Are you really safe online?

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Tuesday December 18, 2012 at 9:00am

Gone are the days when the word ‘password’ or code ‘0000’ provided adequate security for your online activities. But are you aware of the latest techniques that you should be using to keep you and your customer’s personal information safe and provide a secure environment for your business activities? My colleague Martin Giles provided these invaluable pointers to one of our Information Security Management clients and I thought they were worth sharing with our blog readers.

Authentication

Authentication is the process of verifying a subject’s claimed identity.

Authentication can be based on any of three factors:

  • Something you know such as a password or a PIN number for examples
  • Something you have, such as a mobile phone or a smart card
  • Something you are, such as a fingerprint or iris characteristics


Two factor authentication

This requires two of the above factors for authentication. Three factor authentication (the strongest authentication) requires all three factors for authentication.

Protecting your online world

In my experience people are unaware that many of their favourite and most used online accounts have this extra layer of security available. As business and consumers push more data into the cloud two factor authentication becomes ever more important.

So, for example two factors can be something you know (a password) and something you have (your smartphone). “Google Authenticator” (there are other similar Apps available) is an app which is available for most smart phones than generates 2-step verification codes on your phone.

In addition to your username and password you input a short verification code, generated by an App on your smartphone when logging into your Google account for example. For a hacker to gain access to your account they would require your username, password and access to your phone.

These accounts also have two factor login available:

Dropbox

Dropbox uses either the Google authenticator App or coded text to the users phone upon login.

Windows Web Mail

Currently windows web mail outlook.com has selective two factor login, so the user can if they want generate a code if they are logging in from an unknown or untrusted device. The feature cannot be enabled for all logins.

Online Banking

Most major banks now force users to use a token device to login to their accounts, this is where most customers have experienced two factor login.

Facebook

Facebook has a feature they call Login Approvals, which is a security feature that requires you to enter a code that is texted upon login from an unrecognised computer.

Paypal

The user can either have a code texted to their mobile device or order a special code generating token.

In summary, as a user welcome the additional authentication routes offered by online operators, rather than seeing them as a hindrance. As a web owner make sure you put in place adequate security so that your customers feel secure online and will favour your site over less robust ones. And for businesses providing online access to systems and data via the Cloud follow best practice (perhaps by complying with the ISO 27001 information security management standard) to protect your company from hacker attacks and careless employees.

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Comments:  
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here