Skip to main content
IAM vs. CIAM CIAM Buyer's Guide Contact Us
Janrain respects your privacy and will treat the personal data you choose to share with us in accordance with our privacy policy.
 

Cybersecurity tips from the pros

By Michael Griffin | Posted on October 23, 2018

Cybersecurity month security recommendations

Managing customer identities goes well beyond providing great front-end registration, authentication and single sign-on experiences. Janrain clients also know that their customers’ identities are held securely - with Janrain’s Secure Edge restricting external bad actors and our internal safeguards spotting fraudulent account activities. Throughout Janrain, our teams are well-versed in how to keep personal identity data safe. Since October is Cybersecurity Awareness Month, we wanted to share some of the security tips that the Janrain team gives to our friends and family.

Our cybersecurity advice to friends and family

Byron, Software Architect

Use a Password Manager. I strongly push friends/family to use 1Password. Its interface is clean on Windows, OSX and all mobile platforms. It can also act as a "Google Authenticator" or any other standards-based MFA/OTP thing so you have everything you need in one tool.

1Password also has team/family mode where you can securely share logins between parents for legacy systems that don't support sub-accounts.

Similar features can be found in Lastpass or other managers but using a password manager is a must!

Sherwick, Solutions Architect

Check the URL. Before any online transaction, you should check that a site is secure through the lock symbol or https:// in the URL. If you happen to forget and get a message stating that your credit card has been declined — when you know that you are in good standing — DON’T enter another card. This could lead to financial information stolen from both your cards. If that happens, you will need to report both cards as stolen, wait 5-10 business days for new ones to arrive in the mail, update the information everywhere (especially in autopay billing systems) ... definitely not worth it.

Sven, Product Marketing Director

Make Firefox your default browser. TechRadar rated Firefox as the best web browser for 2018, writing, "Firefox is back after a total overhaul and has retaken its crown.” This recognition is due to its security and privacy features — and publications like Techworld, BestVPN, PrivacyEnd, or CNET agree. I particularly like the fact that you can “sandbox” browsing sessions and keep them fully isolated from each other. [Editor’s Note: Opinions vary on different browsers, with tests of known vulnerabilities favoring browsers other than Firefox.]

Jeremy, Director of Professional Services

MFA, MFA, MFA. I used to encourage people to avoid using the same password on all accounts. While that's still a good idea, I found that a lot of people felt it was impractical. So now I evangelize multi-factor authentication everywhere possible. It requires a few extra steps to access an account, but that time can be used to tell yourself, "I'm safer than I otherwise would be."

Roby, Engineering Manager

Common knowledge worth repeating. These feel common knowledge for those of us in this industry, but I find myself having to tell friends and family these things:

Use a password manager such as LastPass or 1Password. You shouldn't be reusing passwords because you are only as safe as the least secure site you've used that password on. Password managers help keep you from password re-use.

Connect via https. Does your browser show a lock icon in the URL bar? No? You're not sending information securely and prying eyes could see it.

If you aren't being asked to pay for a service, you're the product. Any personal information you give to a social media platform or other free-to-play site is likely using that information as a commodity to be sold. Which is why it’s a good idea to limit the amount of information that you provide to what is needed to receive the experience, service or content you want.

Jen, Technical Support Engineer

Assume you are a target. There’s a good chance you will get hacked at some point. Never take security for granted.

Change all of your passwords every 6 months — keeping them long and random. This way, even if a breach is not detected, the attackers will only have access for a limited amount of time. This is especially pertinent as we are seeing that many companies do not acknowledge that they were hacked until long after the fact.

Oh, and keep your data backed up in multiple places — both digitally and physically.

Bonnie, Training & Curriculum Development Manager

Another vote for MFA and password managers. Use MFA/2FA whenever possible. In addition, select the MFA option that utilizes an app rather than your phone number. America's telecom system is very vulnerable to social hacking, and getting a code sent to your phone is not terribly secure.

Also, use a password tool like LastPass or 1Password not only to store your passwords but also to come up with them. A tool like this is going to be way more objective and clinical about creating secure passwords and most password tools have Chrome extensions and apps for your mobile device so that you can use the complex passwords easily.

Greg, Product Marketing Manager

Lie about your mother, if you have to. Security questions — things like “What’s your mother’s maiden name?” or “What street did you grow up on?” — are dangerous. Unlike passwords, the answers to these questions do not change; when they are re-used across multiple sites - especially if tied to password recovery — they can leave your accounts wide open for the taking.

It’s great to see brands moving away from security questions - but there are still a lot of hangers on. If you encounter a site that is still using this practice, please lie. You may feel bad saying that your mother’s maiden name was “Scotch” or that you grew up on “Heartattack & Vine,” but your PII will thank you.

Our global commitment to digital identity security

From our front desk to our back office, from our sales team escorting brands through their digital transformations to our engineers maintaining the Janrain Identity Cloud behind the scenes — across all groups and levels within Janrain — our people understand and support best practices in identity security and privacy. It’s something that distinguishes Janrain from many other organizations and something we are rightfully proud of.

We’d love to learn about your identity security tips — or questions. Drop us a line here.

Popular Posts

About the author

Michael Griffin

Director of Information Security

As Director of Information Security, Mike is responsible for running Janrain's information security program. Before joining Janrain, Mike developed and led the Security & Compliance programs for Circle K North America, FEI Company, Columbia Sportswear, and Harry and David. Mike’s 23 years of experience also includes roles in Security and IT with Spirit Horse Vineyards, Tyco International and PremierWest Bank. During his career Mike has been active in professional organizations, including ISACA and ISSA, where he’s held the position of Vice President of the Portland Oregon Chapter. Mike holds a Bachelor of Science in IT Security from Western Governors University and various certifications including CISSP and CISM. View all posts by Michael Griffin