Wireless technologies such as Bluetooth and Wi-Fi have forever changed the way people not only interact with one another, but also how they complete day to day activities such as shopping, researching, banking, eating, and communicating. The more everyone is online, the more there are opportunities for hackers to get into personal accounts, steal information and drain checking or savings accounts before victims realize it. According to the Federal Communications Commission (FCC), securing today’s online environment goes beyond thinking about the Wi-Fi router at home – and it all starts with a password.
Passwords should be different for every account that lives online, is in the cloud, or is attached to something that retains personal or financial information. Think about the last time any of your online account passwords were changed. If they are all the same or a similar variation of the same password, if they are too easy to guess, or if they are forgotten or compromised – change them. According to the Federal Trade Commission, people don’t need to change their passwords as often as they may think; however, it’s good practice to make certain the password is as secure as possible.
BBB recommends the following tips to stay safe in an online world:
• Think of your passwords as walls. A password or a passphrase should be considered a wall between free access to your personal information and the world. The stronger the wall, the more difficult it is for others to break down. The more walls, the more difficult it is to even access the information. Encryption is the easiest way to ensure communications between an electronic device and and a website or server is protected.
• Avoid easy passwords. An example of a weak password is one that is easy to guess – information that anyone can find on social media sites or through a phishing email or text. A strong password has at least 12 to 14 characters, mixed with uppercase and lowercase letters, numbers and symbols.
Commonly used passwords are your pet’s name, your mother’s maiden name, the town you grew up in, your birthday, your anniversary, etc. Surprisingly, the answers to these common passwords can typically be found online. Even if you don’t consider yourself an active user of social media or the Internet, your information is out there on one forum or another. Even for passwords that require numbers along with letters, people tend to stick to simple patterns like 0000, 1111, 1234, etc. Never use the same password for multiple accounts, especially for the most sensitive ones such as bank accounts, credit cards, legal or tax records or medical related files.
• Make them creative. Running low on creative ideas for different passwords? Try using song lyrics. Not only is it basically impossible for hackers to guess what song you are using, it’s even harder for them to guess which lyrics you’re using on top of that.
• Use a “passphrase.” Instead of using a single word, use a passphrase. Your phrase should be relatively long, around 20 characters, and include random words, numbers and symbols. Something that you will be able to remember but others couldn’t come close to guessing such as PurpleMilk#367JeepDog$.
• Use multiple passwords. Using different passwords for different accounts is also important. While it may be easier to remember one password for every account, it’s much easier for hackers to break down one wall rather than multiple walls. If hackers can figure out one password, even if it’s to something harmless like your Instagram account, they then know the password to every single account you own. This includes websites you shop online at, banking accounts, health insurance accounts, email accounts – you name it.
• Use multi-factor authentication. When it’s available and supported by accounts use two-factor authentication. This requires both your password and an additional piece of information upon logging in. The second piece is generally a code sent to your phone, or a random number generated by an app or token. This will protect your account even if your password is compromised. Many newer devices now include fingerprint or facial recognition as a way to unlock them. This may be an option and a way to protect any apps on the device in the unfortunate event it becomes lost or stolen.
• Consider a password manager. A written list would be best, but if you’re worried of losing it, write a list on your phone and label it as something other than ‘PASSWORDS’. Keep the list updated and organized as well as secretive. Avoid keeping the list on the device as it will only make it easier for the thief to access all of the apps and personal data stored on it.
Still not convinced? Consider a reputable password manager to store your information. These easy-to-access apps store all your password information and security question answers in case you ever forget. However, don’t forget to use a strong password to secure the information within your password manager.
• Select security questions only you know the answer to. Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, and birthplace. That is information a motivated attacker can easily obtain. Don’t use questions with a limited number of responses that attackers can easily guess – like the color of your first car.
• Wi-Fi is a security concern as well. Check your device settings before surfing the web.
Check the validity of available Wi-Fi hotspots: hackers will set up fake hotspots that have names of stores or institutions you might trust.
Make sure all websites you exchange information with have “https” at the beginning of the web address.
Install an app add-on that forces your web browsers to use encryption when connecting to websites.
Check out more information from BBB on cybersecurity, get tips on protecting yourself against identity theft and recover from it using the tools from ftc.gov/identitytheft.
If you received notification from a company about a possible breach, it is always best practice to change that password and any similar passwords immediately.
Go to BBB.org for more information.
Yuma-based John Hessinger is community marketing executive of the Better Business Bureau serving the Pacific Southwest. He can be contacted at [email protected] or 928-919-7940.