Tag: Security Page 1 of 4

Adaptive MFA:  So much for Sci-Fi

Sticky post

Several times a year I receive notification that there has been another mass password breach with an online database. Whether from a pwned (compromised) website or successful phishing attempts, this proves how insecure simple password access can be. Many of us have been compromised at one point in our life, simple passwords just aren’t cutting it anymore. Where is the technology headed, are we going to need retinal eye scans going forward to access our information?

Multi-Factor Authentication is considered the solution to passwords. In a recent study by Symantec, it was determined that 80% of breaches would have been prevented by including MFA with a password.

A strong password should be the first barrier for access, but proving it is really you, and not someone else, is a stronger defense.

Over the past few years, biometrics has assisted MFA in keeping data secure. Fingerprint readers and retinal scans are now mainstream. So much for Sci-fi.

I remember when I couldn’t buy gas on the east coast for a few days. Long lines at the pumps for the few gas stations that had short supply. According to Bloomberg, the Colonial Pipeline was hacked in April 2021 due to a compromised password allowing VPN access. The pipeline system was not secured with MFA for administrative access. This allowed fraudulent access to shut down the pipeline simply from a password breach.

There are many companies that now require MFA. These include Bank of America, Microsoft, Apple, Google, PayPal, Drop Box, and Salesforce. As more companies increase their security requirements each month, bad players looking to capture your data must adapt to this level of sophistication. This is leading to MFA itself needing to become more robust. So, what should we expect in the months ahead?

The Future:  Adaptive Multi-Factor Authentication

Standard MFA can decrease efficiency when over implemented. Adaptive MFA can reduce the burden of constantly having to prove who you are by 80%. It also helps reduce bad actor login access to near zero. Adaptive MFA bridges the gap between user experience and account security by providing a secondary factor for logins but only prompting for secondary verification when the primary factor login looks suspicious or unusual. Typically, I logon to check certain websites each morning at 8:00 am from a work IP address utilizing the same machine. But what if I was to login at 10:00 pm from a different state? This pattern is new, so it should be challenged. Most likely, I am just traveling. But what if my device was stolen?

Behavioral Analytics can score events, including login attempts at unusual hours, login attempts from unusual locations, or login attempts from unknown devices, etc. Higher risk scores would require additional authentication methods.

My example shows utilizing an approved device, but from a new Geo location and during an odd time of day. Thus, additional Multi-Factor Authentication would be required for this new login attempt.

The future of Authentication will be security driven by artificial intelligence. Adaptive Multi-Factor can be configured to allow low risk patterns to require simply a username and password. Medium risks would require additional authentication, such as that retinal scan. A High-risk AI assessment could deny access all together. Implementing some Adaptive Multi-Factor Authentication could have kept that Colonial pipeline open. Nobody wants another national security risk. The future is being streamlined for user experience, and heightened security. I would call this a win-win.

Security or Invasion: Apps and Services that spy

Sticky post

Ever wonder why your computer, or smartphone just recommended a product you were just discussing with a friend the day before?  Hmmm, that’s convenient. That’s just what I was looking for, must be a weird coincident?  No, it’s the eerie product of new marketing practices. These include cross app tracking, social network sharing, product review algorithms, and behavior recognition. Is this an invasion of my privacy, or a tech advanced value added shopping experience? Is this really meant to help me, or make someone else money?

Meta aka Facebook

Meta provides its business partners tracking software they embed in apps, websites and loyalty programs. Any company that needs to do digital advertising has little choice but to feed your activities into Facebook’s database: your grocer, political views, investments, brand preferences. Behind the scenes, Facebook takes in this data and tries to match it up to your account. It sits under your name in a part of your profile your friends can’t see, but Facebook uses this information to shape your online experience.

Among the 100 most popular smartphone apps, you can find Facebook software in 61 of them, according to app research firm Sensor Tower. Facebook also has trackers in about 25 percent of websites, according to privacy software maker Ghostery.

What to do … Quit Social Media?

Well, you could quit services such as Facebook and Meta owned Instagram. Of course they’ll beg you to stay, and encourage you to just temporarily “deactivate” your account for a while. But if you do fully delete your accounts on both services, Facebook will no longer build out a profile with your activities to target ads. But if you can’t bear to be without your social media then at least change your privacy settings.

Facebook has lots of bad default security settings you should change. Such as setting your public profile from strangers (anyone) to friends. But the most important one to combat tracking is called Off-Facebook Activity. Users found the feature was monitoring their use across multiple apps and websites, including banking.

Apple

Apple is a mixed bag when it comes to privacy. Starting with Apple’s iOS 14.5, the phone now comes with the long-awaited privacy feature called App Tracking Transparency (ATT), which highlights who is tracking you on your iPhone and gives you the option to stop it. Nice work Apple. However, …

Apple unveiled a sweeping new set of software tools in August 2021 that will scan iPhones and other devices for illegal pictures and text messages with explicit content and report users suspected of storing illegal pictures on their phones to authorities.

The aggressive plan to catch child predators and pedophiles and prohibit them from utilizing Apple’s services for illegal activity pitted the tech giant against civil liberties groups and appeared to contradict some of its own long-held stances on privacy and the way the company interacts with law enforcement. It seems like a good idea to police the bad, but at what cost to the privacy of the good?

The move also raises new questions about the nature of smartphones and who really owns the computers in your pockets. The new software will perform scans on its users’ devices without their knowledge or explicit consent, and potentially put innocent users in legal jeopardy, or at the very least monitor their private affairs.

Cheap Cameras and Cloud Services

So you think you got a great deal on a $20 wireless internet camera so you can monitor your house? Why not, it has a free cloud service and a cool App. Setup instructions were in poor English, but you got it working. Now you can check on your loved ones while they sleep, cook, and watch TV. But where is that cloud service server located? Easily could be someone’s basement in another country, or even the Chinese government? Nobody is regulating these foreign cloud services. Assume everything is being monitored, recorded, and stored. I would be very careful what room I placed one of these in! Pass on purchasing the cheap Yuanyang or NetSee cameras and stick with a U.S. product and monitoring service such as Ring or FLIR.

Google Alexa

Always listening … Best to assume everything you say is being monitored somewhere. In fact it’s being recorded when you say “Alexa”. After the wake word, the audio gets uploaded to Amazon’s cloud where they have algorithms that analyze it. According to Bloomberg’s reporting, there are at least 100 transcripts of conversations uploaded to the cloud each day that Alexas have recorded without being purposely activated. Guess I’ll be on my best behavior when there’s an Alexa in the room. Occasionally she asks, “by the way, do you want me to …. ” If you’re like me, and you don’t like this, go to the Alexa App, settings, and toggle off Hunches. I prefer when Alexa does not try to take over the conversation going on in my kitchen. And no, I don’t need another reminder to reorder protein drinks for my son.

Summary

We should realize companies that offer free products and services need to be compensated. Whether that is by generating product recommendations and revenue from you through online commerce or selling and sharing your data to another vender. Nothing in life is free. Be wary of your digital footprint because it can easily be tracked. Protecting your identity should outweigh convenience or your social media. Sometimes it’s better to stay anonymous.

Page 1 of 4

Spectrum Financial, Inc 2023