Wednesday, 23 October 2019

A spat between two English football WAGs (wives and girlfriends) has put a spotlight on digital attribution and the need to protect our online identities.

 
If you are not aware the messy details of the tabloid dispute, lucky you! In essence, a WAG has been accused of leaking Instagram posts of another WAG and the accused has hired forensic computer experts to identify who may have ‘unlawfully’ accessed her Instagram account.
 
Regardless of the outcome of the computer investigation, if the account had been properly protected in the first place then no investigation would be required.
 
To some, our digital identities are becoming more important than our real life identities. Our online personas reach more people and have the potential to therefore cause irreparable social and possible financial harm if they are hijacked.
 
Two factor authentication (2FA), also described as multi factor authentication (MFA), is a very easy and powerful way of locking down online accounts (including bank accounts) and preventing the hijacking of your digital identify. It's simply something you know (your password) and something you have (like your phone). It's as simple as logging into your account and using your phone or other device to retrieve a onetime use PIN number.
 
That means if somebody should shoulder surf you as you are entering a password at the coffee shop, fear not, they don’t have your phone to retrieve the PIN.
 
Google data reveals multi-factor login challenges to Google mail accounts blocked 100 per cent of automated attacks and 94 per cent of hijacking attempts.
 
While banks have used 2FA for many years – initially with the use of dongles or fobs, it has only recently become available across social media. The extra layer of security is particularly valuable in protecting accounts with weak passwords.
 
However, don’t make your digital assets irretrievable should tragedy befall you!

Entrusting a third party with accounts, password and 2FA details is sensible, in the same way we set down to write a will. I think we all need to have some kind of key escrow service, even if it’s your partner or lawyer – somebody can get it so they can access the keys you’ve been protecting.
 
A case in point is Canada’s Gerald Cotten, chief executive of cryptocurrency exchange QuadrigaCX, who died suddenly while travelling in India last December. Cotten’s $9.6 million cryptocurrency fortune will be shared among his loved ones, but the 115,000 QuadrigaCX investors say they have been left high and dry because Cotten was allegedly the only person with the access to cryptocurrency wallets, home to more than $140 million in cryptocurrencies.
 
Most organisations have processes to help families access funds from a deceased user’s account, however, not all will provide passwords or logins.
 
Forensic computer experts can be used if all else fails to either attempt to ‘hack’ the user password, finding other means by which to identify the password or by examining computers file systems for the relevant account information or documents, photos and other data of importance.
 
So had the accused WAG enabled tighter security then maybe she could have avoided being accused of leaking private data. The lesson here is, you should enable tighter security such as 2FA, but consider who you would trust to access these secure accounts should someone else need to access them when you can’t.