As the popularity of social networking sites continues to explode, the potential for identity breaches is greater than ever. Here are critical steps consumers and organisations can take to protect their identities and their users' identities, respectively, on social networking sites and elsewhere.
Consumers should:
- Create unique, complicated passwords. Best practice is to create passwords comprised of random sets of numbers, letters and symbols - and never use the same password on multiple sites.
- Use a mobile password-locker application to enable compliance with item #1. A mobile password-locker application lets you auto-generate unique twenty- or thirty-character passwords full of impossible-to-remember strings of numbers, letters and symbols; and, the locker itself can be secured with a mobile phone's PIN code, which instantly creates two-layered protection.
- Change passwords frequently. Ensure that even if your well-crafted password is somehow leaked (phishing on a social networking site, for example), it won't be of any use to anyone for very long.
- Check accounts often. Log into all of your social networking sites regularly, and make sure there are no sent emails, status updates or other activity you aren't expecting to see.
- Use identity trackers. Services that keep track of your identity, like Reputation.com and LifeLock.com, can alert you to an identity breach as soon as it happens, which is essential to minimizing potential impact.
- Never click on links in emails or messages. But if you must click on the link, never type in your username or password when you arrive at the destination, even if the site appears to be a familiar social networking site.
Organizations should:
- Offer its users some form of two-factor authentication. Organizations that offer to send an SMS to a user's registered mobile phone as a part of the login process significantly heighten the user's security.
- Protect their employee's credentials. Employees are likely to use their favorite social-networking passwords when logging into a VPN. If that password is compromised and a hacker correlates employee to employer, the hacker could gain access to the corporate network.
- Promote a single-sign-on solution. A number of single-sign-on products can store passwords in an encrypted form and automatically alert employees to avoid using their corporate password on social networking sites and elsewhere. Take full advantage of these products.
Identity breaches are a fact of modern life. However, if consumers and organizations embrace the tactics recommended above, users will be able to enjoy the benefits of social networking without putting their identities at risk.