Identity theft is one of the fastest growing crimes in the world.
Research shows that there is a new victim every 2 seconds, with over 14.2 million credit card numbers and 158 million (!!!) social security numbers exposed in 2017.
Unfortunately, this is not surprising. Hacking software is getting more and more sophisticated, and 35% of users still have weak passwords. More importantly however, businesses have failed to keep their customers’ data safe.
Research done by the Identity Theft Resource Center, shows that there were 1,579 data breaches in 2017, resulting in nearly 180 million exposed records.
We’ve read a lot of big numbers so far, but that shouldn’t blind us to the emotional impact identity theft has on us as individuals. This study found that victims:
“reported that they felt worried, angry and frustrated (each at 85.71 percent); violated (83.7 percent); that they could not trust others and felt unsafe (both 69.4 percent); a sense of powerlessness or helplessness (67.3 percent); sad or depressed (59.2 percent) and betrayed (55.1 percent).”
But the impact of identity theft is not just emotional, it even has physical consequences. According to the study, 84.1 percent of victims:
“reported issues with their sleep habits; 77.3 percent reported increased stress levels; 63.6 had problems with their concentration; 56.8 had persistent aches, pains, headaches and/or cramps and the same percentage experienced stomach issues; 54.5 percent had increased fatigue or decreased energy and 50 percent reported that they had lost interest in activities or hobbies they once enjoyed.”
This goes to show that identity theft is not to be taken lightly, as it typically has a negative financial, emotional and physical impact.
In this post we’re going to teach you how good identity management can help keep you safe online. Let’s dive in.
What does identity management mean?
Identity management is a term that describes your ability to access the right resources, at the right time, for the right reasons. If you are locked out of your account or someone else gains access to your account, your identity management has failed.
When identity management works well, it authenticates the users’ identity and controls the actions they are authorized to perform. Importantly it also includes descriptive information about the user and defines who can edit that information.
This is a very important point because identity management is really about permission. You are the only with the permission to access the resources bound to your accounts, and if this is no longer the case, then your identity management has failed.
So how can it happen that someone gains access to your account without permission?
Why is password strength so important?
When it comes to identity management the first – and most obvious – thing to do is to change your passwords. If (like me) you are one of the 100 million Quora users affected by the breach, you have to be aware of the fact that a malicious actor now has your email address.
If your email address uses a unique rather than a generic domain like email@example.com, hackers may notice and mark you out as a high value target.
Of course, an email address on its own is not worth much, but a recent study by Preempt found that 35% of all passwords are weak, meaning they are less than 10 digits and contain a word. These kind of passwords can easily be cracked using unsophisticated brute-force hacking attacks.
Once the hacker gains access to your email address, he can easily discover the services you use and start resetting your passwords, gaining access to all of them.
Understanding data breaches
There are a number of ways in which malicious actors can gain the information they need to access to your accounts. The most prevalent is via a data breach.
A data breach is when confidential information is released to an untrusted environment – when private data can be viewed, copied or edited by unauthorized individuals, groups or businesses. If you have registered with Facebook, Google, Amazon, Marriott, Twitter, MyFitnessPal, Quora or any of the services listed here, your data has most likely been viewed by unauthorized individuals.
Importantly, not all data breaches are due to a hack or some other malicious activity. In the case of Facebook for example, the breach came as a result of the Social Media giants own codebase. For almost a year, anyone with knowledge of the vulnerability could access other people’s information on Facebook.
In most cases however, hackers seek out large companies with vast amounts of valuable customer data. The recent Marriott Hotel data breach illustrates this point very well, as hackers managed to gain access to the databases containing not only passport numbers and all relevant personal information, but even debit and credit card numbers. These are then sold to the highest bidder, used for fraudulent transactions or both.
You’ve probably already guessed that 2018 will continue the worrying trend of seeing an increase in the number of data breaches.
Despite the significant year on year increase however, the backlash to data breaches remains tepid. When hackers gained access to the information of Quora’s 100 million users the reaction seemed to be a collective shoulder shrug. The statistics do not justify this insensitivity, as 31% of breach victims later experience identity theft.
The reason for this fatigue seems to stem from the belief that there is nothing we can do. The internet has become an intrinsic part of everyday life and service providers cannot be expected to have perfect security 24/7.
But this is simply not true. There is a lot we can do to securely manage our identity.
3 steps to successful identity management
Now that we understand the dangers of data breaches and the importance of strong passwords, let’s discuss how you can keep your identity safe while retaining a high level of convenience.
Step 1 – Use a password manager
According to Digicert, the most commonly used password is:
The appeal is obvious. It’s very easy to remember. That being said, it’s incredibly easy to crack. Any hacker worth his salt would have this thing figured out in a matter of minutes.
That is why it’s worth investing in a password manager like 1Password or LastPass. Not only do these services allow you to store all your passwords, but they also generate them for you. The benefit here, is that they generate highly complex passwords containing a long string of letters, numbers and symbols.
Even a small increase in complexity will pay huge dividends. An 8-character password with letters (upper & lower case), numbers and symbols has 6,095,689,385,410,816 possible combinations. Definitely give password managers a shot if you want to take identity management seriously.
Step 2 – Activate 2-Factor Authentication (2FA)
Only around 10% of Google accounts use 2-factor authentication, despite it being one of the best ways of securing your online identity. In a nutshell, 2FA allows you to setup a required, secondary method of authentication in order to login or perform valuable actions.
One of the most common examples is an SMS. Here users receive an SMS containing a code, which needs to be entered in order to access a service. This is in addition to the typical email and password combination.
As this report from Positive Technologies shows however, SMS are vulnerable to interception and pose some significant social hacking risks. Instead use third-party authentication software, like Google Authenticator or Authy.
Instead of receiving an SMS, this method relies on the authentication app generating a six-digit code that refreshes every 30 seconds. Naturally, the app is connected to the service you are trying to access, and the code can be entered just like that of an SMS.
Step 3 – Use identity management solutions
Identity management is still quite nascent, but solutions already exist that allow you to regain some control of your digital identity. One such solution is the SelfKey Identity Wallet for example.
The Identity Wallet is a desktop application which allows you to collect and store all relevant personal data on your local device.
As everything is managed locally, you are the only one who can control your information. In the event that SelfKey’s servers are breached, users would remain completely unaffected.
Moreover, the Identity Wallet will allow you to securely and conveniently register with a host of service providers through the SelfKey Marketplace. Before registering for a service through the marketplace, you will have complete transparency regarding what information is required to access the service. If you no longer want to share your personal information with a service provider, you can easily rescind permission.
As the SelfKey Identity Wallet continues to improve, we get closer and closer to our vision of a self-sovereign identity management system, with you – the user – in complete control of your digital identity.
The Identity Theft Resource Center estimates that an eye-watering 1.6 billion records have been exposed since 2005.
As explained above, a lot of risks can be minimised by setting up a strong password and activating 2-Factor Authentication. Neither of these will necessarily protect you from a bad data breach however.
In cases like the Marriott Hotel, a new way of managing our identity is required. As the SelfKey Identity Wallet continues to improve, it will provide a better approach to digital identity management.
You can download the SelfKey Identity Wallet for free here.