Yesterday I was faced with logging into a website I knew the username and password, while I didn’t “own” this information of my wife’s, we share almost everything (except pizza, she isn’t cool with sharing pizza) I thought I would login to save her time. Of course our account was locked which resulted in a call. While I had all the info they required, username, password, account number, last four of social, the helpful person on the other end decided not to reset based off my “male” voice because my wife’s name is female. While I understood, I was frustrated since I had what they wanted and I didn’t get what I want. I thought to myself, this business set their requirements and decided, hey, just because you sound like a dude, no way. Frustrated or not, we cordially hung up the phone and I gave up.
This got me processing, no longer are passwords over the phone or e-mail a way to reset in a secure way. I know what you are thinking, what if I can’t get in, I need to call someone. The beauty of technology means that, no, you don’t need to call anyone. While very few companies have deployed two factor authentication, most of the world relies on remembering 2-3 passwords which people use for everything (You know who you are). Kids birthdays or the ever more important family pet.. This puts one important factor on the table, a single password can turn your life upside down.
As you and I have seen the past few years, everything is hack-able (NSA Hacked?) and it’s scary to me and should be to you too. I know, there are a billion people out there, no way am I the one, unfortunately what if you are? Just like you would never get in a car accident?
While I can talk all day about this, here are some articles in regards to services being “hacked” and how they may affect you in some way.
Dropbox 68 Million Users Passwords on the Internet
Target Credit Card’s Stolen
NSA Hacked? (Valid?)
Twitter, 33 Million Passwords
11 Data Breaches that Stung US Consumers
So reading these, is your twitter or Dropbox password the same as your banking password?
I just want to get you thinking about the what if? If someone cleans out your bank account, you ok with that? Or signs up for a new credit card? Trust me, it can happen to you and it takes time, effort and money to fix it.
While I talked long enough, let’s get to the part where I tell you how to fix this…
Let’s focus first on passwords since this is the easiest change.
- When possible, use a tool like 1Password, Keypass, etc (Recommendations). Change your passwords to complex passwords when possible and unique for each website or service. Even the shopping sites since most save your credit card info.
- Update your security questions… Mother’s maiden? “Bob Loblaw”. A product like keypass has a notes section where you can store a non-traditional security question note. Just don’t forget your keypass password.
- Enable two factor authentication. What the hell is that you say? If you have a mobile phone with text / SMS capabilities, you tell the service or website the number, they text you at login (Usually only once if it’s the same computer or phone). Why is that secure you say? Anyone else recieving text messages to your number? It’s an additional security layer that I personally like and enable when possible (Even on wordpress). While not everyone has this, it’s generally under the password change or security section of a website.
- On a more extreme route, use unique usernames, again I know… crazy. However with a tool, this becomes relatively easy.
- Credit monitoring, most of these services are junk, like an extended warranty the cost outweighs the real benefit here. Most banks provide services like this as part of their offerings, see if you can get it for free.
Now credit cards… Most people really don’t understand how credit cards work, and with the recent ATM and credit card skimmers, it’s more evident this is going to become common place.
- First and foremost, you aren’t secure unless you utilize chip technology in your card. That 1/4 inch little chip on the front, while real’ pretty, is a way to encrypt your transaction, and this is good. FAQ about chips.
- Use your iPhone, android or accompanied watch to pay at the terminal. Again, your credit card data is stored encrypted and uses token technology, read more about it. To add an additional layer here, you need a eye (no pirates please) or finger (If you use your toe, wear sandals) even use the service.
- Paypal. It’s been around for a long time. Not all sites accept this method, however because of the technology, your banking info is never sent to the merchant. They also have iPhone apps that support some secure payment transfers. Read more here.
From a consumer perspective, these are what I believe are the best and easiest options for you. Security is becoming an important part of life, more so than ever before, so keep an eye out and change your password from “password” to “Password1”.