The average adult has more than a hundred online accounts that require a username and password. A few of your accounts (usually 6-10) are very important to protect from criminals. The others don’t matter much unless you use the same password for important and unimportant accounts. Don’t do that. Make long (12 – 20 characters), unique passwords for your email accounts, mobile phone, financial, health and benefit accounts. Financial includes Amazon, PayPal, Venmo, etc.
You have been told to use strong unique passwords for every account. But the consequences of someone hacking your library card are not the same as someone hacking your bank account. In the first case you will need to straighten things out with your local librarian. In the second case someone can steal all your money and your bank will not be obligated to replace it. (Remember – FDIC insurance is there for you if the bank goes bankrupt, not if a criminal gets into your account.) So, while it would be great if you had perfect strong unique passwords for every account, it’s much more important to figure out which accounts matter and start by protecting them with very strong, completely unique passwords and whatever else those accounts offer for protection.
At 3GO the first thing we help members do is identify and protect their important accounts. That takes the big risks off the table. Then we work with our members to find good solutions for the rest of their accounts. There is no one-size-fits all solution, it depends on the person and situation.
That being said, there is plenty of general good advice out there. Here is ours:
Think of your accounts in terms of high, medium and low risk. How much risk are you at if a criminal gets into this account, locks you out and uses it? Can they get credit card or bank info? Place orders using your money? Can they see your contacts? Will they learn details they can use to pretend to know you?
Your yoga studio is probably low risk. Your Facebook account is at least medium risk because a scammer can use it to get to your friends and family and to collect information about you. High risk accounts include:
- All your emails accounts – these are gateways to your other accounts
- Your phone itself and the Apple or Google account that you use to manage your phone
- Your online account with your financial, health and benefit accounts
- Your online account with any company or agency that sends you money (Your job, Investment/brokerage accounts, Social Security, pensions, PayPal, Venmo, etc.)
Make a checklist of your high-risk accounts. For each account:
- Set a strong, unique password
- Consider giving a false answer to your security question
- Make sure your PIN is unique too
- Set up email or text confirmation codes
- Consider using an authenticator app if offered
- Consider setting locks on outgoing funds
What do we mean by “strong password”?
Again, this depends on you. If you always use password manager software, you may be able to use and generate long highly complicated passwords with a jumble of numbers, letters and symbols. If you don’t use a password manager you are probably better off with a long password in plain English that you can understand. Connecting three unrelated words with dashes (Headlight-Newspaper-Snail, for instance) creates a very strong password.
Why would you lie about a security question answer?
This is something cybersecurity experts do that most people don’t think of. They try not to choose a security question with an answer a motivated thief can learn (such as your mother’s maiden name) or guess (such as pizza being your favorite food). If they have no choice they submit a false answer. This still gives them access to their account and is more secure.
Worried about a Password?
If you know or suspect a password has been stolen, especially to a high or medium risk account change it immediately, even if it means going through a password reset and that is a hassle. If the email account or username has been changed contact the company immediately. That’s a sign that someone has taken over your account.