Convenience is the enemy when it comes to staying safe online. That’s why a nonprofit organization was spreading news in Hartford Monday about online password safety and two-step authorization.
Two-step authentication is available on many websites, but not all. It asks users to enter not only their password, but another frequently changing code that is sent directly to an individual’s mobile phone via text message in order to guarantee the user is who they say they are.
Kristen Judge of the National Cyber Security Alliance, which organized Monday’s gathering at the Connecticut Science Center, said if someone gets your username and password they can look just like you online and you may not even know they are there.
The first step to protecting yourself online is to create a difficult password. In 2013 and 2014 the top two passwords were “123456” and “password.”
After being hacked herself, Judge said she started using the two-step authentication process on Paypal. That means when she signs into her Paypal account to purchase something she receives a code that’s sent to her phone and when she enters the code it gives her account permission to release the funds to the vendor.
Email providers like Gmail, Outlook, and Yahoo! provide two-step authorization. Also social networks like Facebook, Twitter, and LinkedIn have two-step verification for their users. Tutorials on how to sign up for two-step verification with these websites are online.
John Chandy, associate professor and associated head of the Electrical Engineering Department at the University of Connecticut, said a lot of accounts are broken into through “social engineering.” For example, that’s how 2008 vice presidential candidate Sarah Palin’s email account was hacked.
The hacker obtained access to Palin’s account by looking up biographical details such as her high school and birthdate and using Yahoo!‘s account recovery for forgotten passwords.
But getting people to pay to proactively protect themselves online is like “forcing people to get insurance,” Chandy said. “You never think you need it.”
He said even when it does happen “you never think you have anything worth stealing,” but people would be surprised at how much of their personal and financial information is online.
A Pew Research Center study published last year suggested 21 percent of Internet users who are 18 years and older have had a social media or email account compromised. Only 23 percent of the user believed their accounts were secure.
Chandy said the two-step verification on all of these websites is “disabled by default.”
“It is somewhat an inconvenience,” Chandy said. “But you have to put up with a little inconvenience to get better security.”
William Efron, director of the Northeast Region Federal Trade Commission, said consumer data is at risk.
“There are hackers and others out there who are trying to exploit vulnerabilities and steal consumers information,” Efron said.
He said two-step verification is something they recommend consumers use as much as possible because it can mitigate the risk of some of the large data breaches.
The National Cyber Security Alliance is going on a 10 city tour in order to spread the word about the two-step verification process and how important it is for consumers to protect themselves online.