The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Some passwords are funny. Some are pretty weird. Some can be a math problem. Many can be laughably easy to hack (I give you “dadada, ”“qwerty,” “password” and”123qwe” to name a few.) — or very tricky. But one thing is for sure, they are never really 100% hack proof.
Earlier this month, news broke that a significant number of Twitter passwords had been compromised and were being offered to anyone willing to fork over 10 bitcoins, or roughly $6,700, as of this writing. More than 32 million users were included in the cache of information on the cyber creep auction block. Hacked information database Leaked Source said in a blog post that it received the data set from a user under an alias.
The first takeaway: Anyone can scavenge and rumor-chase to find purloined login credentials. The second: You are not safe, and identity-related crimes are the third certainty in life, right behind death and taxes. (You can monitor your credit for signs of identity theft by viewing two of your credit scores for free each month on Credit.com.)
Twitter has told multiple news outlets that its systems were not breached. Leaked Source said the passwords appeared to have been grabbed by malware.
While knowing that your information is out there is an important piece of the personal data security puzzle, keeping your accounts safe is even more crucial.
While there has been much innovation in the world of data security, nothing has proven foolproof yet. Biometric authentication using fingerprint and iris scans is promising, but their adoption is far from universal and not without some spoofing issues.
There are tokens and cards that can complement passwords, but those are fallible for the reason that they can be stolen or lost.
Multi-factor authentication is probably the best way to deal with security issues, but it does not necessarily strike the best workplace balance between security and convenience. The Pixar movie “Monsters vs. Aliens” provides a comical scene that demonstrates why it’s not the most practical approach (the character has to provide a hand, foot, tongue, elbow and butt scan to gain access to the president’s situation room).
As things stand now, a password coupled with a second factor of authentication known only to the user — like a visual prompt — is the best personal security solution.
Because we have many accounts and they should all have separate passwords, most consumers have a problem keeping all that information straight. There are apps for that, of course, and if you are OK with cloud-based solutions — bearing in mind that nothing is un-hackable — you might want to check out a service like 1Password, which allows you to store all your passwords, PINs, credit card numbers, and more. PasswordWallet 4 and Dashlane provide similar services. Bear in mind that they are not the only good games in town. So do your research and read reviews. Keep in mind, too, some password managers charge for their services.
The upside to password valets is clear — you only have to remember one password. If that’s of interest, you still need to make sure that password is very strong.
If you decide not to use a password manager, never store your passwords and user names in a document that resides on your computer. Save them on an encrypted thumb drive. Then you need only remember two things: Where you keep it and the password (hopefully long and strong) required for access.
The best practices here include a number of things you shouldn’t do:
1. Try to avoid single words, since many password-cracking programs use the dictionary.
2. Avoid letters and numbers that are close to each other on the keyboard.
3. Never use a password based on personal information that could well be available on social media or via a data breach. This would include your birthday or the birthdays of loved ones, children’s names, pet names, your high school or college mascots and the like.
4. Never use a password on a retail site that you use anywhere else. If that site gets hacked and the same login information is on a bank account, you’re toast.
And a few things you should do:
5. Create an easier password for sites that don’t have a great deal of your personal information, like news sites, video streaming services and the like.
6. Consider using a password generator. (Bear in mind this generally requires using a password management system, bought or homemade.)
7. Create long and strong passwords containing a phrase at their core. One thing that a brute force attack cannot do is guess the first line of a poem you wrote in fourth grade, especially if you have a simple math problem embedded in the middle of a word of two.
Most of us have day jobs. Identity thieves and scammers view grabbing our information and exploiting it for their gain as their day job. Always assume there is a never-ending riot overflowing with looters happening just outside your cyber house. That’s why you must be thoughtful, inventive and vigilant when creating passwords, for they are the locks to all your virtual doors and windows — even when you are home.
Image: PeopleImages
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams