Cybersecurity Update: Enhance Your Account Protection
by Ralph Broadwater, MD, CFP®, AIF®
One of my new roles at the Arkansas Financial Group is Chief Cybersecurity Officer. In this role I plan to communicate with you regularly about Internet risks and ways to improve your online safety. This quarter I want to focus on Password management and Password security.
John Podesta, chairman of the Hillary Clinton Presidential campaign had a major security breach after he emailed his assistant that he had forgotten his Apple ID login. She emailed him back the password, copied into her email. The next day hackers used this information to take over his Twitter account and erase all information in his Apple accounts. A second breach occurred when Podesta responded to a phishing attack that gave hackers his Google email login information. Mitt Romney and Sarah Palin had their email accounts hacked because of poor passwords. Even John Brennan, former Director of the CIA and James Clapper, Director of National Security had their personal email accounts breached.
A recent annual data breach report from Verizon found that 63 percent of confirmed intrusions involved hackers exploiting weak, default or stolen passwords. The average America has 130 accounts registered to a single email address.
Improve Your Password Management
We all need to improve our password management and be alert for attempts to capture our personal login information. Listed below are several basic strategies.
- Never share your passwords.
- Don’t keep written lists or a spreadsheet of your passwords. (under keyboards or on sticky notes)
- Don’t use common, discoverable words for passwords. (Spouse name, kid’s name, pets, birthday, anniversary, college mascot, etc.)
- Use a mixture of letters, numbers, special characters, upper and lower case.
- Make your password at least 10 characters long.
- Use a password manager (PW manager)
- If possible, generate a random password (with your PW manager)
- Turn on two factor authentication wherever possible
- Be aware of phishing attacks.
- Never open attachments from unknown URL’s or sources.
Here is a list of the most highly recommended password managers. I hope you will explore and start using one of these to help make your password management more secure and simple. All programs listed below are available for both Mac OS and Windows, with access from anywhere.
|Program||URL||Password Generation||Annual Cost|
What is “Pwned”?
Being pwned is where your data is inadvertently exposed in a security breach.You can enter your email address on the homepage of the Have I Been Pwned? website to see if your email was reported in a breach. Also click on the Passwords tab in the top navigation and enter a password to see if that has been exposed in a breach. This site collects passwords that have been compromised from the Dark Web. I recommend entering your most common passwords. It will surprise you.
Take some time and review your personal password policy. Change all simple, discoverable passwords. Consider using a password manager, and use it to generate random, complex passwords. Turn on two-factor authentication wherever possible. I promise this will make your digital world much more secure, and you will worry less about online risks.