The views of this article are the perspective of the author and may not be reflective of Confessions of the Professions.
Use Extra Layers of Security
Several months ago, I received an email that my Amazon account password had changed, but I had not been the one to change it. In a panic, I went to the main site, not through the link in the email, in order to avoid possible phishing, but through Amazon.com by typing in the URL in the address bar. However, it appeared that the email was legitimately from Amazon in every way. Prior to this email, I normally do not keep anything in Amazon, but after the holidays, I had received several gift cards, and wanted to not lose them, so I entered all the gift cards into the system, so that I could later use them. I logged into my account, looked around, and it appeared nothing had been changed, except for the fact that all of my gift card money, in the amount of $80, was missing.
In order to cover up their tracks, they deleted all of my 2016 buying record history. I contacted Amazon via phone immediately and explained to them the situation, stating to them the last thing I bought and when it was shipped. Everything after that purchase was not approved. While I could not directly see any information about the person or what they bought, I somehow managed to find logs regarding recent activity of gift cards and they had bought some perfume. How they managed to ship it to another address is beyond me, and a security feature lacking in Amazon, if they had noticed an address change, and did not manage to question it.
That is when I learned about Amazon’s two-factor authentication feature. Most companies now have this, especially when it has to do with payment. Google and Paypal are two other companies that now offer this type of security layer. What is the multi-factor or two-step factor authentication? It is the way a system identifies you beyond just your username and password. What is the best way to identify you? Through your email or your phone number, which you probably have by your side right now. An email address is somewhat reliable, as someone can hack into your account as well and grab the email. However, the phone is the ultimate security feature. If you have your phone, you are the only one who has it.
Instead of just being able to log in or guess a password, before you can login, the system sends you a unique 5-8 digit number code. Sometimes the code might be more or less digits, but for the most part, it contains a number within that range. Occasionally, you might find alphanumeric characters as well. You then must enter this code into the website in order to gain access to the website. For Amazon, you can choose to have your specific device remembered so you do not have to keep verifying with a code, or you can choose to receive a code every time. This will stop hackers from doing anything on your account completely, even if they manage to guess your username and password.
I have since enabled a two-step or multi-factor authentication process for everything I use including Paypal, my bank, and applications I use on Google. This gives me the extra security layers that allow me to feel comfortable. With the upsurge of hacked accounts and passwords from major social media networks and other corporations, it is the only way to guarantee your safety. A bot on the Internet trying to hack into a system using usernames and passwords can perform millions of attempts per hour, giving it the advantage, as it never needs a break.
There bots at work every second of every day, trying to hack into social media accounts. Easy passwords, which means any word that can be found in an English dictionary, are the first to be guessed within hours, and that is the ultimate breach of security. The other way passwords are easily guessed are that most people use the same password for every network. For example, people who use LinkedIn, Facebook, and Twitter likely use the same exact password for all the networks, and with that, they are probably using the same email address. Thus, it is likely the account is going to be hacked easily on all those networks.
The best way to deal with this is by signing up with an email address created specifically for the LinkedIn or Facebook or Twitter account, rather than your primary email address. The same thing can be said of Paypal, Amazon, Google Wallet, and any other services that you might use. Passwords for all the networks should be something that you would know, but that no one else can guess. Adding case sensitive passwords such as every even or odd letter being capitalized, and adding symbols with the password make it much harder to guess.
How Secure Is My Password is a website that will tell you how long it takes to guess your password. If it takes less than a few thousand years to guess your password, you should probably change it. Storing your password online is probably also something you should never do, though there are plenty of secure websites that have arisen to store passwords, so you can have a central area where you can view your passwords. This is something I do not recommend using, but you are welcome to sign up for an account at one of those places at your own discretion. However, those places are just as likely to get hack attempts on the site itself, as well as your account.
If you are a software engineer, or a company that stores any type of personal information: before you enter anything into a database, you should adopt the practice to not rely just on the encryption methods of the database itself, but to store the information in the database as encrypted. For example, before you write to your database, encrypt the data beforehand, and then store it in the database. You can un-encrypt it after you grab the information out of the database. This will offer double-encryption methods so that even if someone managed to guess your SQL host URL, guess the admin and password, the information will not be readable, as it is encrypted. This will guarantee your users an extra layer of security as well.
Privacy on the Internet is important should not to be taken lightly and as technology advances and hackers are getting more clever, including hackers within our own governments, who are spying on “the Internet”. information is extremely sensitive and needs to be protected at all costs. As far as being the end-user, you must take things into your own hands and rely on any additional security measures that these services offer. If they offer two-step or multi-step authorization, than take advantage of it. Anything that gets sent to your phone is much more secure than just logging in with a username and password.
As far as my Amazon story goes, Amazon investigated and determined that my account had been breached and they fully reimbursed me for the missing money. While the fault was not fully my own, at the time, LinkedIn had millions of usernames and passwords stolen, and it just so happened that my email address and password matched that of Amazon. Amazon knew this was a possibility, and fortunately, they were very accommodating and understanding. Since then, I went through all of my accounts, both social media and non-social media, and changed all passwords so that none of them match. This adds yet another layer of security to all of your accounts. I highly recommend that you do the same to protect your privacy and information on the Internet.