I wiped out my cookies. Not the peanut butter ones (though I did that too), but the ones on my computer. For various reasons I had to reset my browser, and the cookies got clobbered. By now we all have seen that foodstuff in this context, but most have no idea what it really means. At its most basic, cookies are a form of ID your computer passes on to a website to tell them it is you who is returning, That's how Amazon knows you were last looking at a new pair of sneakers, or Home Depot knows you are still shopping for a grill, or Netflix knows you are a Star Wars fan. That info enables them to show you other items inspired by your past activities. You decide if it's the ultimate in personalized shopping or a breach of your privacy.
It's no different when money or personal information is involved. But in that case the aim is to make sure it's actually you who is trying to access your account. The cookie is like walking in the front door with your license on display: now that we know it's you, we can show you your balance or your holdings or your files. No cookie means they have no idea who is knocking, so they treat you like a stranger.
And that's a good thing. Considering it's your dollars, you want that kind of security. That said, if you do like I did and make your computer anonymous once again, not having that cookie means you need to reconfirm who you are, usually by retyping your password. Like they said in Romper Room, hopefully you are a good Do Be, and used different, hard-to-break, unique passwords for each account. More likely you are like the vast majority, are a bad Don't Be, and used 12345678. No one will ever guess that.
But even if you have a password that is secure, it might not be enough for them to let you in. More and more sites are requiring what is called two factor verification. Basically, it's a method of confirming your identity by using a combination of two different items: 1) something you know and 2) something you have. You KNOW your password, so that's step one. To complete the second step, they turn to something you HAVE, your phone. The site texts or calls the number you have on file, and gives you a code to enter. Assuming your phone hasn't been stolen, the idea is that those two things taken together prove that you are you.
And so as I did my normal weekly tour online, reviewing accounts, paying bills, looking at portfolios, I did so as a stranger. Every single place I went stopped me at the front door, and asked me to type in my password. But by itself that wasn't good enough. It was a case of, as the old Russian saying goes, "Doveryai, no proveryai." That literally means that a responsible person always verifies everything before committing himself to an agreement, even if the other person in the transaction seems totally trustworthy. Lenin spouted a variation, as did Stalin, but it was President Ronald Reagan's repeated parroting of "Trust yet verify" during nuclear disarmament negotiations that both popularized the phrase while simultaneously pissing off Mikhail Gorbachev.
If you check my phone for Saturday morning you will see a list of text messages with strings of 6 or 8 digits, each from a uniquely cryptic origin, each with a legend stating they are only good for 10 minutes. Should I get picked up by the CIA, and they examine my communication history, they might wonder if I am an Iranian spy or Chinese agent. After all, my entire text history for that time period looks like it can only be understood with a secret decoder ring. But no, it's merely me trying to get back into my checking account to pay the electric bill.
Still, I'd rather the inconvenience of typing a few extra keystrokes to someone getting access to my accounts. And I wonder if there is applicability of this to other things. After all, you say you are my kid and want to borrow my HBOMax password. But how do I really know it's you?
-END-
Marc Wollin of Bedford tries to be secure. His column appears regularly in The Record-Review, The Scarsdale Inquirer and online at http://www.glancingaskance.blogspot.com/, as well as via Facebook, LinkedIn and Twitter.
No comments:
Post a Comment