Gone are the days of safe deposit boxes and padlocked filing cabinets full of personal documents. Today, our increasingly digital world means information and possessions that were previously physical are now much more likely to be stored online. In fact, a 2015 study found that 42% of respondents created more than 50 new personal profiles a year, and in doing so, uploaded a lot of personal information for safekeeping on the internet.
This digital revolution inevitably comes with risks: scams and hacking have become more commonplace with perpetrators using ever-more-sophisticated methods.
Hack = when someone gains unauthorised access to your personal information or accounts.
Scam = when someone tries to trick you into sharing sensitive information or funds.
Citizens Advice reported in 2018 that “almost three quarters of us has been targeted by scammers in the past two years and one in 10 know someone who’s lost money to fraud”. According to TeleSign, an estimated two out of five people with online accounts have already experienced a hack of some description (to those that have been hacked, this number might feel surprisingly low!).
The consequences of scamming and hacking can be devastating. The theft of money, identity or other assets causes massive inconvenience and financial loss. With such high stakes, simple passwords should not be the sole protectors of online assets. Banks, insurers, cloud applications and eCommerce stores have all had to increase and diversify their security measures to keep their customers safe.
The memory game
Memorable words, in addition to a password or PIN, are an effective way to add an extra layer of protection. It’s why it’s something we’ve recently implemented here at Wirex. User-generated, they often have to comply with specific requirements regarding the length of word or character types required. Users are then asked to verify one or more characters of the word – “what’s the fourth letter of your memorable word?” – along with a combination of other security information, such as their password or PIN, to confirm their identity and successfully log in to their account.
When it comes to choosing a memorable word, our advice is to choose something personal enough that only you could know it, and, as with all security advice, not to use the same word or characters across multiple platforms.
One for the money, 2FA for the show
Two-factor or multi-factor authentication (2FA), is another feature used to enhance user security. The idea is to confirm the user’s identity via something they know, like a PIN, and something they possess, such as a bank card or phone. The process of withdrawing cash from an ATM with a card and PIN is an early example of two-factor authentication.
In later iterations, banks initiated the use of hard tokens (often in the form of card readers or secure keys) to enable users to access online banking. This method required customers to enter stage one security info, such as a username and password, on the site and then enter a unique code generated by the reader. While effective, many found the need to always have the hard token in their possession annoying.
Nowadays, many online platforms including Google, Slack and WordPress use mobile phone authorisation as the second step in two-factor authentication. This is a much more user-friendly solution, given that most people normally have their mobile phone close at hand.
When 2FA is set up, users can either opt to generate an access code via text message, phone call, an authentication app like Authy or Google Authenticator, or use hardware such as a USB security key.
2FA demonstrably helps keeps user accounts more secure. However, a Google security engineer revealed at a recent conference that not even 10% of Google users have it in place. Considering 8 out of 10 of those surveyed in the TeleSign research are concerned about being hacked and 7 out of 10 don’t trust passwords alone to protect them online, the low levels of adoption are surprising.
Built-in blockchain barricades
The advent of cryptocurrency has created a whole new world of online finance and inevitably, brand new hunting grounds for determined hackers. Luckily, the nature of crypto’s underlying blockchain tech makes it intrinsically more secure than traditional currency.
Once purchased, cryptocurrencies such as Bitcoin, XRP and Ethereum are stored on the blockchain in virtual wallets. To provide extra security, multi-signature wallets have become a standard protocol. That means that every person who owns cryptocurrency has their own address and key, which are used to receive funds. Multiple keys are required to send or receive money, and they are held by either individuals, businesses or pre-programmed scripts. This makes funds much more difficult to steal because keys are spread across locations and devices, with the likelihood of a hacker or malware gaining access to them low. This is a more secure alternative to single-signature transactions that only require one “signature” or key, and therefore the cooperation of just one party, to complete a fund transfer.
At Wirex, the security of our customers is our top priority, which is why we’ve enabled all of these protocols documented above across our platform. You can read more about our top-notch security features on our Security page.
What can you do?
While features like 2FA and memorable words play a key role in keeping your data and online possessions safe, there are steps you should take to do the same.
Passwords should be complex and changed regularly
This one is straightforward: when setting a password, don’t go for the obvious like your place of birth, nickname or pet. Choose something complex, which is a mixture of letters, numbers and special characters, and ensure you change it regularly. Most importantly, don’t use the same password across multiple sites – if a hacker gains access to a password they then have access to all your online assets and data. If you’re asked if you want to save the password on your computer, make sure you only do so on your own device, and not one that multiple people have access to (and even then, be mindful of who you lend your devices to).
Make use of extra layers of security
Passwords aren’t infallible. Do your research, and if your bank or service provider offers additional-but-optional security measures, use them. 2FA is the most common form of protection – use it, it will give you extra peace of mind. It ensures that if someone does guess your password, there’s still another layer of security to crack and only you will have access to that.
Use a password manager
Password managers such as LastPass allow you to store complex computer-generated passwords for each site or platform, which you access using a single password. It saves you having to remember multiple, difficult passwords and means that your individual accounts are protected by a random (and difficult to guess) password.
Ready to level-up your digital security? If you haven’t already, activate 2FA on your Wirex account.