Tag: online safety Page 1 of 3

Adaptive MFA:  So much for Sci-Fi

Sticky post

Several times a year I receive notification that there has been another mass password breach with an online database. Whether from a pwned (compromised) website or successful phishing attempts, this proves how insecure simple password access can be. Many of us have been compromised at one point in our life, simple passwords just aren’t cutting it anymore. Where is the technology headed, are we going to need retinal eye scans going forward to access our information?

Multi-Factor Authentication is considered the solution to passwords. In a recent study by Symantec, it was determined that 80% of breaches would have been prevented by including MFA with a password.

A strong password should be the first barrier for access, but proving it is really you, and not someone else, is a stronger defense.

Over the past few years, biometrics has assisted MFA in keeping data secure. Fingerprint readers and retinal scans are now mainstream. So much for Sci-fi.

I remember when I couldn’t buy gas on the east coast for a few days. Long lines at the pumps for the few gas stations that had short supply. According to Bloomberg, the Colonial Pipeline was hacked in April 2021 due to a compromised password allowing VPN access. The pipeline system was not secured with MFA for administrative access. This allowed fraudulent access to shut down the pipeline simply from a password breach.

There are many companies that now require MFA. These include Bank of America, Microsoft, Apple, Google, PayPal, Drop Box, and Salesforce. As more companies increase their security requirements each month, bad players looking to capture your data must adapt to this level of sophistication. This is leading to MFA itself needing to become more robust. So, what should we expect in the months ahead?

The Future:  Adaptive Multi-Factor Authentication

Standard MFA can decrease efficiency when over implemented. Adaptive MFA can reduce the burden of constantly having to prove who you are by 80%. It also helps reduce bad actor login access to near zero. Adaptive MFA bridges the gap between user experience and account security by providing a secondary factor for logins but only prompting for secondary verification when the primary factor login looks suspicious or unusual. Typically, I logon to check certain websites each morning at 8:00 am from a work IP address utilizing the same machine. But what if I was to login at 10:00 pm from a different state? This pattern is new, so it should be challenged. Most likely, I am just traveling. But what if my device was stolen?

Behavioral Analytics can score events, including login attempts at unusual hours, login attempts from unusual locations, or login attempts from unknown devices, etc. Higher risk scores would require additional authentication methods.

My example shows utilizing an approved device, but from a new Geo location and during an odd time of day. Thus, additional Multi-Factor Authentication would be required for this new login attempt.

The future of Authentication will be security driven by artificial intelligence. Adaptive Multi-Factor can be configured to allow low risk patterns to require simply a username and password. Medium risks would require additional authentication, such as that retinal scan. A High-risk AI assessment could deny access all together. Implementing some Adaptive Multi-Factor Authentication could have kept that Colonial pipeline open. Nobody wants another national security risk. The future is being streamlined for user experience, and heightened security. I would call this a win-win.

Navigating the Wild Wi-Fi West

Sticky post

Ahh……. traveling through the countryside again.     I’m thrifty, and don’t have unlimited cell service.  I don’t want to use up all my cell phone data out here downloading movies for my kin.    That’s fine, free public wireless Wi-Fi networks are everywhere.    Everyone likes to get online for free.  But what does “free” often mean. There are a lot of security issues with public Wi-Fi.  I like to think of them as the wild-wild west.  This blog will go over the big dangerous amidst many public Wi-Fi spots and how to navigate them.

Malicious Hotspots

Howdy partner, welcome to free Wi-Fi.   So, you’re having dinner at the Texas Steakhouse.  Is the free public Wi-Fi really offered by the diner, or supplied by the guy renting an apartment next door?  Perhaps someone nearby setup a rogue network to entice people to connect and snoop on your web browsing.  It’s a good practice to ask an employee, or the front desk what the name of their Wi-Fi is before just jumping on the first network you find.  A legitimate Wi-Fi network will be less dangerous then a malicious hotspot that is anonymously owned.  You don’t want to shoot yourself in the foot, so to speak…

Wi-Fi sniffing

Just because you found the restaurant’s Wi-Fi network doesn’t make it safe either.  One of the tools that hackers are using on public networks is the Pineapple Wi-Fi device.  Originally developed for penetration and security testing, they can be repurposed for Man-in-the-middle attacks.  After determining what websites you access, the device can thoroughly mimic preferred networks.  All your information is then routed through the device. You may think you’re sending information to a HTTPS website, but it’s actually a spoofed website that the device created.  What’s worse is the Pineapple can save user session and cookie information and continue masquerading as your device, long after your gone.  You may need to call the local Sheriff on this network. 

How do you protect yourself?

When you connect be sure you select the Public network option when connecting to public Wi-Fi, keep your computer up to date, and leave your firewall enabled.  These options will protect your computer or device from being breached. 

When you leave a public Wi-Fi, be sure to delete, or “forget” the network in your phone or laptop.  This will keep your device from automatically reconnecting to a similar rogue network at another location.

Cautious browsing

So, we have learned how to protect your device, but what about protecting your online browsing transactions.  Limiting your internet searches to informational websites that don’t pass sensitive credentials is the best practice.  Logging into your online bank, even though an installed App should be avoided.  What about credit card purchases?  Just say no!  Ok, I just want to send an email.  Unless your email is encrypted (most isn’t) even email shouldn’t be checked on public Wi-Fi.  Do your email servers authenticate exclusively with secure HTTPS?  If you’re not 100% sure, don’t chance it.  So, what about Netflix, you like watching movies don’t you?  It depends….   If you can set your online accounts up with different passwords, in the event you are hacked they will only get onto that one site.  Not too much at risk with a compromised Netflix account if your passwords are all unique.  Plus, I get an email when another device logs on my account, so you know you can cut them off at the pass!

VPN – Circle the Wagons

What if you really need to get some work done, cellular service is not available and public Wi-Fi is your only option?  Well that’s when you need to invest in a VPN service.  A virtual private network (VPN) is a technology that allows you to create a secure connection over a less-secure network between your computer and the internet. This is beneficial because it guarantees an appropriate level of security and privacy to the connected systems. This is extremely useful when your Wi-Fi infrastructure may not support it.  It’s like sitting inside a protective circled wagon.

If your company can setup a VPN for you that would be the best option.  The next best would be a paid VPN service that’s based in the United States.  Most of these run under $10 per month.  Though there are many good ones outside of the States.    The following VPN Services have been highly rated by CNET for 2019. 

Norton Secure VPN
Private Internet Access VPN

So, chock up and stay away from those free VPN services.  Because as we just learned from this blog, nothing in life is “free”.  Now head ’em up, and move ’em out

Page 1 of 3

Spectrum Financial, Inc 2023