Field of the Invention
Embodiments of the present invention generally relate to computer security and, more particularly, to method and apparatus for protecting identity information.
Description of the Related Art
Present day computer systems exchange information extensively through a telecommunications network, such as the Internet. For security purposes, these interactions involve many transactions that may require a user's identity information such as, login information, passwords, social security number, birthdate or other user credentials, to be entered. The user identity information is under constant threat from malicious agents or phishing attacks, in which a phisher misguides a user to a “fake” website that looks substantially identical to a genuine website. Thereafter, the user discloses his or her identity information to the phishing website while believing they are logging into a genuine website. Here, the user security information is compromised and this information may then be used by the phisher for purposes malicious to or undesirable for the user.
To compound the problem, users often reuse the same login information (e.g., password, username, and the like) for numerous accounts (e.g., websites, applications, etc.). While it may be convenient for the user to reuse the login information and/or derivatives of the login information, this identity information can be easily compromised leaving the user open to identity theft. If the login information is compromised for one site, it may be compromised on every site where the same or similar login information is used. Furthermore, the compromised login information may be used to obtain other identity information (e.g., SSN, driver's license, credit card numbers, other login information, and the like). For example, once access is gained to a particular website by an unscrupulous entity, the personal information on that website is accessible. As more accounts are compromised, more and more personal information can be gathered.
Due to a compromise of the login information at one account, all accounts which share same or similar login information, may potentially be compromised in an “avalanche effect”. Even if the first compromised account does not contain any secure information, other potentially compromised accounts may contain secure information, for example, identity information, (e.g., social security number, credit card information and the like).
Having secure information compromised may be extremely detrimental to the user. For example, an identity thief may use the information for fraudulent purposes, such as, charging expenses, submitting instructions, and the like, on behalf of the user. The damage to the user may include bad credit, charges for items not purchased by the user, foul or inaccurate messages sent to a third person and the like. In most cases, the user may not realize their identity information is stolen until substantial damage has occurred.
Accordingly, there exists a need for method and protecting identity information after detection of a potential threat to identity information.