If there is one saying in the cybersecurity world that is true, it is the quote by the American mathematician, Professor John Paulos that, “Uncertainty is the only certainty there is, and knowing how to live with insecurity is the only security”.
Over the past few months we have seen an increase in cyberattacks by financially motivated criminals, with identity theft high on the list.
Research by TransUnion showed that 11% of South African consumers have been a victim of identity theft. When gaining access to vital personal information such as an identity number, it is relatively easy for a cybercriminal to acquire a credit card in your name, withdraw money from your bank account, or open a cellphone account and running up tens of thousands of rand in your name.
Although we may never be 100% secure against identity theft, there are some actions that people can take to safeguard their personal identity in the digital environment, such as:
– The use of strong passwords.
– Changing passwords regularly and refraining from reusing any password.
– Using two-factor authentication (2FA).
– Refraining to respond to unsolicited SMS or email messages requesting personal details. Typical phishing examples are “click here to reset your password” or “to download an invoice”, “view a pdf attachment” or “verify your bank account number.”
– Paying close attention to the “from” and “reply” addresses of emails requesting personal and banking information. Fraudulent emails reveal discrepancies between the address and the claimed origin.
– Taking notice of the web address or URL at the top of the browser to ensure the URL matches the claimed origin.
– Ensuring that all software and security updates are installed promptly and regularly.
– Using an email service that incorporates phishing and pretexting defences, as well as a web browser that warns about unsafe or spoofed websites.
According to the 2022 Verizon Data Breach Investigations Report, stolen credentials (hacking) and phishing are among the top four action varieties in data breaches and integrity violations. One of the major reasons for identity theft are weak, shared, or reused passwords. A recent Google survey revealed that 80% of hacking breaches can be ascribed to reused and weak passwords or stolen credentials.
However, password management remains a headache for most people. The average number of passwords per user is currently calculated to be 38. No wonder that a Google survey found that 90% of respondents practised poor password management and recycle, share, or use guessable passwords. Almost 80% of users use the same passwords for multiple sites. The problem is that password recyclers or people using simple passwords are twice as likely to have their data and identity stolen.
One solution is to use a password manager that creates and stores strong passwords. However, research has indicated that only about 7% are actively using password managers.
An alternative to a password manager is to create strong passwords with alternative characters or misspelled words such as m1sP18ceD for “misplaced.” A sentence such as “Life in South Africa is a song” can be used. In this case the first letters (LiSaIaS) or last letters (EnHaSaG) are used. To increase the strength an “@” or other symbol can be added at the end.
But there is an easier way. The fintech innovator, iiDENTIFii has developed an enterprise-grade facial biometric authentication platform to protect organisations and individuals against identity fraud.
iiDENTIFii uses biometrics with liveness detection and facial verification, and validates data through secure triangulate authentication, thus protecting against impersonation and deep fake attacks. According to Gur Geva, CEO of iiDENTIFii, “even facial recognition with motion requirements are no longer enough to ensure that you are dealing with a real person. Without high security liveness detection, synthetic fraudsters can use photos or videos to spoof the authentication process”.
The process entails the taking of selfie, enabling the 3D facial recognition algorithm to prove biometric liveness and to set a baseline for authentication. A second step requires the scanning of the person’s identity document from where the image and key data are extracted. The selfie and identity document data are then compared with key data from government databases to accurately authenticate the person’s identity.
This tech innovation paints a password-less future. It also eliminates the traditional threats associated with the username and password logins such as phishing and man-in-the-middle cyberattacks. According to Gur Geva “extending the length or complexity of passwords, or adding two-factor authentication, is merely making technology more complex to use, extending the challenge to hackers…”.
This innovative technology that recently took the top spot in the KPMG Private Enterprise Tech Innovator in Africa Awards, surely promotes a world where one does not have to remember numerous different passwords for access and is used by three of the top five banks in South Africa.
Our digital world has become increasingly risky where hackers access personal data and steal identities with little effort. But South Africa has innovative technology entrepreneurs to free us from the dilemma of remembering countless complex passwords.
Professor Louis C H Fourie is an Extraordinary Professor at the University of the Western Cape.
BUSINESS REPORT