Are You Willingly Compromising your Accounts?

These days, there’s no end to the number of online accounts we have with password requirements. It’s a wonder we can keep track of them all! If you’re frustrated by the difficulty of managing your passwords, you’re not alone. It’s tempting to default to one simple password so you can at least access your accounts, but with attacks on corporate networks up 50% in 2021 and still rising, it’s never been more important to protect your online data.

One of our clients just informed us that their personal email was hacked. Unsure what account information they’d stored in their inbox and aware they used the same password for all online accounts, they wanted to ensure their funds were safe. Of course, we and our partnering custodians take many critical measures to prevent fraudulent activity, but that still left the client with the burden of monitoring the rest of their online accounts and credit for potential issues.

As technology becomes more sophisticated, so too are the methods you can use to protect yourself from cybercriminals. We discussed several of these last fall, including password managers you can pay to fortify all your accounts. Today, though, our focus is on simple, free, and yet easily forgotten steps you can take to reduce the chance of encountering a situation like the one above.

Email is a two-way street. Even if the recipient’s inbox is “secure” like ours, that security only applies once an email is received. Data can still be compromised en route to the recipient and even in your mailbox afterwards.

The best rule of thumb is to never email anything you wouldn’t publicly post for the world to see. That includes tax returns, statements, and any other file that contains account numbers, social security numbers, or other personal information whether or not it’s password protected.

In fact, stop using passwords.

As tempting as it may be, you should never use the same password for multiple accounts. If you do, it’s open season on your information once a hacker identifies that password.

By adopting passphrases rather than passwords, you heighten account security. Every additional character creates exponentially more potential combinations for a hacker or algorithm to filter through to identify your password.

Also known as two-factor or two-step verification, multi-factor authentication (MFA) is a security measure requiring anyone logging into an account to complete a two-step process to verify their identity.

Consider this. The extra 30 seconds it takes for you to verify your identity makes it significantly tougher for a criminal to gain access to your online accounts since they need a third data point beyond your username and password to access your account. In many cases, that third data point won’t be accessible even if they have your device in hand.

While each of these steps add security to your information, they work best when used cohesively. Together, unique passphrases and multi-factor authentication create a line of defense around your information. Then, by only sharing personal information via secure channels, you limit the accessible information in case that line of defense was ever breached.

Where information is sensitive, send via methods that are secure and encrypted on both ends. Examples include your Aldrich Wealth portal or ShareFile. Whether you’re sending documents to your mortgage lender, banker, or the Social Security office (to name a few), you should not be asked to email the data. If you are, ask a representative for a secure portal or physical mailing address instead.

Currently, the industry standard is a passphrase that is at minimum 14 characters. You’d likely be hard-pressed to find many words that length, which has given rise to the passphrase. Below are a few tips to creating account passphrases that meet requirements and keep your account more secure.

• Start by picking a phrase that you can easily remember but that doesn’t include easily discoverable information about you. For an example, let’s use “I misplaced my password”.
• Alternate case (capitals v lower case).
• Replace certain letters with alternating characters including symbols and numbers.
• The end result could look something like “im!Sp1@cedmY_p@ssw0rd”.

Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. While MFA should be used wherever possible, we especially recommend it for accounts that store financial data or personal information that could be used to defraud someone else.

If you’re not using MFA yet, it’s worth checking the settings in your most used platforms to see if MFA is an option.

By adding just one more step to the login process, MFA significantly increases account security.

Just like logging into your account, the first step is entering your username and password. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app. MFA can include:

• Entering an extra PIN
• Answering an extra security question like, “What’s your favorite pet’s name?”
• Providing a unique number generated by an authenticator app
• Using a separate piece of hardware, like a key fob that holds information, that verifies a person’s identity with a database or system
• Using facial recognition or a fingerprint
• Providing an additional code via email or text