The Next Best Thing to Spy Movie-Style Retinal Scanners

I recently read a TIME article that included a litany of interesting keywords—fraud, Russians, hackers, Americans, tickets, Justin Timberlake, data analytics, U.S. Secret Service and the Yankees.

Basically, a group of people got together, obtained user names and passwords for more than 1,600 StubHub accounts, bought tickets through those accounts and resold the tickets at a profit, resulting in more than $1 million in damages to StubHub. How the user names and passwords were obtained is unknown—and isn’t really the point.

What if someone obtained your PayPal, Gmail or E*Trade account user name and password? Do you think they’d just look around harmlessly? Or would they try to rip you off by funneling funds out and then deleting your emails after learning everything about you? Worse yet, what if you used the same user name and password on multiple sites? That person could run rampant through all your accounts.

If we just had a spy movie-style retinal scanner we could use every time we logged on, this problem would be solved. Unfortunately, that’s not the case, but there’s a very solid alternative:  two-factor authentication.

Do yourself a favor and get familiar with this security technique, which combines something you know (like a user name and password) with something you have (like a cellphone). You might prevent a hacker from accessing your accounts.

Lifehacker has a great article and video explaining two-factor authentication in more detail. So does TechCrunch, where I also learned there’s a community-driven list keeping track of all the primary sites that support some form of two-factor authentication—and calls out those that don’t.

Until spy movie-style retinal scanners are commonplace, the simple two-factor authentication technique might just save you a lot of heartache.


Tom is a senior managing consultant with BKD’s Forensics & Valuation Services team. He has provided fraud investigation, litigation support, computer forensics, data mining and business valuation services. His experience includes managing large forensic accounting, fraud investigation and data mining projects.

Tom Haldiman – who has written posts on BKD Forensics.

Leave a Reply

Your email address will not be published. Required fields are marked *