Don't let convenience trump security
Published 02/09/2014 | 02:30
Is the Jennifer Lawrence photo-hacking episode a case of 'there but for the grace of God go I?' How vulnerable is the information we store or share on web-based services such as iCloud, Dropbox and Gmail?
It is not yet clear from where the latest batch of hacked celebrity photos were stolen.
But anyone trying to chalk this up to an isolated incident is surely missing one basic point about our online accounts: many are easily hackable.
This is because convenience, not security, guides our governance of personal internet services.
It's not just that most of us use the same password for several online accounts. And it's not that large hacking attacks on services we all use (such as eBay) don't make us change our passwords, therefore making it easier to hack our other accounts.
It's that even when we're offered a more secure way of protecting our accounts, we don't take advantage of it.
For example, many services - including Gmail and Twitter - offer what is called 'two-factor authentication'. This is where you add an extra security step to the process of logging in to better protect your account. In the offline world, an example would be your ATM card: you need a combination of the physical card and a code to get money.
In the online world, two-factor authentication typically involves your mobile phone number. Any time you want to log in to your account, you have to wait to get a text with a randomly generated security code which must be entered, in addition to your username and password, to access the service. It takes a bit more time than simply entering a username and password. But this extra minute (or so) is enough to put people off using it.
The lesson? Convenience apparently trumps security for ordinary people, just as it often beats privacy.
Will things get better any time soon? Interestingly, Irish companies are to the fore of technology that could prevent this kind of thing happening. A Waterford-based start-up called Sedicii has developed a system that allows online logins without the password being stored online. Meanwhile Cork-based Trustev is working on an alternative system that cuts out fraudulent access to personal and corporate accounts.
But there are some things for which only we ourselves can really take responsibility. If you are using the same password for several online accounts, change it now.