LGSS Digital Blog
Service design for local government
Why you’re probably going to have your identity stolen and one simple step to help you protect yourself
We all have accounts online, whether that’s an email account, Facebook page or an Instagram account and even ordering through Amazon. These accounts hold information about you, me, all of us.
But how difficult is it to hack into an account? And what could it mean if that happens?
Let’s consider logging into Gmail from Google. You have to enter an email address and a password. The email address tells Google which account you want to access. The password checks to see if you’re allowed access.
Get the password right, you’re in, get it wrong, you’re not.
The problem is that most passwords are easy to guess. But I don’t mean typing guess after guess until someone gets it right.
Think of it this way… computers are really fast at computing stuff. Clue’s in the name, right?
A study of most common passwords in 2017 revealed that the average user chooses a password that is either; less than 8 characters in length or has some sort of memorable information in it. That’s without even mentioning those that are still using password as their password. Don’t do it people.
Hackers use the combination of fast computers and user behaviour as an opportunity to get access to a user’s account. One way of doing this is known as a ‘brute force attack.’
Simply put, a brute force attack uses a computer program to generate millions of passwords and attempt to log in using each one. It does this really, really fast.
To give you an idea of how fast; if your password was a date of birth separated by full stops, like ‘01.02.1970’, it would take a hacker just 13 seconds to crack. That’s how fast.
If a hacker gets into even one of your online accounts, the impact on your identity could be severe. For example, if a hacker gets into your email account they can request new passwords for your Amazon account, Facebook, Instagram… literally anywhere that you’re using that email address.
The problem just snowballs from there.
James Bond eyeball scans are a type of second factor authentication
Thankfully, more and more websites offer something called Two-Factor Authentication. It’s a fancy tech term for a straight-forward concept.
Two-factor authentication means adding a second check before you’re allowed access to an account.
Typically this is either:
1. Something you know, like another password or your mother’s maiden name
2. Something you have, like your phone or little card reader thingy your bank gives you
3. Something you are, like fingerprints or James Bond style eyeball scans
In the case of our logging into Gmail example, you have to enter an email address and a password. The email address tells Gmail which account you want to access. The password is used to check to see if you’re allowed access to that account.
The password in this case is the first ‘factor’. By switching on two-factor authentication to protect your account, Gmail will send a special code to your phone each time you log in. This is the second ‘factor.’
Get the password right and enter the code correctly and you’re in, get either wrong, you’re not.
The simple step of adding two-factor authentication to your online accounts can help secure your identity far better than a password alone.
You can protect yourself by adding two-factor authentication to your accounts and to help you along the way, here’s a few links to help you get set up with the most common accounts:
We’re working hard to help public services protect their data, whilst making sure the user experience is as frictionless as possible.