Why Passwords, PINs And Passcodes Are Not Enough To Secure Your Data

As cybercriminals keep updating their methods of targeting vital information, the simple passwords used by most Australian banks aren’t adequately providing the level of security necessary to protect sensitive data.

It’s estimated more than one million Australians have their identity stolen each year at a cost of about $1 billion.

In a bid to provide secure solution for people, as well as removing the need for multiple security questions, IBM has introduced Behavioural Biometrics technology, as well as an advanced Mobile Authentication capability.

This new technology monitors the unique behaviours of each customer, such as clicks on specific links or the mouse moving at a certain speed. When something is done differently, the system can then react by engaging with the user on the mobile device to ensure that it is them performing the transaction.

Chris Hockings, Executive Security Technologist at IBM Australia and New Zealand explains why passwords, PINS and passcodes are not enough to secure your data.

“Cyber crooks are now using advanced social tactics to trick people into sharing personal details that give them access to the very passwords and security questions that are meant to protect consumers,” Hockings says.

“For example, a hacker can send an email appearing to be from a victim’s friend encouraging them to click on a malicious link or open a malware document. Attackers even use details from social media to disguise their emails with personal information about the victim so the email seems legitimate.”

We’re well used to the PINs and passwords and security questions used to help secure our accounts, but many of these can be easily exposed. To IBM X-Force data, nearly 20 million financial records were breached in 2015 alone.

“We’re entering the age of biometrics, which are now being used with tokens and passwords as a way to strengthen login processes. We’re all familiar with fingerprint authentication to access your phone. Biometric authentication combined with a password validates a user with what they are (e.g. fingerprint or voice) and what they know (password). A new layer of authentication is being introduced – Behavioural Biometrics technology, which looks at your behaviour such as mouse clicks and hovering to build a profile of your typical online behaviour; user validation by what you do,” Hockings says.

“If we look at something as simple as a mouse – this tiny device is able to provide more than 120 behaviour indicators. The technology actually understands if a user is the true owner of an account or could possibly be a fraudster. Although attackers are able to mirror passwords, it is very hard for them to replicate what people do and their fingerprints or voice.”

While there are several Australian banks and online services currently rolling out this technology, as a consumer, what do we need to do to make sure we’re protected when shopping online?

Hocking’s Tips:

1. Don’t get lazy – have a strong, complex password that is hard to imitate and repeat.
2. Review bank and credit card statements for strange activity. Don’t just be on the lookout for high price transfers or purchases. Many criminals will first try a very low value to verify the accuracy of the stolen data, and check that the account is still ‘alive’ by adding more pricey values later.
3. Only use trusted Wi-Fi connections – Hackers love using fake Wi-Fi access points that directly connect you to their device to take out attacks. If you’re in a public place, resist the urge to connect to free / public Wi-Fi before checking it’s trustworthy. Sometimes it’s better just to use mobile data to perform valuable transactions.
4. If possible, use a VPN – On your mobile phone or other connected devices, use a VPN when possible, as this means your data will be encrypted and safe from cyber scammers.
5. If you’re worried you’ve been hacked, act fast, and report lost or stolen devices or card data as soon as possible.
6. Secure your home Wi-Fi – with each new device that’s connected to it, the greater the attack surface for a hacker.