Do’s and Don’ts in using trust services and devices (part II)
Today we are bringing part II of the article published here last week on the best practices to adopt or get rid of when using trust services and devices. We have decided to approach this topic in order to create more awareness around electronic identity and promote some simple, cautious behaviours that can limit the risks of unauthorised persons access your assets using your electronic identity.
It might seem unbelievable that, in 2019, some people still write their username and passwords on the back of their token, smartcard or scans. Nobody can blame them given the amount of passwords that we have to memorise, but this is extremely risky. Anyone having the device and the credentials will be able to perform bank transactions and engage the rightful owner in sensitive operations with legal impact.
To reduce the risks if the device falls in the wrong hands, it is advisable to develop a functional system to help you remember or retain passwords. If this is still hard, ultimately, the best way to retain passwords remains the old-fashion way that is to type them in every time they are requested (and skip the possibility to automatically save them). The more digital savvy of us can appeal to password manager apps that store in a secure way the information we need to access websites.
The physical appearance of the trust devices, such as the token, smartcard or signing stick, is similar to common objects such as a loyalty card, USB stick, or key rings. Unfortunately, the users start to treat them as such. Except that these trust devices are not trinkets. They are linked to the electronic identity of the user. Losing, misplacing or destroying them equals to losing, misplacing or destroying a paper ID card. So, we must take good care of them and treat the same way we treat our paper ID documents.
Another overshared and overheard piece of advice that people tend not to apply when it comes to family members. Why? It is understandable. It is more convenient, it is a token of trust between spouses or maybe finances are kept in common. Nonetheless, family disputes or revenges are more common than you think. Younger members taking advantage of their older grandparents’ trust and finances are ones of the most frequent (and saddest) cases encountered by trust service providers.
Although not yet mainstream, you should start paying attention to the passwordless logins (using touchID or faceID instead of inserting password) and the unconscious sharing of your credentials (when you share your user ID and/or password without actually being aware). The following scenario illustrates the possible consequences: you give access to your smartphone to your children to play some games. You may even record their fingerprints to unlock the smartphone. What you may forget is that some of your apps also require a fingerprint to open or validate various transactions. Your credit card information may be also stored somewhere there. This means that your children will be able to use those apps and your credit cards. You may think that this is unlikely, but do not be too surprised if, one day, you get delivered 1 500 EUR worth of toys (true story!).
When getting robbed or losing your bank cards, the first thing on our minds is to call the bank and block the cards so that you prevent any unlawful use of our assets. The same principle should be applied for any stolen or lost trust device. Being connected to your electronic identity, a third party may use it to process or engage you in various transactions. The only way to prevent this is to inform your bank or trust service provider which will revoke your electronic identity.
Dealing with intricate cyber-scams or testing the trust of your family members are no easy tasks, but adopting the six best practices in using trust services and devices that we have detailed in this post and the previous one will ensure a high level of protection to your electronic identity.
At LuxTrust, your security and privacy are our priorities. If you notice your device missing or unlawfully used or you receive doubtful communication involving sharing your LuxTrust credentials, please contact our Customer Support Desk at +352 24 550 550 or by email: firstname.lastname@example.org.