Not so long ago, a virus was something that gave you a fever, spam was sandwich meat, hacking was what you did to a tree and phishing was a bad spelling of the process of catching fish. Nowadays, that isn’t the case; these are all part of a much broader range of types of attacks on computer systems.
Cybersecurity is not something that only computer boffins need to worry about, as more and more devices connect to the internet and as our lives become ever more digitized, protecting our digital lives is becoming a daily necessity. Gibraltar’s first Cyber Security Summit was held last spring to help businesses and residents learn of the importance of digital security and how to keep themselves protected. The summit returns for 2018, held at the University of Gibraltar on September 26th.
A Brief History of Cybersecurity
There was a time when all that was needed was a password to keep the bad guys out of your online accounts and computer systems. However, as tools to crack passwords became more sophisticated and the information that we needed to protect became more sensitive, passwords had to be made more complicated. Gone are the days of Password1 being sufficient. Now, you needed something more like &Gv3K#8p, but can you remember that?
A better solution was needed, and quickly two-factor security was introduced. Your “key” stopped being only something you know (your password) but was also something that you have (a device like a security token or your mobile phone). The rollout began slowly, with mainly banks and corporate IT systems getting two-factor security systems around 10 years ago. Fast forward to the present day, and you’ll now find two-factor security on everything, from your emails to your Snapchat account.
There are many systems out there, though generally, you can’t choose which system to use; that’s mainly up to the company whose service you’re using. However, here are some more common systems you’ll be likely to come across.
Arguably the leader on the two-factor security scene, Google Authenticator (or other compatible services) usually operate from an app on your phone and display a rotating set of 6-digit numbers, changing every 30 seconds. After signing in with your password, you’ll be asked to enter the code from the app. These codes are time-sensitive, so if someone manages to see it, it won’t work the next time. You will find most websites with which you have accounts, will now allow you to enable Google Authenticator for two-factor security, these include Facebook, Google, Twitter, Amazon, Dropbox, Evernote, Microsoft, Yahoo, and Reddit.
Unlike Google Authenticator, YubiKey is a device that plugs into your computer or phone to provide you with a one-time password. These one-time passwords are similar to the 6-digit numbers generated by Google Authenticator but are much longer, and you never need to see what they are. The big difference here is YubiKey is a separate device that can be kept on a key ring, and you’re not reliant on your phone battery. The downside is that it is not used as widely as Google Authenticator. YubiKey can be used to sign in to Google services, Dropbox, GitHub and Twitter as well as some password managers like LastPass and KeePass. It can also be used to provide two-factor protection to Windows, Mac and Linux computers.
Another two-factor security system is RSA SecurID, a device that generates two-factor security codes to allow users to log in securely. RSA is used by many organizations across a variety of industries, including the Hong Leong Bank, PokerStars and Dell Computers. The numbers generated by RSA SecurID look similar to those from Google Authenticator but are generated differently. RSA SecurID provides features that make it better suited to larger organizations.
As technology moves on, and more and more critical information is stored online, increased security is a necessity. Two-factor security is only one part of this and should form part of a broader package of security measures to protect your data.