With so much in the news about computer security these days, personal experience says innovations and new developments could be appealing antidotes to the fright that breaches and theft can provoke.
Microsoft and Premera couldn’t have timed their news any better.
On Tuesday, the same day that Premera disclosed a scary security breach affecting perhaps 11 million people, Microsoft announced a potentially transformative set of security upgrades that it’s adding to Windows 10.
The new version of Windows coming out this summer will enable the use of facial recognition and other biometric techniques to improve digital security and reduce fraud.
It’s a little James Bond, but the idea is to offer a safer and easier alternative to passwords.
Most Read Business Stories
- Boeing chief engineer at center of 737 MAX crisis retires
- Flight operations chief at Horizon Air raises alarm over pilots' safety culture
- Expedia's two top execs pushed out as chairman Barry Diller asserts control
- Boeing 777X's fuselage split dramatically during September stress test
- It's a seller's market in King County as inventory tightens in 'November surprise'
You can already do this with the Xbox One console, which recognizes users and “automagically” signs them in to the system. In addition, fingerprint readers have long been an option on some PCs. They’re also standard on the latest iPhones.
Microsoft also is enabling iris recognition on Windows 10 machines equipped with Intel’s 3-D camera system. Iris recognition has been used on ultra high-end security systems for a while, but the companies are now bringing it to the mainstream.
Whether these are a solution to the omnipresent threat of cyberattack remains to be seen. But it’s clearly time for new approaches to verifying and protecting our identity.
Cyberattacks will continue either way. At some point you have to resign yourself to living in a world of risk and hope that the good geeks are staying ahead of the bad ones.
Despite the billions spent on security software, there will always be new gaps in the armor. The web of systems we use is too complicated and dynamic to be completely sealed off, at least not without big sacrifices in convenience and utility.
Really, at this point the chances are pretty good that your “personal information” is already out of your control and circulating around the Web. Nearly one in 10 Americans — 7 percent of those 16 and older — suffered some form of identity theft in 2012 alone, the latest year for which the federal Bureau of Justice Statistics has provided a tally.
It sounds really scary, but mostly it’s just a big hassle. If someone gets into your bank account or uses your credit card, you should be mostly covered. Check to be sure.
You’re more likely to have someone use your personal information to open up a credit account in your name. That person will rack up charges and you’ll end up with a stain on your credit report that’s overly hard to remove.
This can be disastrous — there are horror stories of lost jobs and mortgages — or maybe it will cause a hassle comparable to a clogged sewer line or shattered cellphone screen.
I know this from personal experience. There is a gang of known identity thieves in a rough part of Chicago that opened a Credit One account in my name, using my Social Security number. They bought a lot of electronics at a Magnolia Audio-Visual store in the Midwest.
It’s a little ironic since I grew up not far from the original Magnolia Hi-Fi store in Seattle. But I’ve never been to the Midwest outlets.
I found out about the ID theft a few years ago when collection agencies started making threatening calls. That was my welcome to the crazy rabbit hole that millions of other victims have experienced.
You start by spending hours poking through automated phone systems to reach indifferent bank representatives. Then you file a police report that will almost certainly be ignored and not investigated.
There was a helpful detective in the Chicago area who called. He told me the Chicago gang became a priority after it stole the identity of a federal agent.
Even if you’re just a normal citizen who doesn’t warrant police help, you file a report because it checks off a box in the process. Then you can tell credit agencies and the banks you’ve done it. They check off their boxes — saying it’s yet another ID theft — and you can hope things go back to normal. Only 14 percent of the victims in 2012 lost money out of pocket, and of those about half lost $99 or less, according to the federal statistics.
There are other costs, though. If you’re a victim — or potential victim because some company failed to adequately secure its data — you’ll be offered identify-theft monitoring and insurance. But it will last only a year or two, after which you’ll have to pay $5 to $20 per month to maintain this “protection.”
Before you get pressured into this racket, you might check to see that you’re not already paying for them somewhere else. They’re bundled with AAA’s premium service, for instance. Or just wait for the next big retailer or insurer to be breached and take the two years of ID protection it’ll offer as atonement.
Still, you may continue to get called by collection agencies. It’s been years since my incident, but they keep calling my home and cellphone periodically, making scary demands. The sloppy bank that enabled fraudsters to open an account in my name apparently passed along a portfolio of its unresolved debts, including the Chicago credit-card bill in my name.
Collection agencies apparently bid on these bundles of unpaid bills to try to wring a few bucks out of them.
So while my identity is circulating around the black market, the fraudulent debt in my name is being passed around the gray market of debt hounds.
I don’t know how they sleep at night. But still I blame banks for being too eager to open new accounts and too cheap and lazy to thoroughly verify the identity of new customers. They rely on credit agencies that seem to use Paleolithic technology.
It’s funny. Credit-card companies are crackerjacks at using pattern-tracking software to detect potential fraud that they’ll be liable for. So alarms may go off if a Seattle resident’s card is used for a charge in Illinois.
Yet in their haste to sign up new customers, they will open a credit account in Illinois even though credit activity suggests the applicant is currently living in Seattle, where the person just used a different card to buy a cup of coffee.
That’s why I’m excited that Windows 10 will enable facial recognition, iris scanning and fingerprint logons. The ability to pay for stuff with a phone is neat and gets lots of attention, but let’s see if this gets rolling on the enterprise side, so banks and stores can quickly and truly verify identity before opening any new accounts.
Building this into Windows will also add momentum to a broader industry effort that for years has pushed for stronger authentication systems.
Yes, it’s creepy and has all sorts of uncomfortable privacy implications. But we’re in a new era that needs new locks and new keys.