All apps carry risk, says cyber-security expert

How was it someone was able to buy food in Montreal using a Halifax resident's McDonald's app?

It could have happened any number of ways, according to Ron McLeod, a cyber-security instructor at the Nova Scotia Community College in Halifax.He has worked in the cyber-security field for 30 years.

"The first thing you have to understand is that there is no geography in the internet," McLeodsaid.

"The fabric of the internet wraps around the globe and passes through geographical boundaries as if they weren't there. So there is no correlation, no one-to-one correlation, between your location and where the data is moving or where it's being used."

In other words, everyone sits in the same room in the digital world.

Over the weekend, CBC News reported on a story about two people in the Halifax area whose McDonald's apps were used to purchase food in Quebec.

McLeodsaid he couldn't commentspecifically onMcDonald's app technology or what happened to those app users, but when he read the story he said there was nothing overly unusual about it.

"So just generally speaking, people have to take a certain degree of care when they're working in the online world," he said.

"We see them as apps that can get us food, but in actual fact they are connections into our life and theyare connections that can be open to anybody if they're not used properly."

McLeod said any app carries a risk. He said it doesn't just have to be banking information, it can be just information about the customer.

He said there are ways people can do to better protect themselves.

Multi-factor authentication is a must

McLeod said those wanting to protect their banking information shouldn't have it linked to an app if the app doesn't offer a multi-factor authentication process.

That authentication requires an extra step to log into an account after someone types in theirusername and password.

The extra step could be a code sent as a text message to a phone that comes with a time limit to enter it in.

"Don't use a consumer app that is going to put your financial information at risk," he said. "Your personal data is at risk if it doesn't offer a multi-factor authentication."

Companies like Google and Apple are already using the technology.McLeod says he anticipates most companies will be using it within a year.

Create really long passwords

When it comes to creating a password, McLeod recommends taking advice from the U.S.'s National Institute of Standards and Technology and pick a long one.

"So I would typically use like a 22-character password because the further you go up in length of the passwords the harder it gets to guess," McLeod said.

He said not to use a word or phrase that could be looked up in a dictionary.

He suggests choosing a favourite phrase and taking the first letter from each word in the phrase and using that to create part of the password.

"You're never going to forget the phrase," he said. "And as long as you repeat it to yourself and you just type in the first letter of each word, you can have a very, very long password and it's very easy to remember and almost impossible to guess."

Other tips from theNational Institute of Standards and Technology include making sure passwords don't have repetitive or sequential characters.

Keep passwords private, especiallyin public Wi-Fizones

McLeodsaid people need to exercise personal responsibility when it comes to protecting passwords.

Hesaid to keep them confidential but it goes beyond simply keeping a password a secret from friends or not writing out passwords in an email.

If someone is using a public Wi-Fihot spot, McLeod said there's a chance someone else could see what they're doing all it would take issomeone sitting nearby with the "right piece of hardware."