It seems to be a regular news item: data breaches and cyber criminals stealing personal data from large corporations and even government entities. As the criminals continue to become more sophisticated it is important for us regular folks to also improve our online security.
The first line of defense is almost always your password. There are a few key points to remember when creating a password. First, passwords should have at least 8 characters that include a mix of uppercase, lowercase, numbers and symbols, if allowed. No personal information should be part of a password, as personal information can be mined online fairly easily. A great way to create a complex password you can remember is to use a “passphrase.” A pass phrase is a short saying that you modify to become a strong password. An example of an easy to remember pass phrase is “Thund3rSh0wer$.”
Next, in addition to creating strong passwords, you should have a different password for each online account. If your data is compromised for one account, cyber criminals will try that password and email address to access other sites / accounts. The more “walls” you can create between each of your accounts the safer you will be. Of course, none of us are able to remember all kinds of different passwords or pass phrases.
The way to create and utilize different strong passwords for each online account is with a password manager. A password manager securely remembers your passwords and can generate strong passwords for you. This way you only have to remember one master password. Make sure your password manager is designed to only work on your registered devices. That way if anyone tries to log on from an unregistered device using your master password the password manager will block access until the user completes a second step such as multi-factor authentication.
Whenever possible you should always use multi-factor authentication. The most common method of multi-factor authentication is when you first enter your password, a verification code is sent to you via text. You then enter the verification code to access your account.
In addition to creating strong passwords that are unique to each account and using multi-factor authentication, you also should consider the “out-of-wallet” security questions often used to verify your identity if you do not remember your username, password or log on from a different computer. This second line of defense is often weaker than the first line of defense – your password.
“Out-of-wallet” questions refer to questions where the answers would not be found in a stolen wallet. Common examples are “What is your mother’s maiden name?” or “In what city did your parents meet?” or “What street did your childhood friend live on?” The trouble with many of these security questions is that the personal information they refer to is often accessible via a simple online search. And often with minimal effort finding one answer can lead to information providing additional answers.
When selecting these out-of-wallet or security questions avoid using questions about your family, questions that are easy to answer by accessing your social media presence, or questions that have a limited number of answers.
You may not always have the option to select the security questions. It may be appropriate to provide an inaccurate response as your answer. For example if the question asks for the name of your elementary school, select a school in some other state that you did not attend. Another option is to create a password like response to the security questions. For any question that is looking for a name as a response create a memorable non-existent name such as “P3t3r C0tt0nta!l”
Do note that sometimes you may be limited to a number of characters, or not able to use symbols, or are required to use an accurate answer. Check with the specific company to confirm the requirements when choosing your security question answers. If the company is not fully committed to customer security, consider taking your personal information and business elsewhere.
We hope you find this information useful in securing access to your online accounts.