It used to be so simple – you talked to your children about the big items like sex or drinking. The talks weren’t easy, but at least the topics were predictable.

Now parents have to talk to their kids about a whole raft of new issues – including what’s appropriate to post on Twitter or Facebook, and not sharing passwords with friends.

St. Michael’s RC school in the UK uses myOneLogin to protect access to its Google Apps accounts with strong authentication.  You can find the story at http://www.myonelogin.com/Downloads/St_Michaels_Story.pdf.  As a parent, one of the things I love about the story is this: as a by-product of moving to Google Apps for students and staff alike, St. Michael’s is teaching the kids about protecting access to their accounts.

Everyone uses strong authentication at St. Michael’s. The students use a basic second factor to access their Google Apps accounts – knowledge-based questions. But the staff uses stronger second factors, including VeriSign VIP Access for Mobile, which generates temporary one-time passwords on smart phones.  The VIP support has the ‘cool’ factor, as it uses smart phones to generate “secret codes” that self-destruct in only seconds.

Damien Kelly, Head of e-Learning at the school, says that he shows the kids the one-time password from his phone when he logs in, because he knows it will expire in a few moments. A simple login become a teaching moment and he’s emphasizing, time and again, the importance of protecting access to online accounts.  That’s an education that can serve the students well in the future.

I just read the article “Phishers get more wily as cybercrime grows” by Diane Bartz for Reuters, profiling the new and creative ways that phishing attacks are escalating. Apparently the newest variant is ’smishing’, which is phishing by SMS text messages. See http://tech.yahoo.com/news/nm/20090417/tc_nm/us_cybercrime_1.

The article quotes Michael Barrett, Chief Information Security Officer at Paypal, saying that phishing “was impacting their view of the safety of the Internet and that it was indirectly damaging our brand.”

Paypal is a company that gets it – that phishing is most definitely their problem. They’ve taken aggressive tactics to block spam emails purporting to come from Paypal.

At TriCipher, we’ve been on the phishing crusade for a while now. We think that one of the best ways online businesses can protect their brands from phishing is by adding strong authentication to access their sites. And we’ve got an easy way for web developers to implement strong authentication without software, using web services calls to our service. See http://www.myonelogin.com/strong_authentication.html for more information.

A Comcast customer recently came across a file on the Scribd document sharing site containing thousands of Comcast accounts and passwords – including his own. The New York Times reported the story at http://bits.blogs.nytimes.com/2009/03/16/passwords-of-8000-comcast-customers-exposed/

It appears that the file was the result of phishing attacks, rather than a data leak from the Comcast site. Apparently only 700 of the accounts were for current customers, which would seem to limit the scope of the problem. But the Comcast user, Kevin Andreyo, points out that he used the same password for all kinds of accounts. I’m sure he was not alone in this.

So the theft of hundreds of passwords could in fact compromise thousands of accounts if attackers take the initiative to figure out what other applications people might be using.

We all know it’s good practice to set distinct passwords for all of our accounts – but there’s only so much room in our memories to manage those passwords. When convenience and security conflict, convenience almost always wins.

This is another good reason to let myOneLogin manage your business╒ web logins, rather than trusting everyone individually to do the right thing. You can set unique and strong passwords for each account.
Businesses can even set up accounts for their users without giving them passwords, for a truly phishing-proof login.

We put this new video on our http://sso.myonelogin.com home page yesterday.

Do you think it’s effective?

Please give us your feedback.  Is it: Terrific, Good, or needs work? Help us out and tell us why.