By Larry Velez, CTO and co-founder
In today’s society, we are used to giving up our identity in exchange for services like looking up an old classmate on Classmates.com, or to connect with each other via social media platforms such as Facebook, or for convenient services, including making one-click payments via PayPal. But, when you look at the majority of the security threats, they are related to stealing the personal data revealed in online identities.
So, how do you begin understanding your online identity? Dick Hardt has been in the forefront of digital identity for the past decade. Hardt founded Sxip Identity in 2003 where he promoted next generation Internet identity technology, and in 2008, he joined Microsoft to work on consumer, enterprise and government identity problems for a few years. In a keynote presentation at the O’Reilly Open Source Convention nearly a decade ago, Hardt defines identity and the issues facing digital identity which still hold true today: “Identity is what I say about me. It’s what others say about me.” He continues by explaining how, in the non-digital world, we have standard credentials from authorized sources that prove who we are – documents such as passports, driver’s licenses, social security cards.
In the digital world, there is no one, trusted source to verify who we are, so we fill in the same information at dozens of different sites. Each different site that gathers and verifies our info does it in a silo. The process is closed and complex with each site checking a directory of information and making a decision about whether we are who we say we are. While there is progress toward what Hardt calls Identity 2.0 –a centralized verification source that is “open and simple” where we have verified proof of identity that can be taken from site to site – but we are not there yet.
So, what should we while we wait for technology and policies around digital identity to catch up?
I think it’s important for everyone to begin to identify and keep track of all of the identities they have because each one is a potential source of risk for identity theft.
You may want to start the process of understanding your online identity by doing an online search of yourself and see what comes up. Is there an old Myspace account with your info still kicking around the Web? If so, get rid of it and those other online accounts you no longer use to minimize your digital footprint. Each old email, unused online banking account, or social media profile has personal data that exposes you to risk of identity theft.
On the other hand, there are dozens of accounts with our personal data we want to continue to use, so how do we minimize risk on those accounts?
TechRepublic's Dan Patterson and Brandon Vigliarolo go as far as suggesting you enter false birthdates, addresses, or phone numbers when signing up for services that don't really need that data. That may work for some people and some online services, but it won’t work for many, so here are a few quick tips to help mitigate the risk of exposing your personal data:
- Use strong passwords – or preferably passphrases – and use a different one for each account
- Use two-factor authentication whenever possible using a trusted device you will likely have on you like your smartphone
- Avoid social questions as security questions for authentication – it is easy to find out the city you were born in or what your high school mascot was from your Facebook page
- Watch out for phishing or other malicious emails – learn how to recognize them so you don’t get tricked into giving out personal information (see Sinu blog What are spoof emails? How do you avoid them? for more info)
- Use a secure Wi-Fi networks and avoid any transactions when using public Wi-Fi
- Exclude important personal information from your public social media profiles and allow “friends only” to see your posts – while Facebook may have collect that information, you don’t need the world to see it too!
- Shop only secure and reputable sites – look for the ‘s’ in https:// (vs. just http://) which uses extra, separate security protocols when transferring online data
- Use a credit card rather than a debit card for online transactions so if you do become a victim of credit card fraud, the law limits your liability to $50 (you don't have this protection with debit cards—they work like paying cash)
While we wait for a “simple and open” solution to authenticating ourselves online, it is critical we begin understanding our online identity by inventorying our identities and be intentional –
and maybe even a bit compulsive – about taking steps to protect our personal data.
For additional data security tips, see our blog, Data Security: Steps you can take today to protect your data.