Cybersecurity: How to Lock Down Passwords and Protect Your Digital Life

Your username and passwords are under siege.  And the bad guys are getting really good.  Don't believe me?  Ask the Democratic National Committee about its email accounts, large companies, or government agencies. They've learned the hard way.  Massive security breaches are wide spread and taking place daily.  When these major entities are at risk, don't think that the username and the same password that you use for multiple sites are safe!  The US Securities and Exchange Commission says that cybersecurity is the biggest risk facing the financial system.  Security experts estimate that hundreds of millions of hacked usernames and passwords for email accounts and other websites are being traded by the criminal underworld.  This means that you may be exposed to cybercrimes either now or in the future.

After listening to the hosts of the popular podcast Reply All (episode #91 The Russian Passenger)1 investigate how their boss's Uber account was compromised, I'd like to provide you with quick actionable tips that you can implement immediately to protect yourself.       


Have you Been Pwned2?

Ever heard of this website?  I hadn't.  Troy Hunt, a Microsoft Regional Director and international speaker on web security, created this free database where you can search your email address to see if you've been put at risk due to an online account of yours having been compromised.

Enter your email address.  Don't forget to check each of your email accounts if you have multiple.  Now that if your search comes back with "Good news -- no pwnage found," this is good but does not guarantee that you are safe.  It simply means there has not been a publicized breach that included your email.  You should still read on and take precautions.

If your account returns "Oh no — pwned," you need to change your password(s) ASAP.



Screenshot of my own search: I've been pwned.


Use A Password Manager

Eliminate Weak and Duplicate Passwords

Data suggests that between 31% and 65% of people use the same password at multiple sites.  Despite my well intentioned efforts to use different passwords at each site, I am guilty of using the same password for several websites.  This is a major problem because if your username and password are compromised at one website, cybercriminals use automated means to test your credentials against other unrelated websites (a.k.a. credential stuffing.)  This means a single hacked password could lead to a cybercriminal potentially taking control of your email account and online bank accounts.

Most people do not use complex enough passwords.  By using a password manager, you can easily implement the use of unique, highly complex passwords for every one of your accounts.  That means you can use a 16-character password like @2a&AY8mePu8HU@H for logging into your email account and a completely different password for shopping at  A password manager requires you to remember a single master password (DO NOT LOSE this password!) and can sync across all of your Windows, Mac, Android, and iOS devices.  Check PC Magazine's The Best Password Managers of 2017 to see which one works best for you.  I'm using  LastPass, and it is working very well.

Add Two-Factor Verification

Remember, your overall security may only be as secure as your email account.  If a cyber criminal gets into your email, he/she has the ability to change your password and other profile information at other accounts because change confirmations are sent via email.  Also, there is a lot of wire fraud taking place because cybercriminals who hack your email account try contacting your bank while impersonating you.

Once you start using a password manager, the next step is to add two-factor authentication on your email and other accounts where available.  Gmail, Yahoo!, and other email providers offer a second level of security by requiring a verification code from your mobile device in addition to a username and password at log in.  Although this feature varies across providers, many allow you to set "trusted computer" settings so that you do not need to input the verification on your home computer every time that you log in.  Whenever accessing your account from a new device, you will be prompted for the verification code.  Two-factor verification can go far in preventing data breaches because a would be thief would not need your mobile phone in addition to your password.

The US Securities and Exchange Commission says that cybersecurity is the biggest risk facing the financial system. 

Additional Reading

I encourage you to implement these easy steps immediately.  Do not waste a minute.  Lock down your passwords and online accounts like the security of your digital identity depends on it.  Because, it does.

Photo by Clint Patterson on Unsplash

Hire a Better Adviser Checklist

Has your email account or other online account ever been hacked?  What did you do about it?  Will you implement the above to protect your accounts?

1 If you're interested in learning more about how hackers steal people's information, listen to the follow up episode entitled #93 Beware All  where the case of Alex Blumberg's hacked Uber account is solved.

2 A corruption of the word "Owned." This originated in an online game called Warcraft, where a map designer misspelled "owned." When the computer beat a player, it was supposed to say, so-and-so "has been owned."

Share This Story, Choose Your Platform!

About the Author: Andrew Wang

Andrew Wang


Please remember that past performance may not be indicative of future results.  Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Runnymede Capital Management, Inc.-"Runnymede"), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful.  Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions.  Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from Runnymede.  Please remember that if you are a Runnymede client, it remains your responsibility to advise Runnymede, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. Runnymede is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. A copy of the Runnymede's current written disclosure Brochure discussing our advisory services and fees is available for review upon request. Please Note: Runnymede does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to Runnymede's web site or blog or incorporated herein, and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly.

Search Website

Annuity Review Database

Follow Our Podcast

Google Podcasts
Apple Podcasts

Recent Posts