Protect your Identity - Live Securely in 2023 (Part 2)

Let’s talk threats for a moment. These days, threats are everywhere. Animals, diseases, other people, and even the weather can all present real challenges to the security of our lives. When it comes to the digital domain, most attacks are successful because of two major areas of weakness:

1. The attacker can access your account or your online identity
2. The attacker can exploit a vulnerability in software you use

Let’s address the first one…protecting your identity. Here at Williams we require Multi-Factor Authentication (MFA) to be used to provide a layer of protection that prevents someone from knowing your username (which is basically public) and stealing your password to access your account. That would not be enough. The attacker would also need to deal with the MFA challenge. Some MFA schemes are more secure than others, and we’re working hard to deploy Okta here, which includes secure MFA via Okta’s Verify app.

But what about all your OTHER accounts? What about your bank account, credit card logins, services, subscriptions, utilities, social media platforms, blogs, discussion groups and device logins?

Here’s what I do to protect my identity and live “without care”:

1. Risk-rank your logins. My bank account, Apple ID and Amazon account all are tied to forms of payment. Therefore, I use long and strong passphrases for those. But when I’m asked to sign up for a discussion board, I never reuse one of those passphrases, and choose something much shorter and memorable. Devices I own all have sufficiently long passphrases used to protect them, and built-in accounts are disabled or I change their password from the default value.

2. Use a password manager. Since password reuse is a major problem that even I am guilty of (but only on the lowest risk accounts), I need a tool to store them all. And, I need it with me at all times. I decided a long time ago that this was a valuable service, one that I’d pay for, to ensure developers continue to update their product. I use 1Password, because it’s secured with biometrics, syncs across all my devices, and I like the ability to add custom fields.

3. Use MFA wherever possible. And where it’s not available, request it of that service provider. It’s a modern standard that we should all be comfortable with, and we should expect organizations that hold our data to leverage on our behalf.

4. Monitor the news for breaches. Organizations that experience data breaches are required to notify affected users. Affected users get upset and share the news about it, and we all can benefit from this awareness. Some password managers will alert you to exposed passwords (1Password does) and prompt you to change them. Remember to change them in both places…the site AND in your password manager.

5. Don’t get phished. If you’ve done all of the 4 steps above, begin to enjoy your secure life. It’s up to you to let bad guys in, because you’ve effectively addressed the first risk area. But bad guys will always try to get in. They’ll email you, text you, and call you. Why respond? You’re living se-cura, without care. Tuning your own filter for phishing is a subjective thing, but be highly skeptical of all unsolicited communication from unknown sources. It’s likely malicious and almost never important or worth your attention.

Five steps to secure your online identity. They seem simple and straightforward enough, right? But how many accounts do you have? I have 114 in my 1Password vault and it can be overwhelming! Start by risk ranking and develop a subset. Secure those first. Then perform another pass and continue until you’ve done all that you can think of. Some accounts may be forgotten, but then how much risk can they represent? When you encounter them later, add them to your password manager and proceed with securing them accordingly.