ransomware.jpeg

Cybersecurity: How to Lock Down Passwords and Protect Your Digital Life

Your username and passwords are under seige.  And the bad guys are getting really good.  Don't believe me?  Ask the Democratic National Committee about its email accounts, large companies, or government agencies. They've learned the hard way.  Massive security breaches are wide spread and taking place daily.  When these major entities are at risk, don't think that the username and the same password that you use for multiple sites are safe!  The US Securities and Exchange Commission says that cybersecurity is the biggest risk facing the financial system.  Security experts estimate that hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded by the criminal underworld.  This means that you may be exposed to cybercrimes either now or in the future.

After listening to the hosts of the popular podcast Reply All (episode #91 The Russian Passenger)1 investigate how their boss's Uber account was compromised, I'd like to provide you with quick actionable tips that you can implement immediately to protect yourself.       

 

Have you Been Pwned2?

Ever heard of this website?  I hadn't.  Troy Hunt, a Microsoft Regional Director and international speaker on web security, created this free database where you can search your email address to see if you've been put at risk due to an online account of yours having been compromised.

Enter your email address.  Don't forget to check each of your email accounts if you have multiple.  Now that if your search comes back with "Good news -- no pwnage found," this is good but does not guarantee that you are safe.  It simply means there has not been a publicized breach that included your email.  You should still read on and take precautions.

If your account returns "Oh no — pwned," you need to change your password(s) ASAP.

 

pwned.jpg

Screenshot of my own search: I've been pwned. crying-face.png

 

Use A Password Manager

Eliminate Weak and Duplicate Passwords

Data suggests that between 31% and 65% of people use the same password at multiple sites.  Despite my well intentioned efforts to use different passwords at each site, I am guilty of using the same password for several websites.  This is a major problem because if your username and password are compromised at one website, cybercriminals use automated means to test your credentials against other unrelated websites (a.k.a. credential stuffing.)  This means a single hacked password could lead to a cybercriminal potentially taking control of your email account and online bank accounts.

Most people do not use complex enough passwords.  By using a password manager, you can easily implement the use of unique, highly complex passwords for every one of your accounts.  That means you can use a 16-character password like @2a&AY8mePu8HU@H for logging into your email account and a completely different password for shopping at Amazon.com.  A password manager requires you to remember a single master password (DO NOT LOSE this password!) and can sync across all of your Windows, Mac, Android, and iOS devices.  Check PC Magazine's The Best Password Managers of 2017 to see which one works best for you.  I'm using  LastPass, and it is working very well.

Add Two-Factor Verification

Remember, your overall security may only be as secure as your email account.  If a cyber criminal gets into your email, he/she has the ability to change your password and other profile information at other accounts because change confirmations are sent via email.  Also, there is a lot of wire fraud taking place because cybercriminals who hack your email account try contacting your bank while impersonating you.

Once you start using a password manager, the next step is to add two-factor authentication on your email and other accounts where available.  Gmail, Yahoo!, Outlook.com and other email providers offer a second level of security by requiring a verification code from your mobile device in addition to a username and password at log in.  Although this feature varies across providers, many allow you to set "trusted computer" settings so that you do not need to input the verification on your home computer every time that you log in.  Whenever accessing your account from a new device, you will be prompted for the verification code.  Two-factor verification can go far in preventing data breaches because a would be thief would not need your mobile phone in addition to your password.

The US Securities and Exchange Commission says that cybersecurity is the biggest risk facing the financial system. 

Additional Reading


I encourage you to implement these easy steps immediately.  Do not waste a minute.  Lock down your passwords and online accounts like the security of your digital identity depends on it.  Because, it does.

Hire a Better Adviser Checklist

Has your email account or other online account ever been hacked?  What did you do about it?  Will you implement the above to protect your accounts?


1 If you're interested in learning more about how hackers steal people's information, listen to the follow up episode entitled #93 Beware All  where the case of Alex Blumberg's hacked Uber account is solved.

2 A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."

Share This Story, Choose Your Platform!

About the Author: Andrew Wang

Andrew Wang

IMPORTANT DISCLOSURE INFORMATION

Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Runnymede Capital Management, Inc.), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from Runnymede Capital Management, Inc. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. Runnymede Capital Management, Inc. is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. A copy of Runnymede Capital Management, Inc.’s current written disclosure statement discussing our advisory services and fees is available for review upon request.