With Microsoft now phasing out passwords to focus on multi factor authentication.

https://www.cnbc.com/2019/05/01/microsoft-ciso-bret-arsenault-wants-to-eliminate-passwords.html

Having a 2FA approach is better, the password is the lock on the door and the 2FA is the deadbolt to your house. They make would be intruders look to see if the house next door is an easier target, but a determined person can still brake in (brick through the glass window).

Password Manager

Password managers (analogue or digital) help prevent casual hackers, but not a sophisticated attack. Heck, the hackers don’t even need passwords to access our individual accounts. They just break into the databases that store the information (Sony, Target, USA Federal Government).

If you compare your home to your online presence, you should be vigilant for out of place items. Sure Facebook changes all the time, but you should still keep an eye out for things that don’t make sense. Some examples are, a new friend you don’t remember or, being added to a group you don’t remember joining. Facebook actually warns you about suspicious access, but people too often ignore those email messages as spam. Phishing attempts try to mimic legitimate websites, but usually there’s a “tell”. Something isn’t right, but too often you ignore it because you’re busy.

If anything looks ‘iffy’ you may open the door, shout ‘hello’ and have a quick look around or more probably and being smart – call in the police and ask them to look.

Online Identity

Online, it is different. The problem is how to comprehend what is occurring – somebody phishing or a legitimate security issue. The best way is to change your password if something looks out of place. With the link in the phishing email, don’t follow the link, the best case if you do is to confirm your email account, worse would be to inadvertently download software onto your pc after that the sky’s the limit. Treat it like a call claiming to be from the credit card company and wanting your private information.

Every time you create an online account, you put your digital identity slightly more at risk. Unless you are sure that you’re going to buy from a company again, use the guest checkout. The fewer databases you’re on, the less you put your identity at risk. Sure, you’ll always need some accounts, but being mindful of whether you need to create an account each time should help.

Take a Lesson From the Credit Card Companies

Credit companies monitor your behaviour, they look at our buying patterns and the location of where you are if you are using the card. They know you cant purchase petrol at a garage in one country whilst buying a suit in another, that is where their systems know our behaviours.

Google for example, offers alerts from foreign IP (computer address). If my phone or laptop or other devices are all in Ireland, then I should be notified if my account is accessed some other country.  At the very least, technology companies should ask me a few additional questions before they assume I’m who I say I am. This gatekeeping is especially needed for Google, Apple, and Facebook accounts, they give warnings for unusual activity, but they are usually just a warning and not protection. My credit card company says no to the transaction until they verify who I am. They just don’t say “Hey…thought you should know”. My online accounts shouldn’t warn, they should block for unusual activity

Setting up Accounts

When you’re setting up an account, companies ask you for your school name, pet, teacher or other stuff that may be used in the event of a lockout or forgotten password.

There should be better forms of protection – biometric

GPS Location. If you are based in one country, then the systems should have the ability to recognise that logging in from another country is a flag and should request verification.

Face Recognition, most modern smart phones now have face recognition built in. This is useful as it is difficult to replicate (forget mission impossible films) for most people.

Voice Recognition, similar to face, our voice is unique, apart from when we lose it (a cold) or other medical aliments.

Biometric – face, iris, finger, and voice can be a candidate for replacing passwords and or at least a factor to protect your identity.

In Summary

Again as I commented above, every time you create an online account, you put your digital identity slightly more at risk. These databases are targeted and breached, and the lesser ones you may never know that they have been breached or mentioned in the media. Your identity can be compromised with out knowing. Until technology fully frees us from passwords, a little due diligence can prevent or at least, contain, the inevitable security breaches.