Monthly Financial Tip
Cybersecurity Best Practice - Password Management
I recently attended a discussion on cybersecurity hosted by the local Financial Planning Association chapter to brush up on how to protect the personal information and data of my clients and family. We've all heard the horror stories or even been a victim of the constantly evolving threat we face when we have an online presence. I intend to include simple tips and best practices for cybersecurity that I've learned in future installments of the Trident Report and other communication because of its increasing relevance to personal finance.
To preface this first edition of cybersecurity best practices section of the Trident Report, it's important to understand a necessary aspect of security: inconvenience. Running anti-virus or anti-malware programs, passcode screens, firewalls, changing passwords, and dual-factor authentication all take time to perform, but the extra effort works to keep your info secure. In fact, the greater the inconvenience, the more secure you likely are.
Password Management
Without saying it aloud, what is your email password? Is it the same as your online banking or credit card password? Does it include your last name, year of birth, pet's name, maiden or family name, or any other tidbit of personal info readily available on your social media feed? Have you accessed any account that uses that password on a public wifi network like Starbucks or the airport? If you said yes to any of these questions, you may want to keep reading.
Password Best Practices #1:
Subscribe to a password management application or program.
Most posts about password management start with the need for creating strong, unique passwords using a combination of numbers, capital and lower-case letters, and symbols. However, with a good password management app, such as LastPass or KeePass, that activity becomes slightly irrelevant because the program will generate a random combination of characters for your password and then populate the password field on any website you have saved in the program. You can save a unique, random password for each site, making them virtually unhackable by password exploitation.
Though this is not an endorsement, I use LastPass for my personal and business systems. It's relatively inexpensive, and not without its inconveniences and glitches, but it's just another layer of security between my stuff and the bad guys. The only password I need to remember is to access the password "Vault," which has every user name, password, and answer to any security questions for any website I have saved. Currently, that number is almost 100 unique sites that have a unique password.
Password Best Practices #2:
Turn on Dual-Factor Authentication whenever possible.
Dual-factor authentication is a fancy way of saying, "I've entered in my password, now please use another method of authentication to make sure it's really me trying to log into my account." If an option, have them send you a text message with a code you must enter within a certain time frame. If you use certain Apple products, you can even authenticate your account using your thumbprint. Unless the hacker has your phone or chops off your thumb, this step makes it much more difficult to access your accounts even if they have your password.
Password Best Practices #3:
For the passwords you must remember, add a space.
For the time being, you'll always have to remember at least two passwords: one to log into your computer and another to log into your password management program. For these, follow the best practices for having a strong password: at least 10 characters long; include capitalized and lower-case letters; and use both numbers and symbols.
Make your passwords complex, but easy to remember, by including data relevant to your life in a slightly altered format. If you insist on using the year of your birth, simply hold down the Shift-Key while you type it. For example, 1975 becomes !(&% and 1984 becomes !(*$. If your child's birthday is June 9, 2015, that becomes ^(@)!%.
I'll add one other modifier: add a spacebar or two to separate characters. Your computer recognizes the spacebar as another character, and it's pretty easy to remember if you use it correctly. In fact, it's exponentially more difficult to hack a 10 character password with two spacebar characters than the exact same password without the spacebars that's 8 characters long.
As an example, if I were to create a simple and complex password that's easy to remember, I could use my child's name and date of birth: Kingston 6/9/2015 could be "Kingston ^ ( 2015" and satisfy all requirements of being a simple, complex, yet easy to remember password. A spacebar character can make a relatively strong password relatively easy to remember.
Disclosure: the above reference is for example purposes only. Please do not be so lazy as to use your child's name and date of birth in your password, ever. Use terms and words a cursory review of your Facebook profile would not reveal.
In conclusion, is it inconvenient to go through these steps every time you need to access something on your computer? You betcha. But that's the reality we accept as we conduct our lives in the online world. To be sure, this is not designed to be a complete and comprehensive guide to cybersecurity prevention, only to provide some basic best practices for creating, storing, and remembering password information.
|