Socially-Distanced Marketing, Strategy, and The Force

Tag: security (Page 1 of 4)

Passwords. A Revisit. (Updated for 2020)

Originally published on CUInsight.com

It’s a topic you’ve seen here before. Time and again. Of course, it’s still pertinent since we keep using them. Passwords are a bane of the tech world. Unless you can invent a simple way to authenticate yourself with any service, they’re going to stick around for a while.

That doesn’t mean we need to despise them, though. In the past, we have discussed the problems on both ends, from policies that lead to creating awful passwords, to people insisting on using “love”, “*dogname*”, and “!23456”.

Grab your favorite password and…throw it in the trash (sadly, even “CorrectHorseBatteryStaple“). Because we’re back.

Password Confusion

Like the question of eggs being healthy or your worst nightmare, passwords see a wide variety of advice as the years go on. Some of it is due to a long period of terrible advice (which we discussed before, and, I’ll admit, my own suggestions evolved, too).

Thankfully, this is changing…slowly. The other part is based upon processing speed increases; it’s easier than ever to parse billions of possibilities (using databases of common passwords from leaks combined with dictionary analysis). So what’s the current solution?

Password Managers

It’s lurking in plain sight, on all your devices. The best password is one you never create. Every modern platform supports strong password suggestions. Then, they save these passwords in a secured database, so you don’t have to put a note in your drawer (it’s ok, you’re not alone).

Depending on the system, there might be a master password, or, it can combine with biometrics. Make this be your big, strong password, then never use it. Rely on the fingerprint scanner, FaceID, or other verification system.

On iOS & iPadOS , all current versions have automatic strong (Apple calls them complex) password creation and storing capabilities. That means, when a site asks to create a password, your phone already filled in a really good one. Then it saves it so you never even bother thinking of something.

To log back in, your phone just asks for verification through TouchID or FaceID (depending on device). This is new; auto-fill now has security, too. Yes, you still have to create a unique username. Sorry, MarioKartKing is taken.

Apple Creates “Password Manager Resources”

This automatic password creation isn’t perfect. If you used this system for any length of time, you ran into this situation:

  • Go to site to create account
  • Enter username
  • Fill in good password
  • System gives an error
  • Try again with a new random password
  • Error again

Why? Your password was “too complex” for their platform. Whether using “unusual characters” (like hyphens) or simply too long, their site won’t accept it. What do you do then? If you’re like most, you just make up your own.

This one won’t be as good. Sorry, it’s just reality. So Apple is doing something about it. Their new open-source project Password Manager Resources seeks to end that scenario. How?

The project will let developers build site-specific criteria. That way, when your device creates a password, it will know the limitations of that site. So your strong password will also work.

As a new system, I look forward to it doing two things:

  1. Letting people mindlessly create complex passwords on any site.
  2. Encourage sites to adopt a better password policy.

Changing Password Regularly…Or, not?

There’s another side of this revisit: Updating your password. I know, I know, I spoke strongly against this practice in the past. My position is unchanged. If you change your password, make it for a good reason.

A brilliant website called haveIbeenpwned.com checks your e-mail address or usernames to see if they were included in any breaches. If so, it shows which and to what degree.

Then, you know it’s time to update those passwords (and anywhere else you shared those credentials). That password auto-suggest is looking mighty nice right now.

They partnered with Firefox so you can get alerts for any new breaches involving your information. With a Firefox Account, you can add as many e-mail addresses to this monitoring. Then, you can go through the list and “resolve” those you’ve already changed.

So, changing passwords regularly is unnecessary. Creating strong ones that are unique to each site is essential. Then, use a service that tells you if any sites are compromised. Simply change that password and you’re good to go!

Use a Password Manager

Here’s the bottom line: With password managers so prevalent and easy to use, there’s no excuse to still create your own passwords. It’s putting you (and the data within) at unnecessary risk. It also saves time.

When I read of a breach on a service I use, I just go in, update that password, and get back to my life. Since it won’t be shared with any other system, I don’t care what someone does with the information.

Granted, if passwords were stored in a way someone could access them, I’d be questioning the utility of said service, given their poor security practices.

Bottom line of the bottom line: Complex, random strings of characters, stored in a quality password manager, is the best way to ensure your personal (or corporate) information remains only in the hands you want.

Resources (A non-exhaustive list of password managers)

OS Based:

3rd Party:

  • Firefox Sync
  • LastPass
  • 1Password

Doing The Least Possible to Minimize Card Fraud

This CUbit is a bit different.  It’s meant to be heard, rather than read.  Why?  Because why not?

Here’s a primer: Card fraud.  Up close and personal.  With a topping of, “not my department”.

What are your experiences?  How do you like the audio format?  Share in the comments below!

PS – I maintain card security like a fiend.  I avoid letting the card go out of my sight (as at restaurants), use the card only at EMV (chip) terminals, and make most of my purchases using Apple Pay.  I won’t use gas pump card swipes (I get branded gift cards instead).  For online purchases, I create one-time use numbers for merchants I don’t trust (essentially, if they’re not Apple or Amazon).  All my accounts use unique and complex passwords with two-step verification where available.  If my information can get stolen (still don’t know how), anyone’s can.  It’s why I support merchant security standards and encourage use of tokenized payment systems.

If Your AI Is Only For Chatting, You’re Doing It Wrong

“Ask Our Friendly AI!” Your credit union’s website is excitedly promoting their new chatbot, there to answer questions 24/7. “Cool, so how can it help me save money or time?”

Whether they admit it or not, that’s what your members will be thinking.

In some cases, such tech is fielding member requests without burdening traditional staff time. And their resolution rates can be similar to human representatives.

What are you waiting for? Get Siri, Alexa, Cortana, and friends to every CU! (HAL is not welcome, sorry)

Interacting in a Financial World

If only it were that simple. “AI” support agents are uniquely programmed to understand financial world terminology. Plus, computers don’t excel at interacting like a person, since we learn and process the world in a different way.

Chatbot

One day, I’m certain this will no longer be the case. (Update 2020: It looks like that day is almost here, as quality chatbots and other “smart” systems now exist to help your members!)

What may be even further off is having all systems talk to each other in the background.

Imagine being able to ask Siri (remember that post?) to transfer money from one account to another and explain the tax implications of your specific IRA contributions.

Then find out the score for your favorite team’s last game.

But we’re not at that point…yet. And look who spoke too soon…we’re actually getting awfully close.

AI for Serving Your Members

Readers know my passion (that’s 3 links!) for the “AI Revolution”. With its arrival, a lot of ideas are being thrown around on best use. Right now, the most common answer is: Everywhere!!!

Brain Split by Tech

Patience, my young Padawan. A fancy chatbot might seem like the natural first step, but let’s look at it from a member benefit perspective. If they have a question, they don’t care who/what responds.

Your members want a quick and accurate answer. If your team is currently able to keep members served quickly and effectively (through any medium they contact), then this may not be a fit for you at this time.

Unless you have unlimited resources, in which case, yes, do all of this at once. Just make sure you have top-notch project management to ensure the focus is always on the unified credit union goals.

Big Data

For the rest of us, the AI which makes the most sense, if less “sexy”, is the Big Data side of AI: Machine learning. Here, you have solutions that can do things quickly which would take enormous staff effort.

Machine Learning Innovations

Stained Glass Spiral
This is your data. Your AI can find the patterns.

For example, you can analyze a member’s credit (beyond the report) and offer a rapid loan decision with a high rate of accuracy.

You can implement systems to monitor patterns in spending to identify fraud the moment it occurs, saving the institution money and the member frustration.

Machine learning is also enabling security of the body, biometrics. That’s the fingerprint sensor on your phone. Or FaceID on your newer iPhone. It’s also the Hello feature on Windows 10 computers.

Retina scanners combined with other biometrics, a security card, and “something you know” composes the “top level” of security at large financial institutions (and government entities).

Speed. Savings. Security.

Three great reasons to implement aspects of AI in your credit union. A recent post about this topic ended with a wonderful quote:

“When a bank…effectively uses AI, they run more efficiently and are able to connect more effectively with a segment of the population that will never be replaced by machines: their customers.” – Mohit Joshi, Innovations in FinTech

Ok, ok.  I’ve given you way too much to consider.  AI, Big Data, machine learning, algorithmic analysis…yeah, I get it. Overwhelming when you just want to know, “can this stuff help my credit union?”

So, I had a realization right after writing this post. Remember that series I did about tech in the financial industry? As part of it, I mentioned that financial institutions are at risk of becoming “dumb banks” in the same way that ISPs are “dumb pipes”.

What I mean is that you are at risk for simply becoming the corridor for other companies’ information. You hold the money, but your members use other services to move, spend, invest, even check on their funds.

The same is the case here with AI.

There will always be a place for information as you manage it now: Raw account balances aren’t going anywhere.  But that’s “dumb data”.  The future is in “smart data”.

Owl Reading Book by Candlelight

Where your credit union and members can find patterns in spending, opportunities in lending, and personalized recommendations for minimizing debt (or maximizing wealth).

How will you become the “smart data” of the future?

« Older posts

© 2020 Credit Union Geek

Theme by Anders NorenUp ↑