I have been using the Internet for years in fact long before the world wide web became available but one thing has always mystified me;
Why do people willingly give away so much private, valuable and dangerous information about themselves?
Going back to a pre-web example, I realized years ago, in my teens that my signature was valuable, it may have been while forging my mothers on a school sick note. But the knowledge of that essential truth made me have different signatures for different purposes, government documents, cheques, membership forms etc all have different levels of importance and risk. And because of my experiences I have taken this kind of thinking into the digital realm
- Don’t always use your full or real name; I know some websites require your real name but unless you need to make a payment you could spell it in a different way, add middle names or initials other than those on your birth certificate.
- Don’t supply your real date of birth; most websites will never do anything with this information apart from market stuff at you. If this makes you feel weird make your self older than you are, plus or minus two years works well, but change your day and month too.
- Don’t provide your real address; again some websites require this for their security, put some typos in on purpose, add an A or B to your building, but remember them and use them consistently across the web (as there is a look up database). If your buying things you’ll need your correct address and postcode for 3d secure card security.
- Don’t supply your town of birth; give your best friends or partners town, this is usually a really important banking security question, so any answer you can remember is relevant (usable security).
- Don’t provide real bio metric information including pictures; don’t use pictures that can be used to create identification documents, have your head turned also be taller or shorter, just don’t give very accurate information.
- Don’t supply extra information, if it’s not required (if a good design indicated by an asterisk), give the bare minimum to get access.
Why does the security of your online identity matter at all?
Well in the simplest form all anyone needs is three key identifiers; your name, your date of birth and your town of birth and they can get a copy of your birth certificate totally legally in the United Kingdom. Once they have your birth certificate they can apply for other forms of identification and then start spending your credit value.
Another useful thing from this type of attitude to supplying information is to find out which companies are selling your data and then decide if you still want to deal with them. And finally, careless information costs billions, no matter how secure a company says it is always assume they will be hacked at some point either electronically or by a staff member.