Keeping personal information safe in our Internet-driven
culture is a constant challenge, especially since the safest route is not
always the most convenient or the most cost-effective one to take.
Unfortunately, and more often than not, the average consumer
will choose the more convenient option that satisfies his or her busy
lifestyle. This tendency is one of the most prevalent reasons for securing
businesses with fraud prevention solutions, for hackers and identity thieves will seize every
opportunity to take advantage of consumer vulnerabilities.
PC Magazine’s Security
Watch blog provides an excellent example. According to an article published
December 7, AOL (formerly America Online) is now officially ending support for
the previously praised RSA SecurID 2-factor authentication devices used to
issue one-time only passwords (OTP) for secure services logins. The tokens
themselves are physical devices that create temporary, unique pass codes to be
entered at the same time as the subscriber’s username and password. The tokens
thus provide a dual-layer id authentication service: authentication of knowledge of the username and
password, as well as clear ownership of the registered device. The devices are
virtually immune to theft by phishes and other password-theft techniques,
providing an excellent security measure.
So why remove support? According to Security Watch, the
devices are inconvenient, and “a pain to use…probably [constituting] a cost
which had to be eliminated.”As an
alternative, AOL will emphasize strong password creation. But, regardless of
how strong a password is, a keylogger, virus or other well-disguised hack could
pilfer it, leading to identity theft and possible consumer or business fraud.
While it represents a step back in AOL security measures at the consumer level,
the move serves as a reminder to online businesses that their customers may be
vulnerable to identity theft, and fraud prevention tactics are a must.