Advice for a world where we are reliant on third party WiFi. We all need to do a better job at protecting our data. The penalty for not being vigilant is growing every minute.
24-Jun-18 Any entrepreneur or road warrior hears some new horror tale about hacks, scams, and identity thefts just about every other week. These are usually credible, peer-to-peer conversations rather than media scare stories. Most recently, Ive heard half a dozen versions of complaints and some serious instances of financial losses based on the porous and insecure nature of hotel and airport WiFi.
In fairness, these providers couldnt make it any clearer or disclose the risks more directly on their websites. These are not the usual disclaimers buried in the Terms & Conditions.
Unfortunately, we dont really have much in the way of connectivity choices when were on the road. You can carry your own hotspot or use your phone and run down your battery, but the vast majority of us arent going to do that. So, the trick is to figure out what you can do, realistically and practically, to protect yourself.
As were forced to rely more and more on third-party-provided WiFi, and it becomes increasingly ubiquitous, the scale of the security problems and the prospective losses are only going to continue to grow. And honestly, if its not happening to a family member or a relative, weve gotten so accustomed to these commonplace tales of woe (and worse) that we tend to dismiss them as the risks of the road.
||In addition, I must admit that we stupidly assume and often think smugly to ourselves that the victims must have been lazy, sloppy, or careless, and that this kind of stuff could never happen to us. Until it does. And then, of course, its too late.
If you cant control the WiFi, try to control your passwords
My humble suggestion is that nows the time to start thinking about how to be smart about the situation before you must be sorry. My thought is simple if you cant control the pipes, try to control and protect your passwords.
Yes, I know that youve heard this lecture a million times before and yet most of us are too busy, too lazy, or too uninformed to invest the modest amount of time that it takes to substantially boost the odds in your favor. In this context, Id say that being too busy is, in fact, just another word for being lazy.
Theres not much I can do to help anyone unwilling to help themselves. It would take about an hour to follow a few basic steps to improve your password protection while it can take weeks to repair and try to restore your credit and financial identity if you get hacked. You should take the time to do the math.
And, for now, Im just going to focus on the facts of life these days and then you can decide how to proceed.
|First, the guys on the other side are getting smarter, faster, and a lot nastier. Theyre growing in numbers, the hacks are easier to accomplish, and theyre better equipped especially because the tech and capital requirements to take your money are trivial.
In addition, ploys and scams are spreading and being shared across markets and even countries at a very rapid rate because of the increased communications and connections across the dark web.
Second, we suckers continue to make it easier and easier for the bad guys to break in. The most frequently used password today is still 123456. Fifth on the list is 111111 and #8 is password.
It takes most brute-force hacking programs less than a few seconds, according to a recent survey, to figure out any password of six characters or less and more than 40 percent of all passwords today are six characters or less.
Other very popular passwords are equally infantile, including: qwerty and 123123.
And more than half of us use the same password on multiple sites, so once the hackers are in, they can move quickly from site to site.
And finally, the middlemen hosting services, connectivity providers, social platforms, etc. arent doing jack to help us help ourselves by requiring us to be smart about our personal security. They dont care if you get ripped off if you can always get right back on their service or network with the least possible friction and in the shortest amount of time.
Every six months, some of these services make you change your password, but they dont insist upon or enforce even the most basic complexity requirements.
Use a password manager
What should you do? The best and smartest thing to do is to use a password manager/vault, a single location for all your passwords that requires only remembering one password hopefully one with a minimum of eight characters that include a number, letter, capital letter, and symbol.
There are several players in the space, but Keeper Security has one of the biggest user bases and is the best for my money because it provides both individual and enterprise-level solutions. More importantly, Keeper Security employs a zero-knowledge approach, which means that the site has no idea whats in your vault or any ability to get at it.
You spend less than an hour and build an Excel spreadsheet with all your stuff which you probably already have and then its imported into your Keeper vault and the next time you visit one of your regular sites, the Keeper system will automatically supply the appropriate sign-in data.
Adopt two-factor authentication
The next best thing to do is to bite the bullet and adopt two-factor authentication. I admit, 2FA can be a pain in the butt on a plane or if youre not connected somehow, but otherwise its as easy as pie. This is another simple way to deploy an additional layer of protection and just requires that you take an extra minute to enter a security code sent to your phone to confirm that its you trying to get into your site.
For sure, this is an essential fix for your primary social media sites because they are the connectors and links to many other sites where you use Facebook Connect or something similar for Twitter to sign into a bunch of third-party sites.
Biometric security such as facial recognition and fingerprint readers, which are also 2FA, are becoming more prevalent, too, but thats a subject for a future column. Right now, a password vault and a 2FA are quantum leaps in de-risking your online exposures and a very small price to pay in terms of time and treasure to avoid major headaches.
||(Left) In this depiction of Two-Factor Authentication (2FA), a user logs into an account with their usual password. An authenticator app the user has installed on his or her mobile phone generates a second, temporary password, which the user also enters.
And, if youre like everyone else and somewhat intimidated by the length of your password list, or never heard of Excel, at least work on the top five sites you visit all the time and get those fixed and protected.
Its a 99/1 world in terms of anyones web activity we go to the same, very few, places almost all the time so if you at least pay attention to the most important sites, youve got a fighting chance of dodging a bullet.
But the smart money is still on the hackers and its not really a question of if, its just a question for most of us of when. Id rather be safe than sorry.