In the News
In The Under Armour Hack Was Even Worse Than It Had To Be, Lily Hay Newman discusses the lack of sufficient hashing functions for some passwords collected by Under Armour’s MyFitnessPal app and its implications on the app’s recent security breach. Newman examines the two types of hashing functions used by Under Armour’s MyFitnessPal on user passwords, and how the inconsistency impacted the security of the underlying data.
Our Take
It’s tempting to assume that large, well-known companies incorporate good security practices in their development of high profile apps, but this is not always the case. Manufacturers are often incentivized to produce things cheaply and efficiently rather than securely, especially as breaches become more common and our collective attention span becomes shorter. It is vital that companies protect their user’s information, but it is also critical for users to be skeptical and to secure what they can themselves.
Recommendations
So how can you protect your personal information on apps?
- Understand the risks associated with giving out personal information, and only share what is absolutely necessary
- Create strong passwords and change your passwords regularly
- Do not reuse passwords across accounts, in case one account is compromised through no fault of your own
- Refrain from downloading apps that you are unfamiliar with or that you cannot verify are secure
- For apps that you are familiar with, consider the paid version; $2-3 may be worth the additional security features and the decreased chance of malware infection