Protecting personal identities in an increasingly digital world

by Ken Pang, Chief Technology Officer at Content Security

With a growing proportion of modern life being conducted online, the use of digital identities has never been more important and widespread. Used for everything from internet banking and shopping to email and social media sites, digital IDs have become essential items.

However, while they play an important role, digital IDs also come with risks. Should they become insecure or stolen, there can be significant ramifications in the physical world.

Risks are occurring because many digital IDs are tied too closely to the physical identity of the person who created them. As a result, problems can occur if a company or service where the ID is used is breached and those personal details are compromised.

For example, consumers often establish a digital ID with a company by providing details such as their name, date of birth, physical address and mother's maiden name. Because the same details tend to be used by many companies, if those details are stolen they can readily be used to establish fake digital IDs in other locations.

Similar challenges can occur within businesses. Many companies create a series of digital IDs for their employees to enable them to access applications and data stores. These could range from log-ins for the corporate intranet to access to cloud-based services such as hosted email and CRM systems. 

Security of these corporate IDs, and the systems they are used to access, can be compromised in a number of ways. If a staff member leaves an organisation and their digital IDs are not disabled or deleted, they could retain access for an extended period. Also, if a staff member's digital IDs are similar across a range of different applications, if stolen they can provide a hacker with access to multiple areas within the company.

Tips to avoid digital ID theft

There are a number of ways in which people can reduce the likelihood of their personal details being compromised. They include:

  • Remaining anonymous: In Australia it is perfectly legal to use pseudonymity when creating online IDs although it’s obviously not legal to deal with certain organisations, such as government departments and loan organisations, psudeononymously.  This means there is no requirement to actually provide real personal details in the first place when dealing with companies. This, in turn, means there is less chance of real details being compromised.  The next time you have to create an online digital IT, consider using details that differ from your own.
  • Using ID federation: Rather than setting up dozens of digital IDs with different services and retailers, consider using a federated ID service such as those provided by Google or Facebook. Your key personal details then remain secure with only a small portion being shared with each new site. This means that, if that site is compromised by a hacker, the amount of your personal data that can be stolen is significantly reduced.
  • Federation in the workplace: A similar approach can be used by companies to limit the number of digital IDs staff require to access various systems and services in the workplace. A single ID can be federated across multiple services while personal details remain securely stored in a single location. This also reduces the need for staff to remember and manage large numbers of different login and password combinations, further adding to overall security.  
  • Use password managers: These services generate highly secure passwords for multiple services which are controlled through the use of a single master password held by the user. Examples include LastPass, Dashlane and True Key which each offer the facility for an annual fee.   Deployed effectively, they can assist in keeping digital IDs secure. Users can quickly change the passwords being used across multiple sites to maintain the best possible security at all times.

Taking such steps to secure digital IDs, and the personal details associated with them, will become more important as they are used in ever-increasing ways. This importance will grow further as use of biometric data becomes part of the identity mix. Keeping details such as finger, voice and face prints secure will be vital.

By taking steps such as those outlined, users can take advantage of the benefits of online services without risking the compromise of their physical lives.

Tags cyber attacksdigital identityContent Security Pty Ltdbiometric data

Show Comments