Cybersecurity Update: Enhance Your Account Protection

by Ralph Broadwater, MD, CFP®, AIF®

One of my new roles at the Arkansas Financial Group is Chief Cybersecurity Officer. In this role I plan to communicate with you regularly about Internet risks and ways to improve your online safety. This quarter I want to focus on Password management and Password security.

John Podesta, chairman of the Hillary Clinton Presidential campaign had a major security breach after he emailed his assistant that he had forgotten his Apple ID login. She emailed him back the password, copied into her email. The next day hackers used this information to take over his Twitter account and erase all information in his Apple accounts. A second breach occurred when Podesta responded to a phishing attack that gave hackers his Google email login information. Mitt Romney and Sarah Palin had their email accounts hacked because of poor passwords. Even John Brennan, former Director of the CIA and James Clapper, Director of National Security had their personal email accounts breached.

A recent annual data breach report from Verizon found that 63 percent of confirmed intrusions involved hackers exploiting weak, default or stolen passwords. The average America has 130 accounts registered to a single email address.

Improve Your Password Management

We all need to improve our password management and be alert for attempts to capture our personal login information. Listed below are several basic strategies.

Basic Principles

  1. Never share your passwords.
  2. Don’t keep written lists or a spreadsheet of your passwords. (under keyboards or on sticky notes)
  3. Don’t use common, discoverable words for passwords. (Spouse name, kid’s name, pets, birthday, anniversary, college mascot, etc.)
  4. Use a mixture of letters, numbers, special characters, upper and lower case.
  5. Make your password at least 10 characters long.
  6. Use a password manager (PW manager)
  7. If possible, generate a random password (with your PW manager)
  8. Turn on two factor authentication wherever possible
  9. Be aware of phishing attacks.
  10. Never open attachments from unknown URL’s or sources.

Password Managers

Here is a list of the most highly recommended password managers. I hope you will explore and start using one of these to help make your password management more secure and simple. All programs listed below are available for both Mac OS and Windows, with access from anywhere.

ProgramURLPassword GenerationAnnual Cost
Sticky Passwordwww.stickypassword.comYes$14.99
Password Bosswww.passwordboss.comYes$29.99

What is “Pwned”?

Being pwned is where your data is inadvertently exposed in a security breach.You can enter your email address on the homepage of the Have I Been Pwned? website to see if your email was reported in a breach. Also click on the Passwords tab in the top navigation and enter a password to see if that has been exposed in a breach. This site collects passwords that have been compromised from the Dark Web. I recommend entering your most common passwords. It will surprise you.

Next Steps

Take some time and review your personal password policy. Change all simple, discoverable passwords. Consider using a password manager, and use it to generate random, complex passwords. Turn on two-factor authentication wherever possible. I promise this will make your digital world much more secure, and you will worry less about online risks.

Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by The Arkansas Financial Group, Inc.-“AFG”), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from AFG. Please remember that if you are a AFG client, it remains your responsibility to advise AFG, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. AFG is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. A copy of the AFG’s current written disclosure Brochure discussing our advisory services and fees is available for review upon request. Please Note: AFG does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to AFG’s web site or blog or incorporated herein, and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly.