Eller Expert on Six Ways to Protect Your Online Identity

Oct. 11, 2016
Phone security


Three bicycles are left overnight at a bike rack, two locked with steel u-locks and one with a cable chain. With two minutes and a pair of $15 bolt cutters, a thief plucks the cable-chained bike from the rack and disappears into the night, only to sell the stolen bike the next day.

The bicycle thief and those who steal assets online have at least one thing in common: They go for the low-hanging fruit. When it comes to theft online, "you're only protected by other, easier victims," says Hsinchun Chen, Regents Professor of management information systems at the Eller College.

Chen is leading a $5.4 million National Science Foundation project called "Hacker Web" to explore international hacker communities, including those in Russia, China and the United States. He also teaches courses in the cybersecurity graduate program, part of Eller's Department of Management Information Systems, which U.S. News & World Report ranked first in the nation among public undergraduate and graduate programs.

After 27 years of research in cybersecurity, Chen knows "you are only as strong as your weakest link." He offered six simple ways to make yourself less vulnerable online:

1. Use multi-factor authentication.

Multi-factor authentication, or MFA, makes it tougher for hackers to gain access to personal information and assets online by requiring users to supply two or more pieces of evidence that they're the owner of an account. ATMs have been doing this for years — withdrawing money requires both a physical card and a PIN — but MFA has become a widely offered security option.

Apple and Twitter offer two-step authentication to protect bank account information users provide to the Kimoji app and make sure Twitter remains only an account of a person's best Sunday brunches — not direct messages from bot imposters.

2. Use fingerprints instead of passwords.

This is currently an option with newer iPhones or with various mobile banking accounts. If a person can use a fingerprint instead of a password, do it, Chen says: "Faking a fingerprint using other devices is possible but takes more effort than (stealing) a password. A fingerprint is more trouble, and there's so many other, lower-hanging fruits."

3. Have multiple passwords, and change them often.

If you're still using "password" to log in to your computer, you may be beyond help. While most already know that it is a good idea to mix capital letters and lower case, special characters and numbers in passwords, people don't change these passwords often enough. Change your passwords every few months, and use different passwords for different accounts.

4. Update antivirus protection software frequently.

Simple as that.

5. Use just one trusted computer for banking and shopping.

"With convenience, there's a price to pay," Chen says. "Don't just log on willy-nilly." Specifically, Chen suggests that using just one secure computer for online banking and shopping is the way to go. If you can avoid doing these things on your smartphone, you should, he adds, because they're even more vulnerable to hacking.

6. Muddy the waters.

"Increasingly, you have to think about disguising your identity on the internet," Chen says. "Use multiple email addresses because then you cloud the entire space for your protection."

How so? It's much easier to mine for gold if chunks of it are readily available in a single location than if it's spread across hundreds of miles in trace amounts. The same goes for data mining.

"If you have several email addresses and your identity is all mixed up," Chen says, hackers "can't do data mining of you as easily. When there's more noise in the data, the mining is harder."