Friday, March 29, 2013

Hacker, No Hacking


Image
By: Me Shach Hopkins
Remember the time your girlfriend hacked into your Facebook account and saw all those messages you had been trying to keep a secret. Or how about the time someone used your credit card information to make purchases from Macy’s, Amazon, and Best Buy. You felt so sure that this could never happen to you. Yet it did and now you’re stuck wondering, “How did this happen to me?” You blamed yourself for being so careless, saving your password on your PC, or leaving your account logged in and unsupervised.  In actuality it was never your fault. I wasn’t the hackers fault either; he was simply doing his job – hackers hack things. If there is any blame to be placed the bulk of it should fall on the shoulders of the site. In this day and age everything is done digitally. People communicate, work, play, shop, and share via the World Wide Web. As a result, internet security should be beefed up to protect user information.
Sites that contain user information, even if it is just a name, should require all users to create a username and password login. Every site should make it mandatory that both usernames and passwords contain at least one upper case character, one number, and one symbol. Sites should remove the “remember me” option from their page in order to decrease the chances of an unauthorized user simply logging into someone else’s account. Upon login sites should detect if the location of that login attempt matches up with previous one; if it doesn’t then that login attempt should request additional information for the user to proceed. Also the “Forgot Password” option should require more than just an email address to access a user account. Instead it should ask the user multiple personalized questions and for them to identify themselves with a form of ID such as the last four digits of a user’s social security or driver’s license.  Furthermore number of times this option can be used should be limited.  People should be able to remember their passwords, especially the important ones, and if they cannot they should write it down in a safe place. These precautions should prevent most hackers from accessing your account but there needs to be a second level of security to protect a user in the off chance that someone gets past the first level.
If a hacker does get a hold of your password or say you went to the bathroom and forgot to close your account, you should still be protected.  Sites should require users to create a second password, separate from the first one, in order to access personal information within that account such as a user’s bank statements or home address. The same password should also be used to finalize actions or make changes to an account. Sites should be set up so that user information such as credit card numbers, social security numbers, or driver’s license numbers (cookies, cache) are not saved within the site.  Lastly sites should have a timer which monitors user activity. User inactivity for longer than 5 minutes should result in an automatic logout of that account. This second level of security prevents hackers from stealing personal information from an account. It also prevents them from having enough time to have access to an unattended account.
Account security is very important and should be taken more seriously buy banks, social networks, and other online sites as it is very important to their users.  There is too much at risk these days to have such minor security on user accounts. All sites should use all the method I mentioned plus additional methods to ensure users that their accounts are protected. This additional security may be a headache at first but is better than the alternative – being at the mercy of hackers.

No comments:

Post a Comment