As we try to create better and better armor for our online presences against the attacks of identity thieves, some of our older methods are beginning to seem not just old but antiquated. Against more sophisticated hacking techniques and clever reasoning of those wishing to gain access to all our protected accounts, simple passwords no longer suffice. This isn’t someone gaining access to your notebook of passwords that you keep by your home computer; this is the careful information gathering that will use online quizzes, which you associate with your own email address to get the results, to get those answers to the questions you most commonly set to help you regain your own password when you forget it (and let’s all be honest here, how many times have you had to have your password reset when you’re trying to sign in to pay your mortgage or get your tax statement from your student loans?). Think of those quiz questions that are purportedly going to tell you which Greek god you’re most like, what your elf name would be, or whether you’re a more like Long John Silver or the Great Jay Gatsby. What sort of things do they ask you? Your high school mascot. Your first pet. The name of your first manager. Hmm. Those also sound an awful lot like the question your bank website is going to be asking if you click on the “Forgot Password” link.
The first line of defense is to obviously not give these quizzes your email address to make any sort of connection. The second is to create, and retain, passwords that are strong and do not match our names, pet names, or those other easily identifiable pieces of information about us, mixing small and capital letters, numbers, and special characters. The third is not to bundle these passwords, but to make sure that each website has its own unique password so if one account is compromised, you’re not suddenly locked out of your whole online life while someone siphons off your money and sanity while dropping thousands of your dollars on sneakers, Domino’s pizza, and random gift cards.
To step it up, maybe it’s time to consider using a password manager. These services generate and store a different password for each of your online accounts, and we’re talking complex and extremely long passwords that are not anything you’d make up because you know you’d never remember it. A password manager keeps track of all those, as well as other data you use online like credit card number, PINs, that sort of thing. All of that information is encrypted with superhero-like strength, and you just need to remember a single password to unlock the ‘vault’ to use the program, then the manager will conveniently access the magical, wonderfully bizarre password it’s created for you to use when you access the website from which you order groceries and you’re good to go.
For some, however, the age of the password has already gone, and even the encryption vault of a password manager isn’t enough to help them feel safe. In these cases, experts have already made a lot of progress in identification methods that aren’t text based, but instead rely on you literally being who you say you are, physically.
Already, smartphones have been equipped with fingerprint recognition, and the big new one, facial recognition. Fingerprint recognition, long part of the science fiction landscape, is now relatively commonplace in secure facilities, and even homes using that as a form of keyless entry. It is the most popular of the biometric modalities, with the concept of the individuality of the fingerprint dating back to Sherlock Holmes-level forensics, with that application of it to police work resulting in more research and technological advancement, and now here we are. As the software costs have gone down and the popular culture familiarity has risen, fingerprint recognition devices have become a pretty common feature of security systems, though it has also shown up in the before-mentioned smartphones and other portable computers, employee attendance records, with some countries looking into fingerprint scanners for a biometric method of ID, and car companies like Hyundai preparing to offer cars with fingerprint unlocking and starting.
Want something even more in your face? How about facial recognition as a way to access things. As previously stated, iPhones have already made use of this technology, which maps facial features from a photograph or video, then compares them to the face presented for entry. Science thus far has shown that the accuracy of facial recognition is not as high as fingerprint or iris recognition, but it’s gaining popularity as a contactless and easy method. Social media platforms have adopted facial recognition in multiple ways, including knowing when to tag you in photos you really don’t want to be tagged in or in filters that will turn your face into a panda face to share with your friends, who obviously really would like to see you as a panda. Face ID, the iPhone X system, was introduced to great fanfare, with a system that attempted to work past several arguments against it such as not working with eyes closed to prevent unauthorized access as well as learning from the changes in a user’s appearance, so growing that luxurious beard you’ve always wanted won’t lock you out of your text messages. Financial services have started to take notice, with banks allowing some customers to access mobile banking using facial-recognition technology. This may be the time for anyone with an evil twin to speak up or forever hold their peace.
Research and brainstorming continue, and will continue in the future, to try to thwart the many attacks to online security that are part of the internet experience now, particularly as we do more and more online. The web life has become our life; it is where we share pictures, where we hunt up recipes, where we pay our bills, and where we communicate with our doctors. Because we’re putting more of our personal information online, it’s become more and more attractive to those who want to steal those details for their own uses. At this point, it’s important to remain aware of both potential attacks and responsible methods to prevent them. If you have any password on any system right now that is ‘12345,’ get up this moment and go change it. And no, ‘123456’ doesn’t count.