In preparation of Fraud Awareness Week, we asked one of CRBG’s Database Administrator & IT Specialists, Michele C., to provide information on how our members and readers alike can protect their accounts from hackers—and more importantly, fraud.
What’s the harm?
Considering the amount of business now conducted online, cyber criminals are devising new ways to hack into company networks and websites. According to the WhiteHat Security Website Security Statistics Report, 86 percent of all websites they tested were found to have at least one serious vulnerability exposed to attack every single day of 2012. These attacks are increasing at a rapid pace as cyber criminals perfect their methods.
What can I do?
The most important safeguard you can implement is the creation of different passwords for different sites. If you use the same password for your Amazon account, you’ve just enabled “Joe Cybercriminal” the access to shop the world’s largest marketplace using YOUR linked credit card. Use the same one for your retirement account, you could give someone access to siphoning off your savings. Use the same one for your email account and you’ve just given them the keys to access every account you manage online by way of the ‘forgot my password’ feature that e-mails your password to the email on file.
Don’t beat yourself up though, you’re not alone, in 2013, the five most common passwords revealed from hacks as reported by Network World were:
Even the US Government went the easy route with a passcode that didn’t need a cryptologist to crack. Between 1960 and 1977 the secret code allowing US Presidents to launch nuclear missiles was 00000000. (http://qi.com/infocloud/passwords)
Hack-proof your passwords
How do I choose a password that even the best cryptologist would struggle with deciphering? Here’s 4 ways:
- Make it complex by using:
- Upper case and lower case letters
- Symbols (e.g., $ @ ! ^)
- Replace the letter “o” with a “0” (zero), or “E” with a “3” or “a” with an “@”.
- Make it a minimum of eight characters long using at least one number and one symbol.
- Test your password strength at microsoft.com/protect/yourself/password/checker.mspx.
Never leave written passwords exposed for others to see—lock them in a secure place, and do not store them unencrypted on your computer. Also, any time you’re given a two-factor authentication option, use it! In addition to your username and password, a unique code is sent via text message (or to the app), and needs to be entered on the website in order to gain access. The benefit of this method is even if a hacker gains access to your password for the site via a breach, they would also need access to your phone in order to get the code. An added advantage is it alerts you that someone is accessing your account when you receive an unexpected text message.
Consider using a secure password manager. There are many applications that are available to secure your passwords. Many of these apps also enable you to generate strong random passwords. They store the encrypted password on your computer or device and integrate with your web browser enabling a seamless login experience. Make sure you use a strong password on the password manager as well as the phone, tablet or computer that houses the manager.
As with most things, an ounce of prevention is worth a pound of cure. While the idea of remembering your multiple hacker proof passwords sounds daunting, it’s better to be at the front end of securing your information rather than cleaning up the possible aftermath of a hacker accessing your personal information.