Your username and passwords are under seige. And the bad guys are getting really good. Don't believe me? Ask the Democratic National Committee about its email accounts, large companies, or government agencies. They've learned the hard way. Massive security breaches are wide spread and taking place daily. When these major entities are at risk, don't think that the username and the same password that you use for multiple sites are safe! The US Securities and Exchange Commission says that cybersecurity is the biggest risk facing the financial system. Security experts estimate that hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded by the criminal underworld. This means that you may be exposed to cybercrimes either now or in the future.
After listening to the hosts of the popular podcast Reply All (episode #91 The Russian Passenger)1 investigate how their boss's Uber account was compromised, I'd like to provide you with quick actionable tips that you can implement immediately to protect yourself.
Have you Been Pwned2?
Ever heard of this website? I hadn't. Troy Hunt, a Microsoft Regional Director and international speaker on web security, created this free database where you can search your email address to see if you've been put at risk due to an online account of yours having been compromised.
Enter your email address. Don't forget to check each of your email accounts if you have multiple. Now that if your search comes back with "Good news -- no pwnage found," this is good but does not guarantee that you are safe. It simply means there has not been a publicized breach that included your email. You should still read on and take precautions.
If your account returns "Oh no — pwned," you need to change your password(s) ASAP.
Screenshot of my own search: I've been pwned.
Use A Password Manager
Eliminate Weak and Duplicate Passwords
Data suggests that between 31% and 65% of people use the same password at multiple sites. Despite my well intentioned efforts to use different passwords at each site, I am guilty of using the same password for several websites. This is a major problem because if your username and password are compromised at one website, cybercriminals use automated means to test your credentials against other unrelated websites (a.k.a. credential stuffing.) This means a single hacked password could lead to a cybercriminal potentially taking control of your email account and online bank accounts.
Most people do not use complex enough passwords. By using a password manager, you can easily implement the use of unique, highly complex passwords for every one of your accounts. That means you can use a 16-character password like @2a&AY8mePu8HU@H for logging into your email account and a completely different password for shopping at Amazon.com. A password manager requires you to remember a single master password (DO NOT LOSE this password!) and can sync across all of your Windows, Mac, Android, and iOS devices. Check PC Magazine's The Best Password Managers of 2017 to see which one works best for you. I'm using LastPass, and it is working very well.
Add Two-Factor Verification
Remember, your overall security may only be as secure as your email account. If a cyber criminal gets into your email, he/she has the ability to change your password and other profile information at other accounts because change confirmations are sent via email. Also, there is a lot of wire fraud taking place because cybercriminals who hack your email account try contacting your bank while impersonating you.
Once you start using a password manager, the next step is to add two-factor authentication on your email and other accounts where available. Gmail, Yahoo!, Outlook.com and other email providers offer a second level of security by requiring a verification code from your mobile device in addition to a username and password at log in. Although this feature varies across providers, many allow you to set "trusted computer" settings so that you do not need to input the verification on your home computer every time that you log in. Whenever accessing your account from a new device, you will be prompted for the verification code. Two-factor verification can go far in preventing data breaches because a would be thief would not need your mobile phone in addition to your password.
The US Securities and Exchange Commission says that cybersecurity is the biggest risk facing the financial system.
- 5 Tips to Keep Thieves Out of Your Bank and Brokerage Accounts
- 7 Things To Do Right Now Because Your Personal Data Is Under Attack
- 3 Steps to Protect Your Brokerage Account From Cybercriminals
I encourage you to implement these easy steps immediately. Do not waste a minute. Lock down your passwords and online accounts like the security of your digital identity depends on it. Because, it does.
Has your email account or other online account ever been hacked? What did you do about it? Will you implement the above to protect your accounts?
1 If you're interested in learning more about how hackers steal people's information, listen to the follow up episode entitled #93 Beware All where the case of Alex Blumberg's hacked Uber account is solved.
2 A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."