Security Fridays: Week SixMichael Urgero 27/02/2020, Industry News
Mobile devices: It’s safely stored in your pocket but is your data within secured?
Coming up as a kid in the 80’s was an unbelievable time. Things here in North America were changing; we had elected a movie star as our President, the economy was strong, my father bought a mobile phone at Radio Shack, I spent my weekends in the video game arcades at the mall, and the Commodore 64 was my personal home computer – more on that at another time.
I recall one day circa 1994, as I was completing my first year in the tech business. I was a support engineer for a mortgage company here outside Chicago. I recall conversations with other engineers on the team, as we dreamed of one day, having all our technology needs on small mobile devices in our pocket and getting services provided to us from hosting companies. We call them cloud services now.
We could clearly see the dream but never believed that we’d see it in our lifetimes. Enter Murphy’s Law.
The mobile lifestyle, meaning the consumption of media using our mobile devices, has changed the technology landscape faster than anything else we’ve seen in my recent lifetime. You can say what you want about mobile solutions on the market today, but one thing for sure; it’s an all-new world out there. Human beings have never embraced technology like this, and it’s obvious this one’s here to stay.
As with every new technology, several things will inevitably make it into the landscape, take, for instance, productivity tools like Microsoft Office and then consider that every technology platform since the birth of it all have had some entertainment component, most notably games.
Consider this; you could add up all the personal computers and laptops sold in the last 30 years and not even be close to the number of mobile devices in the hands of users today. As of this article, there are 3.5 Billion mobile devices active in the world, and that translates to roughly 45% of the total human population. There are roughly 120 Million personal computer devices out there and that number has been falling in the most recent few years, and the mobile device market gets better at doing what it does best – delivering a very similar experience – and consolidating your whole life – into a single platform. They come from all corners of the world and from every economic environment. Some of these users start as early as toddler age and continue all the way through adulthood. And, yes, they all play games. Three things are common among mobile users; Internet, Email, Games – in that order and this latest breach of the industry is no exception.
Zynga, the company that created such game titles as Farmville and Words with Friends (the Scrabble game) has been breached. They’ve lost 173 Million Accounts to hackers. Thankfully, this time – the passwords in the database were encrypted using SHA-1 hashes, or at least that’s what they tell us.
It was disturbing to hear them make a public statement that this sort of thing happens all the time, and that it’s just another part and cost of doing business in the digital age. Almost like they’re not at fault and hold no responsibility for these breaches. I don’t want to believe that. If there’s anything I’ve learned over 25 years in the business – that’s how to protect my stuff and I think businesses can do a much better job here. Regulations aside, it’s my opinion that they have a moral obligation to be responsible with our data.
Security Solutions will catch up, it’s just a matter of time. But, until they do, here are the key take-aways:
- Don’t share your credentials with anyone – and yes, that means online services, registration for games, and the lot…
- Don’t synchronize your passwords manually between services. So, simply put – don’t make your online banking password the same as your Facebook password, which is the same as your email password and so on…
- Turn on and activate multi-factor authentication wherever you can.
- Send a clear message – when a service you are using gets breached – cancel that subscription and go find a competitor. This action sends a very clear message to the company that you’re not going to tolerate them not doing enough.
Finally, look forward to identity platforms that take it seriously, as they are emerging to fill the gap in this space now. Many manufacturers have identified passwords as the weakest link among us and are developing solutions to combat. As we head towards a password-less world, biometrics are the new up-and-comer, so be prepared to embrace these new solutions as they emerge.
Play on and be safe out there.
Read the article that was analysed here: https://www.infosecurity-magazine.com/news/zynga-breach-hit-173-million/