Digital identity is your online persona. You may have one digital identity for email and another for online banking. Online services use your digital identity so you can securely go about your business online, from accessing health records to making purchases. Sometimes, like when sending a message to your doctor, the online service needs to be confident it’s really you, not someone else. Other times, like posting a comment to a news site, they don't need to know who you are. If you're suspicious of whether you're safe online, you're not alone.
Unfortunately, criminals often target online accounts in hopes of, say, emptying your financial accounts, or stealing your personal information for later use. While no solution is perfect, there are way to prevent this. So, how do you keep your accounts secure? You can start by using the available tools that can increase the chances your information stays secure and private. In some cases, you just need to know where to find them. Check out the following tips for some easy steps to put your mind at ease about your digital identity.
According to an RSA survey, 88% of consumers would be willing to use a more thorough authentication process if it provided stronger account security. Look no further: to start taking steps to protect your accounts—and consequently, your information online—turn on multi-factor authentication (MFA). If you hear two-factor authentication, it's the same thing. Either way, it's not as mysterious as you think: if you’ve ever used your bank card at an ATM then entered your PIN, you already know how to use at least one type of MFA. MFA is a security enhancement where you present two separate pieces of evidence when logging in to an account. For example, you might first enter a username and password, then layer up your security by also scanning your fingerprint before gaining access to your account. It’s simple and offered by plenty of websites—so what do you have to lose? Like anything, MFA solutions have had to grow up over the years, but here's the thing: most MFA solutions around these days can make things pretty easy for you, but really difficult for bad guys.
Browse the links below to discover if services you use offer this feature. If they don’t, you may want to urge them to reconsider and show their commitment to securing their customers’ information.
Looking for help with securing your online accounts? Lock Down Your Login is a STOP. THINK. CONNECT.™ initiative led by the National Cyber Security Alliance that looks to raise awareness of our individual and shared roles in cybersecurity. The initiative was developed by a coalition of industry leaders and like-minded organizations, in collaboration with government, who understand the importance of cybersecurity awareness and education. | more
Close old accounts.
If you don’t use them, close them.
Secure your active accounts.
Many websites now offer additional ways for you to access your account easily while making it hard for others to get in. Today, most large internet sites offer MFA. If they don’t, you can ask for it. Check out sites that offer MFA on twofactorauth.org.
Protect your information.
Avoid sharing too much personal information online (like your full name, address, birthday, etc.). These days, a lot of websites have responded to your demands for more control your own information. You can check a website’s privacy options to ensure you have enabled them to be at least as strong as you're comfortable. Check periodically since those options may change frequently.
If it looks fishy, it’s probably ‘phishy.’
The old adage still holds true, "if it sounds too good to be true, it probably is." Links in fraudulent emails, website comments, tweets, posts and online advertisements are often how cybercriminals do their dirty work. Some such attacks are pretty convincing these days. Even if it looks like its coming from a familiar source, if it's asking you click on links and divulge information, it's worth checking in with the sender directly.
Secure your mobile device.
Don’t make it any easier on thieves to gain unauthorized access to your accounts. Use a passcode, biometric, or some other means to secure your mobile device.
Update the software on your devices regularly. While there are sometimes glitches with new updates, many are specifically designed to address vulnerabilities in software that can leave you open to attacks. It's like the old adage about two people running from a bear: you don't have to be faster than the bear, but the slower you are, the more likely you're the one the bear will catch.
45% of households surveyed reported in 2015 that privacy or security concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks; or expressing opinions on controversial or political issues via the internet. The offline world has structural barriers that preserve privacy by limiting the collection, use, and disclosure of personal information. Think about all the places you might use a driver’s license: to open a bank account, board an airplane, or view an age-restricted movie. It is difficult (and in some case illegal) for these establishments to collude and link all those transactions together—which preserves privacy. At the same time, some aspects of this offline scenario do not preserve privacy. The movie theater attendant only needs to know that the person is over age 17. But looking at the driver’s license reveals additional, unnecessary information, like home address and date of birth.
Digital identity solutions should preserve the positive privacy aspects of offline transactions while limiting the negative. For organizations, preserving privacy can look like: collecting and distributing only the information necessary to transactions, protecting that information, and being responsive to individuals’ privacy expectations. The technologies exist to do all of these things, but not everyone has adopted them. And if your information isn't being treated the way you want, speak up. It's the best way for organizations know your preference and for innovators to see opportunity.
The TIG pilots develop innovative technologies, enabling more secure, convenient, and privacy-enhancing access to online services. Here are just a few ways that projects in the Pilots Program are working to improve digital identity for everyone:
ID.me enables military service members, veterans, teachers, first responders, and students to access online discounts and benefits from over 450 commercial organizations, government entities, and non-profits. Their identity solution allows people to prove their eligibility online without sharing sensitive documents or personally identifiable information. Over 3.5 million people have used ID.me credentials to access discounts and benefits online.
Gemalto is working with departments of motor vehicles to pilot issuing digital driver’s licenses to residents of Idaho, Maryland, Washington, D.C., and Colorado. Gemalto aims to improve the way people conveniently and securely present their driver’s license and prove their identities by offering digital driver’s licenses accessible via an app.
The MorphoTrust USA pilot leverages identity proofing done in the driver's licensing process to give residents the option of creating an "eID." MorphoTrust USA has partnered with Alabama and Georgia to pilot using this eID for state income tax filing. The goal is to empower tax filers to secure and protect the filing of their tax returns and reduce the risk of fraud to taxpayers.
Galois and partners are working on two efforts: developing just-in-time transit ticketing on smartphones and integrating a secure system into an Internet of Things-enabled smart home. Supporting the smart home effort, Galois is building a tool that enables users to store and share private information online.