Friday, September 18, 2015

Credit Card and Identity Theft - Are You Doing What You Should To Be Safe?

In a recent blog article, a Canadian analyst firm released a study that showed hackers are more and more looking to hack into online accounts, and not as much for credit cards.  This is because online accounts are more persistent - that is, your credit card may change, but the updated card (as a new one is issued) will be registered to an account.  (Yet another reason to use a service like Apple Pay or Samsung Pay that does not give your card to the merchant.)

And, in an earlier news article, NPR indicated that you are probably doing your online security all wrong - that IT and security experts place top priority on using a password manager to manage very long, randomly-generated passwords.

So, how do you manage your passwords?  Do you have a handful that you can remember, that you use everywhere?  If so, as the ZDNet Ashley Madison password analysis shows, you are doing it wrong!  Chances are, your password is very easily guessable, even if they don't have access to an unencrypted copy of it.

Why should you care?

  1. America is the single biggest target in the world of cyber attacks.  Why?  We have the money, we are the most known country, and there is a lot of ill will against us for many political or economic reasons.
  2. Each year, about 100 million American identities are hacked and stolen - from online purchase sites, from big stores (you swipe your card at the register, it gets stored in the database, and the database is hacked), and even from the Federal and State governments.  (Do you trust anyone to manage their systems for your security?)  To make matters worse, it may be months or years before a hacked institution even discovers the breach.
  3. As the cost of stolen identities and fraud mount, the brunt of those costs are initially borne by the companies or governments that are hacked - but those costs get baked into the cost of the goods and services, and we end up paying more for them.  Credit cards already have a percentage of fraud built into them - that is going up, and we pay in terms of fees and interest rates.
  4. If your own identity is stolen, the thieves can do a large variety of things.  They can open up accounts as you (cases have emerged where people suddenly got bills for houses they never bought, phone lines they never ordered, and credit cards they never opened).  They can use your card without even physically stealing it - they can create a duplicate.  Your credit history can be ruined, and indeed you may have to spend countless hours, months, or even years fighting in court to fight charges and clear your credit.
If you don't care about these 4 points, then stop reading now.  If you do, then what can you do about it?  Use a password manager.  DO NOT use a spreadsheet or some document, either electronic or written, to store your passwords.  Use an encrypted manager software, like MasterLock's vault, 1Password, or LastPass.  Personally, I prefer the last 2, because they have apps that integrate with Windows, Mac, iOS, and Android - so when you are in an app, you can use the password vault to enter your password.  A few other tips:
  1. Constantly keep up to date on any OS updates.  This is true for your computer, as well as all your devices.
  2. Use AVG Privacy Fix app on your mobile devices to review and tighten your privacy and security settings throughout your social networking apps.  Stop giving games any access to your Facebook or other profile - this is just asking for trouble.
  3. Switch to the password managers (e.g. LastPass or OnePassword), and generate new, random 16-digit or longer passwords for all your accounts.  LastPass has a security challenge analyzer, that analyzes all the stored passwords, and lets you know which ones are used for more than one site (a big no-no), and gives you an overall score you can use to increase your security.
  4. Be very very aware (and wary) of joining WiFi networks
    • Many hackers set up fake WiFi networks that look like real ones.
    • Hackers can also join public WiFi networks, and "sniff" the traffic going across it, to steal wide-open passwords (passwords transmitted as plain text, instead of being encrypted), or even financial data.
    • Typically, many devices show a different icon for a mobile hot spot vs. a permanent WiFi router.  Pay attention to small details like icons.
    • Set your devices to not ask to join available networks.  You should only join if and when you need to, and only the networks that you choose at the time.
    • Review your device and computer joined networks, and delete the ones you think you should never use again.  I will provide a future post showing how to do this.  Meanwhile, e-mail me if you have questions, or post in the comments below.
    • In Windows, you can use the security profiles Home, Work, or Public, to set some sharing options that may help keep you safer.
  5. If you care about your security, make sure to use a secure platform.
    • Apple computers and mobile devices, un-jailbroken, are agreed upon by security experts to be the most secure platforms.  As many recent exposures have shown, Android is the least secure, and Windows has long been known as the biggest target (and therefore least secure) laptop/desktop platform.  The unified operating system across desktop/laptop/tablet/phone for Windows and others, means you increase your exposure to a virus, malware, or exploit because one that targets one device type, makes all vulnerable.  Apple notoriously produces a separate Operating System for each type of device: computer, mobile, automotive, watch, and set-top-box.
    • Apple has the most comprehensive offering across devices, that safely and securely integrates your data and operations across their ecosphere (and many other compatible devices, such as HomeKit-compatible home automation appliances).
    • I cannot recommend any other platform for mobile devices, as I have not yet seen any that measure up.  Unless you want to get Blackberry, but I wouldn't recommend that nowadays.
    • Linux provides an excellent platform for desktop/laptop/server computing, although you may find a lack of support for many end-user software packages, and mobile devices.  For general computing, if you are looking at a Chromebook, then I'd say where do you put your trust - in an Advertising company whose primary income is generated from targeted ads (who develops ChromeOS for free)?  Or in open-source Operating Systems from a reputable company who makes their money from services and premium offerings (ala Canonical)?  Personally, if I were not inclined to get Apple, I would put Linux on a home or business machine.


  1. Hi Jay,

    I'm Eva and I work for AgileBits, the makers of 1Password.

    I wanted to thank you for taking the time to educate your readers on the importance of online security, and for including 1Password in your discussion!

    In this day and age, it is so important that we all use strong and unique passwords for every site that we visit, and password managers can help make it much more convenient to be secure.

    Keep sharing the secure word!

    Eva Schweber
    Good Witch of the Pacific Northwest @ AgileBits