Is the password for your bank account the same as the password for an account at another website? If so, you are part of the 61 percent of consumers who reuse a password for multiple sites, according to a recent study by security firm CSID. That habit could put your finances in harm’s way.
Many consumers can recall the string of recent data breaches at websites that they visit often— LinkedIn, Zappos, Dropbox. When the password databases at these companies are compromised, cybercriminals obtain login credentials that can be used to access financial accounts.
Funds can be moved out of savings, checking, and brokerage accounts. Retirement accounts can be left in shambles. Fraudsters could also access retailer accounts (e.g., Amazon and Apple) and retrieve sensitive personal information that could easily lead to identity theft.
As more aspects of our daily lives move to the Internet, digital security becomes more important than ever.
Here are some practices that will help safeguard your financial accounts on the Web:
What makes a good password. Hackers have learned to adapt to the ways that online users create their passwords. Using common words, phrases, and numerical strings is not secure enough. Ideally, a strong password is totally random.
With the help of random password generators, you can create a password that makes use of a combination of uppercase and lowercase letters, numbers, and symbols so it’s not easily cracked by hacker programs.
Mix it up. In addition to using random passwords, it’s also essential to use different passwords for different websites. This practice ensures that one compromised account will not lead to multiple compromised accounts.
However, with random passwords, you may find that these passwords are difficult to remember.
There are password managers, such as LastPass, that will fill in your password for you when you need to login in to a particular website—you just have to remember a master password.
Don’t give it away. More often than not, online accounts are compromised because of “social engineering,” a term used by the security industry to describe the art of tricking someone into giving away their personal information and login credentials.
Impersonation over the phone, email phishing, and malware-filled pop-up ads are examples of techniques used to manipulate people into divulging their private information.
There is one rule of thumb that should eliminate the chances of being victimized by social engineering: Financial institutions never ask for your password for any reason.
Since websites can be spoofed, it’s always a good idea to type in the web address of your bank before you enter your password. Many people are tricked when they see a security alert email and enter their login credentials in a hurry, not noticing that it’s a fake website.
Safer with an extra step. Nowadays, many financial institutions offer another layer of security to protect customer accounts with an approach called two-factor authentication. It typically requires you to enter another passcode in addition to your regular username and password. This passcode is obtained by phone, text message, or another channel.
For example, Bank of America offers a wallet-sized card that will generate a one-time code, which must be entered every time you log in. The program is also available through text messaging.
Two-factor authentication involves protection provided by something you know (your password) and something you have (a mobile phone or physical passcode generator). Cybercriminals may be able to get their hands on your password, but it would be very difficult for them to steal something such as your phone.
Ask your financial institution(s) to see if a method of two-factor authentication is available for your account.
Simon Zhen is a columnist and staff writer for MyBankTracker.com. His columns cover all aspects of personal finance—with a focus on banking, saving, and financial technology.