The layman guide to concepts that keep your online account secure – Part 1

In the past two decades, we have seen a dramatic growth in terms of what the internet can offer us: social media, on-demand video streaming, video conference and online shopping. All of these developments have enabled us to connect and communicate with anyone across the world, access content such as movies and TV series, and to buy and ship anything we need or want across the world.

For us to access any of these online services, we need to create an account with the service provider. As part of account creation, we need to specify an username or email address and a password. Either during or after the account creation, we might be asked to setup either 2-factor authentication or multi-factor authentication with the objective of keeping our online accounts more secure and resilient to malicious activities such as hacking.

But, have you ever wondered why you should be setting up or enabling 2FA or MFA?

In this multi-part series, we will be exploring the various concepts and the why using simple analogies to help you understand what is going on.

First up, let’s have a look at the most basic form of security: the use of username and password.

Securing your account using only a username and password

The use of an username and password is one of the most basic security tool we have to keep an account secure. It is a way for us to verify that someone is who they say they are.

Now, let us imagine that the accounts we create and use on these online sites are apartment units and apartment buildings respectively. We do not need to care about where the apartment buildings are in the world since we don’t really care where a website is hosted.

In order to keep the apartments secure and only allowing the rightful tenants to enter, the building management hires multiple security guards to stand by the main entrance of each apartment. The security guard is like the login form we use to login to any website. There is no security guard for the apartment buildings just like anyone can access any website.

Whenever the tenant wants to enter their apartment, they will provide some form of identification to the security guard. In this case, the tenant’s face is the equivalent of the username and the password is the secret message that only tenant and the security guard knows. Not even the building management know about it.

Once the security guard have seen the tenant’s face and they whispered into the security guard’s ears the secret message, the guard open the door for the tenant and let them in. In the event that someone else tries to access the tenant’s apartment, the security guard won’t let the stranger in if they don’t look like the actual tenant and knows the secret message.

The only advantage of implementing security like this is convenience.

However, this is not very secure.

Let’s say a stranger managed to 3D print a mask that look exactly like the target tenant. They put the mask on and could walk up to the security guard. Now, all the security guard need to do is to wait for the person to provide the secret message.

This analogy is akin to what happens during a data breach. Whoever hacks the site and gain access into the database system now has a partial idea of who we are. This means they could easily masquerade as any user to gain access into the account.

Making matter worse, many sites tend to implement some sort of password limitation such as:

  1. Maximum arbitrary password length
  2. Restricted symbol or character use

Such limitations is akin to having the security guard standing outside your apartment saying they could only remember the secret message of a certain length or they lack sufficient vocabulary to understand you.

It is not difficult to imagine what will happen.

Let’s say the security guard only knows basic English and the tenant decide to choose “apple” as the secret message. That means anyone else well-versed in English or carries a dictionary will be able to trick the security guard into letting them with a lifelike 3D mask and going through the list of English words they could think of. This is akin to a dictionary attack.

And what if the security guard underwent lots of education and have extremely good memory. With that, the tenant can now share with the security guard a complex secret message. In this case, let’s use “I am a person and likes to eat an apple” to represent a very complex password.

With such a “complex” message, it is very difficult, if not impossible, to figure out what is the secret message no matter how good the stranger is. Not only does the stranger have to know what are the words used, they have to figure out where each word go in the sequence.

And hopefully with this, you can understand why it is necessary to use a more complex password.

But, we should also remember that technology like is only going to improve further in terms of capabilities and performance. Figuring out complex password will only take shorter time with each passing year.

This is why we need to introduce another layer (also known as factor) of security. This is thus known as Two-Factor Authentication(2FA).

At the fundamental level, 2FA relies on exactly two factors to verify the authenticity. One factor is “what we know “. The next factor is “what we own or possess”

A good place where we see 2FA in action is during withdrawal of money from an ATM. We provide a bank card (what we own) and a pin (what we known) to the machine. Once the system verified who we are, we will be able to perform banking transactions.

You might have also come across the term Multi-factor Authentication(MFA). This refers to the use of several security mechanisms for a user to demonstrate their identity.

In the next section, let us first explore 2FA. Since there are many flavours of 2FA, the easiest flavour to implement is the use of SMS token. This is why it is commonly used by companies.

Further secure your account with SMS 2FA

Sites that use SMS 2FA will generally request that you provide your mobile number so that they can supply you with a one-time code that you can use on the site.

Let us go back to the apartment analogy to explore how SMS 2FA works and why it is the weakest of any 2FA implementation.

After a spate of break-ins, the building management decided to improve security and safety of the apartments by installing key-based locks on every door and changing the locks every day. This is in addition to the security guards standing outside the apartments. You might be thinking that installing and changing doors on each door every day is infeasible in reality but that is not the point of this analogy.

In order for the apartments to receive a new set of keys and locks, the building management set up a Security Room in the basement. Now, tenants (new or existing) are to register themselves once at the front desk and collect a name tag to identify them. This is to enable each tenant to receive the key that they can use to unlock their door every time they need to enter their apartment. This act of registering with the front desk is akin to users registering their mobile phone with the site after they have created their account.

Whenever the tenant wishes to enter their apartment, they exchange the secret message with the security guard. Then, the guard will contact the front office via walkie-talkie to get them to dispatch the key for the apartment.

The front desk will coordinate the key requests before contacting the Security Room keys to be delivered to the requesting tenants. The Security Room will send concierges with the correct key to meet with the tenants, identifying them by their name tag. This represents the SMS message containing the one-time password being delivered to your phone.

What the concierges will do is to search within the building for their tenant to hand the key over.

Generally, this handover process happen without issue. The tenant will receive their key just in time and could proceed to unlock their doors. Going back to reality, this means the account owner receives the sms message via their phone and could enter the one-time password into the site to log in to their account.

However, it is possible for the sms message to be lost due to network issue, or worse, routed to the wrong person due to a form of fraud called SIM swapping. Using our analogy, the former is the equivalent of the concierge losing their way and exited the building while the latter is equivalent to someone wearing the same name tag as you, knows the secret message and wears a mask that look like you. Now, tricking both the concierge and security guard becomes very easy.

The security of your account can be improved further. In the next part of this series, we will look into using token generation via a device you own for 2FA.

10 Wi-Fi terms that you should know

Have you ever taken a look at the Wi-Fi logs generated by your router?

Or if you are on a Mac computer, have you seen the details of the Wi-Fi connection by pressing and holding the Option key while you click on the Wi-Fi icon?

Do you wonder about what do those terms that you see in those places mean? In this article, we will look at 10 Wi-Fi terms that you may come across.

1. HT

HT is short for High Throughput and is the alternative name for 802.11n (Wi-Fi 4). The reason behind the name was due to the speeds improvements, which can range from anywhere between 72mbps to 600mbps, thus making it a lot faster than 802.11g (Wi-Fi 3).

The new technologies introduced with Wi-Fi 4 enable support for more antennas which in turn enable higher data rates, adding 40 MHz channel width, 5GHz band and standardising Multiple Input and Multiple Output (MIMO).

2. VHT

VHT or Very High Throughput is the alternative name for 802.11ac (Wi-Fi 5). It is designed to be the successor to HT. With Wi-Fi 5, wireless communication over the 5GHz band is improved with new technologies, enabling speeds ranging from anywhere between 433mbps to 6933mbps.

Some of the new technologies for Wi-Fi 5 include support for optional 160 MHz channel width and mandatory 80 MHz channel width, increasing the number of MIMO streams from 4 to 8 and 256-QAM support.

3. HE

HE is short for High Efficiency and is the alternative name for 802.11ax. The reason behind this name stemmed from new technologies that improve efficiency and performance. Some of these new technologies include OFDMA and MU-MIMO. For more information about Wi-Fi 6, check out this explainer.

4. MCS Index

MCS Index or Modulation and Coding Scheme Index is a unique reference value that identifies the combination of the following:

  1. Number of Spatial Stream
  2. Modulation Type
  3. Coding Rate

When this value is combined with the Wi-Fi channel width, it allows you to quickly calculate the likely data rate of a given connection. Naturally, the larger the MCS index value, the better as it indicates a faster Wi-Fi connection.

5. NSS

NSS or Number of Spatial Stream refers to the independently and separately coded data signals that are transmitted from multiple antennas of an Access Point (AP). MIMO wireless communication use this technique to increase the throughput of a communication channel by sending and receiving multiple data signals simultaneously.

6. RSSI

RSSI or Received Signal Strength Indication in the Wi-Fi context refers to the relative received signal strength in some arbitrary units. It is calculated from the perspective of the receiving radio. Generally, the greater the value, the stronger the signal. Therefore, it is common to see them represented in a negative form since the closer the value is to zero, the stronger the signal strength.

7. Tx Rate

Tx Rate or Transmission Rate refers to the transmission speed of the wireless communication channel from the perspective of the client device. Naturally, the higher the value, the faster the connection since more data can be sent from the client.

8. Rx Rate

Rx Rate or Receive Rate refers to the receiving speed of the wireless communication channel from the perspective of the client device. Naturally, the higher the value, the faster the connection since more data can be received by the client.

9. DFS

DFS or Dynamic Frequency Selection allows a wireless network to use 5GHz frequencies that are reserved for use by radar stations. Without this feature, ApPs are limited to the following 20 MHz channels:

  1. Channel 36
  2. Channel 40
  3. Channel 44
  4. Channel 48
  5. Channel 149
  6. Channel 153
  7. Channel 157
  8. Channel 161
  9. Channel 165

In environments such as an apartment building where multiple APs can be deployed, this can slow down network performance due to the increased wait time brought on by congestion.

With DFS, the issue of congestion is mostly resolved as APs can use 16 additional channels on the 5 GHz band, thus leading to improved performance. These 16 channels are known as DFS channels.

However, if there is a radar station nearby using any of the DFS channels, the AP will detect that and switch to one of the non-DFS channel. When that happens, client devices will temporarily lose internet connection while they re-establish connection.

10. MUBF

MUBF or Multi-User Beam-Forming is an extension of beam-forming to support multiple receiver devices.

And what is beam-forming then?

Beamforming is a technique that allows an AP to focus radio signals towards a receiver. The AP does this by transmitting multiple radio signals from its antenna array in a manner that results in both constructive and destructive radio interferences. The destructive radio interference will cancel the transmission in the directions that have no receiver while constructive radio interference will increase the power of the transmission towards the receiver, thus improving the transmission quality and range.