Securing your online accounts

By Mike DuBose and Blake DuBose

 

Americans are spending more time and money online than ever. Nearly 75% of respondents in a 2015 Pew Research Center survey said that they went on the Internet daily, and 21% reported going online “almost constantly” (that number rose to 36% in respondents aged 18-29). More than half of people now do most of their shopping online rather than in person, according to a 2016 Wall Street Journal article by Laura Stephens dealing with a survey of more than 5,000 shoppers. The Internet is also the second most popular place for Americans overall to get their news, following television. Amongst people less than 30 years old, it’s the most popular news source.

Countless amounts of data—images, words, music, video—pass through the Internet every day. Most people are just looking for entertainment, work, shopping, or learning…but there are others who are seeking something more sinister. They use viruses, malware, spyware, and other tricks to steal information, usually with the end goal of obtaining money. As organizations like Sony, Staples, and even the IRS have learned in recent years, successful attacks can be costly, both in terms of financial impact and client trust.

Create strong passwords. The US Department of Homeland Security says that “using long and complex passwords is one of the easiest ways to defend yourself from cybercrime.” Yet far too many people are pushing their luck by relying on simple, easily-guessed passwords—even ones like “password” or “123456!” Hackers can easily find or create programs that try variation after variation of password repeatedly until they hit upon the combination that works. Your best defense from these type of “brute force” attacks is to make your password as hard to guess as possible. Try using the following guidelines when crafting passwords:

• Do use at least eight characters in your password—the more there are, the more permutations hackers will have to go through to find the correct one.
• Don’t use words that can be found in the dictionary; they are too easy to guess. Mix them up with numbers and letters, or substitute symbols for letters (for example, “@” for “a”). According to Google’s page on creating strong passwords, “an eight-character password with numbers, symbols and mixed-case letters is harder to guess because it has 30,000 times as many possible combinations than an eight-character password with only lower case letters.”
• Don’t use easily-discovered personal information, such as your name, your kids’ or pets’ names, or birth year as part of your password.
• Don’t pick a password so random or complex that you’ll never remember it or will have to copy it from a sheet of paper every time you use it.
• Do create a passphrase—a series of words or numbers that means something special to you—then incorporate numbers, different cases, and symbols into it to make a complex password that is easy for you to remember. For an extra layer of difficulty, you can use only the first letters of each word of a longer phrase, interspersed with special characters.

Use separate passwords for each account. Though it might be more convenient to use the same password for all of your online accounts, this makes you extremely vulnerable. If a hacker somehow figures out that one password, he or she will gain access to all your accounts! Therefore, you should vary your passwords amongst your different accounts. It’s safer to do this and keep a written record of them (in a secure place away from your computer, of course) than repeat the same password or variations of a password on multiple sites.

If you don’t think you can remember multiple passwords or don’t feel comfortable keeping a written record of them, consider using a password manager. Password managers create unique, very strong passwords for each site you visit, and “remember” them for you. All you have to do is log into the password manager, and it will take care of logging you into all other sites. (Of course, you want to make sure your password for the manager itself is extremely difficult to crack!) Dashlane and LastPass were the two most highly recommended password manager programs in a November 2016 PC Magazine article, and both offer free versions.

Set up two-factor authentication. We spoke to multiple information technology professionals for this article, and one recommendation that came up repeatedly was two-factor authentication. Basically, this type of authentication requires you to prove your identity twice, adding an extra level of security. For example, if you set up two-factor authentication for Gmail, when you enter your username and password, you’ll then be prompted to enter a code that has been sent to another device (for example, to your cell phone via text message). This way, even if a hacker figured out your password, they would likely lack access to the code on your phone, and would not be able to get into your account. Many social media accounts, including Facebook and Twitter, can be protected in the same way.

Change passwords frequently. Many organizations that deal with sensitive information, such as banks or health insurance companies, require their staff to change passwords every month or so. Although this may sound inconvenient, it’s actually very helpful in thwarting cybercriminals. Most large-scale security breaches take place over a time period of several months in an attempt to “stay under the radar.” So, by changing passwords frequently, the organizations can often head off attacks before they start. The same thing goes for personal passwords: change them regularly to throw criminals off track.

Choose false information for your security questions. Most places where you have online accounts will also use security questions as an additional way to prove that you are you. The idea is to confirm your identity by asking questions only you would know the answer to—but, unfortunately, this isn’t always the case. For example, a security question might be, “What is the name of the street where you grew up?” This information is usually pretty easy to find with a little digging on Facebook and some Google searches. A better strategy is to inaccurately answer the questions, giving a response that only you will know—because it’s not true! If you think you will have trouble remembering the correct answers, write them down or save them in a password manager account.

Activate alerts. Most banks and credit cards now offer alerts. If someone uses your credit or bank card in a certain way (for example, buys something in another country or makes a purchase costing over a certain amount) and you have requested to be notified about the action, the company will call, text, or e-mail you. (In fact, if you request it, some credit card companies will send you an automated text every time your credit card is used.) If you get an alert and it was not an authorized use, you’ll know immediately and can move to freeze the card. Similarly, e-mail providers like Google will let you know if someone has signed into your e-mail address from an unfamiliar computer. Check your account to see if you have these options and set up alerts so that you are informed of any irregular activities taking place. (To avoid issues when travelling to other states or internationally, alert your credit card and banking companies of your travel plans.)

The bottom line: Strong passwords place an important line of defense between you and those who would like to obtain your sensitive personal, health, and financial information. Take the time create complex, varied passwords, change them regularly, and remain vigilant for any irregular activities on your online accounts. You’ll be glad you did!

For a detailed version of this article, visit www.mikedubose.com/cybercrime.

 

About the Authors: Our corporate and personal purpose is to “create opportunities to improve lives” by sharing our knowledge, research, experiences, successes, and mistakes. You can e-mail us at [email protected].

Mike DuBose received his graduate degree from the University of South Carolina and is the author of The Art of Building a Great Business. He has been in business since 1981 and is the owner of Research Associates, The Evaluation Group, Columbia Conference Center, and DuBose Fitness Center. Visit his nonprofit website www.mikedubose.com for a free copy of his book and additional business, travel, and personal articles, as well as health articles written with Dr. Surb Guram, MD.

Blake DuBose graduated from Newberry College’s Schools of Business and Psychology and is president of DuBose Web Group (www.duboseweb.com).

Katie Beck serves as Director of Communications for the DuBose family of companies. She graduated from the USC School of Journalism and Honors College.

© Copyright 2017 by Mike DuBose—All Rights Reserved. You have permission and we encourage you to forward the full article to friends or colleagues and/or distribute it as part of personal or professional use, providing that the authors are credited. However, no part of this article may be altered or published in any other manner without the written consent of the authors. If you would like written approval to post this information on an appropriate website or to publish this information, please contact Katie Beck at [email protected] and briefly explain how the article will be used; we will respond promptly. Thank you for honoring our hard work!