How to Improve Consumer Security with Online Applications
Improving our security should not be difficult, but it does have to be top of mind if you have an online presence. This article will touch on a few true and tested techniques every online consumer should lean into as it has global application across almost all modern systems you might interface with on a daily basis.
Let’s talk about enhancing our personal security when working with online applications.
Two Security Recommendations for All Applications
To simplify the conversation, I will touch on two recommendations that’ll impact our security online most and are the easiest to implement.
- Password Managers;
- Adding More Verification Controls (i.e., 2FA, MFA);
Whether connecting to your bank, social media, email, or service provider, you interact with some form of “access control.” These two recommendations are designed to protect this.
Password Managers
For many, access controls manifests itself in a username and password.
VDBIR reports that 70% of basic web applications are attributed to credentials being abused because of weak, reused, and otherwise poor password hygiene.
If there is something I have learned working with online consumers, it is that no matter how many times I express the importance of using long, complex, unique passwords, they almost never do it. In our minds, we still believe “it will not happen to me,” “I am not a target,” “I have nothing of value anyway”, and “I’ll just update it later when I have more time.”
I get it. Security is not really something anyone cares about, until, they do, and that’s usually when it’s too late.
This is why I stopped telling people how to create strong passwords and almost always exclusively recommend using some form of Password Manager.
What is a Password manager?
A password manager is a vault you can leverage to save all your passwords. Most of these managers also offer random password generators that will quickly create a strong password for you without thinking about it.
More importantly, these managers have evolved a lot over the years. They are cross-platform compatible and easily integrate with our online behaviors. Our devices (e.g., iOS and Android) account for them, allowing you to interface quickly with websites and mobile apps.
Here are a couple worth looking at (not affiliated with any of them):
- LastPass
- 1Password
- Bitwarden
There is a good article by Wired speaking to different Password Managers that might be helpful. There are options to use built-in password managers with browsers. I prefer systems dedicated to password management, but if it’s that or nothing, those browser passwords also work.
Adding More Verification Controls
How you access a system (e.g., Bank, Social, Email) is based on a concept known as “authentication“. Authentication confirms that you are who you say you are when accessing online accounts or services. It’s like showing your ID to prove your identity before entering a secure area.
In the online world, this authentication typically takes the form of a “username and password.” This would have been ok a decade ago, but in today’s online world, that is no longer enough. We must expand how we authenticate with systems to help those same systems keep our data safe.
The most effective way of doing that nowadays is to use something known as Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA).
I won’t bore you with the details, but at its core these controls are about expanding authentication to include the following:
- Something you know (the password you type in)
- Something you have (your mobile phone)
- Something you are (your biometrics)
With 2FA, you account for two of these, while MFA accounts for more than 2. With both, they are expanding the verification requirement to ensure that even if your username and password are disclosed, there are controls in place to help protect you.
Configuring this is typically your responsibility, but it’s made accessible to you by your service provider; it’s also not something you have to buy.
It’s the de-facto standard on the web these days, so there shouldn’t be a single service you interact with that doesn’t allow you to configure some form of 2FA or MFA. These settings are typically found in your Account settings.
Here are some essential services most users have and where you can find instructions on how to enable them:
The list goes on, simply go to Google and type in “How to enable 2FA on [platform name]“.
Your Online Security Is Your Responsibility
Getting mad at a service provider when your information is compromised is easy. The reality, however, is that some responsibility falls on you as the consumer to do your best to keep your information safe. There are naturally instances where it has nothing to do with you, the organization suffered a massive breach and all information was stolen. Not much you can do there!
That being said, leveraging password managers to store and randomly generate passwords is a great first step. You can dramatically enhance that by leveraging controls like 2FA and MFA to reduce the risk of being the source of your own hack.
Security, whether for a consumer or an enterprise, is about risk reduction not risk elimination and what I’ve shared works to do that – reduce your over all risk of being a victim.