Online security is a growing problem, and will continue to be. The suggestions below are intended to be helpful and practical. Implementing them may seem overwhelming, but are strongly recommended. Even if you take a gradual approach to implement these ideas, you will be more secure.
- You should never use the same password or just a few passwords for all of your online activities.
- You should try to use as many unique passwords as possible.
- Your passwords should be strong, which means they should contain at least 8 characters or more, and have at least one of each of the following, as permitted by a specific website: capitalized letter, lower case letter, number, other type of item (such as @, #, $, %, *, &)
- Bad passwords: 1234567, password, Mary123
- Better passwords: g8*RT@wj, RtyU&3#5
- See the difference?
- You should change your passwords at least 2 times per year. As many people use the change to and from daylight savings time to check their smoke detector batteries, the same can apply as a reminder to change your passwords two times per year.
- When asked for security questions, you should not use the same questions and answers over again across multiple websites. If a website was hacked, this backup security provision would then be worthless at other websites.
- Do not store your passwords on a piece of paper or sticky notes. Do not carry them around in your briefcase or purse.
- For security questions, be creative. It is not a quiz. You don’t need to use real answers. For example, if the question asks you what street you grew up on, you don’t need to use the real name of the street. Make up a different street name, and keep track of it.
- This strategy is recommended, as many of the questions ask for items that could be public knowledge or easily searchable by someone else.
- Sample question and answers:
- City you were born in? Bad answer: Detroit
- Good Answers: Costco, Macy’s, red, Middlebelt
- These recommendations may sound complicated and difficult to implement. If you use a password manager program, such as 1Password or LastPass, implementing these suggestions is much easier and realistic. These applications can store and enable you to retrieve all your passwords, security questions and other data. These programs can be added to your computer, laptop and mobile devices such as an iPad and cell phone.
- I have used 1Password for a number of years. It takes a little learning, but it is incredibly worthwhile and a huge timesaver.
- See my prior blog post on using 1Password, Click here.
- If you get an email notification from a website or financial institution, you should not click on the link in that email, as it could be fraudulent. It is better to go the website directly yourself and login to handle the matter. This way you will know that you are actually going to the website you intend to.
- If you go to a website and you need to have them send you a new password, username or security question, be sure to then change that item again, after you have logged on. Then you should delete the email they sent to you, with the new information.
- For example, if you forget your password to wsj.com and they email you a new one, you should logon to wsj.com, use the new password they just provided, then immediately change it to a completely different password that you have not previously used.
- Do not ever respond to requests for money or wire transfers, even if sent from a good friend or someone you know, stating it is urgent or an emergency. If you get an email request from a friend for money, always call the person. Verify the authenticity of the request, but not via email or online. This account may have been hacked and the person you are replying to may be a hacker, even though you think it is someone you know.
- Do not email your social security number, your birthdate, or credit card numbers and security code.
I recently attended a conference that featured cyber security experts from Charles Schwab. One of the speakers was formerly with the FBI’s cyber security division. They explained that online hacking and obtaining your passwords, user names, etc. is a huge business. These hackers know that most people (73%) use the same passwords across nearly all the websites they log into.
Hackers may obtain your login information from something like espn.com (non-financial) or your e-mail account. Once they have one piece of information, it may be useful to them to start to gathering other data and eventually accessing your bank, credit card or more personal websites. This is why I’m recommending all these steps above.
I hope you take the time to implement these recommendations. Change a few passwords today!