Are Your Online Accounts Protected?
You can’t live today without online accounts and passwords. If you are online at all, you probably have at least 10 of them to remember. Facebook, LinkedIn, email, Twitter, Snapchat, Bank, Credit Card, Evernote, Dropbox, Messenger, Snapchat, Network Access and I’m just getting started. Nearly every app you download for your mobile device wants you to create an account.
Many of these sites and apps have security features built-in to help us stay safe, but being secure still falls mostly on our shoulders. We often try to make it easy by using the same multi-purpose password. This has always been taboo but is now downright dangerous. It is quite common for a hacker who obtains a stolen list of passwords to attempt them on different sites.
For instance, the LinkedIn password theft a few years ago doesn’t seem that detrimental, particularly for a free LinkedIn user who signed up for an account but does not really use it. The problem is hackers used that password list to try to crack accounts on other systems. If you were part of the breached password list on LinkedIn and you used the same credentials for Amazon, the hacker or multiple hackers likely attempted that combination on your Amazon account which unfortunately means access to any stored credit cards as well.
How do we stay secure in this password-crazy environment? We all know the basics by now. Always use at least 10 characters including numbers and symbols. Don’t use names, birthdays, pet names, or really anything that makes sense to anyone other than maybe yourself in a very cryptic way. And, very importantly, don’t use the same credentials for multiple sites or apps.
Taking a few more simple steps with your credentials can really up your security game:
1. Turn on Multi-Factor Authentication
MFA stands for Two Factor Authentication. We all use it for banking and financial sites. Many other sites will allow you to optionally turn it on. For instance, your Gmail account which may seem not critical depending on how you use it has a spot in settings to turn it on. It texts you a code, and each time you sign in, you have to use your password and a code. The thing is, your Gmail may actually be important. It may even have emailed credit card statements, bank statements, and other items. Other programs like LogMein, Amazon, and even Facebook have options to turn on 2FA.
2. Change Your Password
It is rare for eCommerce shopping sites, social sites, and even many financial sites to make you change your password. It is possible you have had the exact same password for years on many of these sites. It is a good idea to periodically change these even though not required. Many past password breaches have been in the wild, but not taken advantage of for months or even years. Implementing a process where you change your password by choice on these sites every three to six months will help keep you secure.
3. Don’t Store Passwords on Your Computer
When your browser asks you if you would like to store your password for this site, your gut reaction should always be NO. When you store them, they are accessible to the browser when needed, and even though more secure than in the past, they are still available to a browser hack or a hacker who gains remote control of your system through a Trojan virus or other malicious code.
4. Never Email Passwords
In today’s hack-prone world, it is downright dangerous to email passwords. Even when you are emailing them to someone you know and trust, the concern is not them, it is where that email flows on its way to them. Much of today’s email is encrypted while in transit, but when sitting in an inbox, it is openly readable. If a virus has infected the recipient’s email, your password is exposed.
Email hacking is not a sometimes occurrence. It happens all of the time. We recently spent time investigating and remediating just this type of problem for a firm whose email was hacked. Information about their private real estate transactions was being sent to a hacking network that was contacting parties to the transaction and masquerading as them.
5. Use a Password Vault Program or App
People often ask me if these are safe. My answer is always that they are safer than the alternative. If you don’t have a method for tracking and securing passwords, you tend not to make them complex and secure. With a password vault, you always have a record of your passwords. Most password vault software companies encrypt your credentials so that even they cannot read them. I personally use Keeper, by Keeper Security.
6. Use This Trick to Create a Password
Quite a long time ago, someone recommended using a trick for generating passwords and I’ve found it to be quite effective. They suggested picking a phrase and using the first or last letters to help in creating a password.
For instance, we could use a favorite quote to generate a password:
“No man has a good enough memory to be a successful liar.”
— Abraham Lincoln
When we use the first letters of each word only, this phrase becomes “Nmhagemtbasl.” Next, to make it meet complexity standards, we make a few changes by swapping out a few letters for numbers and including a special character— “Nmhagemtbasl@16.” We now have a cryptic password that can still be remembered by repeating a simple quote in our head.
Most information breaches start with the discovery of a login and password. With a few simple changes, you can greatly decrease your likelihood of being hacked. Security requires vigilance on all of our parts, so let’s take it up a notch!
A specialized IT Team is what we offer at CTaccess — and that team strives to deliver laser-focused care and attention to our clients and their businesses every single day. If you don’t have an awesome IT Pit Crew in your corner yet, we’d love to talk to you about what our top-notch team can do for yours.
Scott Hirschfeld is the President of CTaccess, a Brookfield IT support company that has been helping businesses stop focusing on IT and getting back to doing business since 1990. Under his leadership CTaccess provides the business minded approach of larger IT companies with the personalized touch of the smaller ones. Connect with Scott on LinkedIn.