using “biometrics” – matching unique physical characteristics such as our voices, fingerprints, facial images or iris scans. For example, some iPhones have fingerprint identity sensors that enable the device owners to unlock them and keep unauthorized users out. If you’re concerned that this is too privacy-invasive, there are other authentication methods that may be offered such as entering a one-time code, which can be sent to you by text or phone call, as part of the login process.
Today the National Cyber Security Alliance announced a new campaign, of which CFA is a partner, to encourage Americans to “Lock Down Your Login.” We want options for stronger authentication to be widely available and more people to use them. To learn how to make your online accounts more secure go to www.lockdownyourlogin.com.
Of course, cybersecurity is a shared responsibility. The companies, organizations and agencies that hold our personal information must do a better job of safeguarding it from external or internal threats, detecting data breaches, notifying those affected and providing them with the appropriate assistance.