The news keeps coming: Accounts were compromised. Another data breach. Most recently, earlier last week Twitter was compromised had to lock down thousands of accounts. The hack mainly affected high profile accounts owned by tech companies where the cybercriminals tweeted out scam messages promising double bitcoin payments. This isn’t the first major hack that was committed against a social networking service and it won’t be the last. These breaches remind us of the importance to take steps to have a secure account online.
Security Boulevard reminded us of the importance of a proactive compliance program. No matter if your a verified user or a regular user there are steps you can take to make sure to have a secure account on Twitter an elsewhere online.
For accounting firms, make sure to have your written information security plan finalized and ready to go. You can get a free template here.
Need help? Use the form below or call us at (888) 965-0171.
Two-factor authentication for a secure account online
Many think a strong password is the best place to start but if your password is compromised no matter how strong it is it becomes worthless when somebody gets a hold of it. . When you enable two-factor authentication it will require an extra step in the login process. This can include an authenticator app or a one-time code sent to your phone via text message. This would require the hacker to physically steal your phone to access your account.
Strong unique passwords
Once you have two-factor authentication set you can create a strong password. We recommend using a password manager. This will enable you to create randomized passwords that you can save in your manager. But at a minimum make sure you’re using a password that has random characters and doesn’t call back to any of your personal information like your birth date or phone number.
What are strong passwords to have a secure account?
Although there are many vulnerabilities online, there are also many ways to protect your passwords. There are several online tools that you can use to test the strength of your password. The stronger your password, the safer your password is from hackers.
Our Rush Tech Support analysts suggest that you can use a variation of a password safely for different accounts, as long as you keep in mind a few best practices:
– Use 12-14 characters
– Include caps, numbers and special characters (if allowed)
– These first two requirements are part of the algorithm password testers tend to use
– Make it unique, but easy to remember for you
– Remember, one of the most common ways that hackers can break into accounts is by guessing common passwords. The more difficult your passwords are, the higher the likelihood that a hacker will simply look for easier targets.
An easy way to create a difficult hacker-proof password is by using a passphrase. Instead of a single word and characters, it is a sequence of words or other text that acts as a password. They can be much harder for hackers to crack, and easier for you to remember, such as “My [email protected] i$?”
Do NOT store passwords in your browser
Most of us store passwords in our internet browser because it saves time, and, when we have so many different passwords, it’s frankly hard to keep up. The bigger benefit: we don’t have to remember multiple unique, and strong passwords we regularly use. When we use the saved passwords on our browsers and see our passwords populate, they appear hidden in asterisks. So, it is common for users to assume that asterisks = secure.
That is not entirely the case. There are two facts that we as users need to realize. First of all, most browsers will allow you to see every single password stored. In a Chrome browser, for example, if you have your computer’s single admin password, it will reveal your password for every one of your stored accounts. Second, there are software programs that will export all of your passwords from almost any browser.
Although the password appears secure to you, the passwords are stored on a very easy-to-access portal that is a hacker’s paradise. In life, if it’s too good to be true, it probably is, and when it comes to saving passwords on a browser, it is way too good to be true. Protect your passwords and try to avoid the auto-save on browsers.
If that makes your life too inconvenient, there is another option for you that marries security and ease.
Using a password program
The best practice may not always be the cheapest one, but it is, the experts say, the safest one. Use a password software program such as Dashlane or LastPass. These strong passwords are time savers for people looking to be protected online. These programs help you use a different, incredibly strong passwords for every site and account you have. You only have one password to remember, and that’s to enable the password manager.
Paper as a last resort
Worst case scenario: write all of your passwords down on a piece of paper with a pen. Put this sheet of paper in a safe or safety deposit box, and keep it available for you to update on an as-needed basis. This is vital, because if something were ever to happen to you, your significant other, or other heirs will need access to your accounts. They will also need access to your smartphone, your computer, and any other device that requires a password.
Never share your password to keep a secure account
This one should go without saying but please, never share your password. Often times people use one password across multiple accounts. All it takes is one of the less secure accounts to get exploited and now that hacker can try to use that password to sign in to other sites you might frequent. Sharing your password in instant messages or text might seem safe enough but there’s plenty of holes in those systems’ security. With enough digging into someone’s personal life, a hacker can obtain enough information to permanently ruin your financial history.
Stop using the same password everywhere
It is extremely common for people to use the same or maybe two passwords for every site they go to. We get it. Remembering what password you used where can be both time consuming and annoying. However, that minor annoyance pales in comparison to the annoyance of fixing a data breach. Dealing with the police, trying to recover stolen funds, is even worse. Not all website security is created equally. You might feel like your bank’s website is secure but that may be the same password you use for Pogo Games. A hacker doesn’t need to try to break the bank’s encryption to sign into your account, they just have to break into the lax game website’s security. This is why it’s so important to secure your password across all the websites you use regularly.
Read next: What accountants must know about managed services
Be aware of phishing scams
One of the most popular ways for hackers to get your information is to get you to give it to them. Attackers will send messages through email and social media that could look authentic asking for personal information that they can use to reset your password and then get access to your account.
Rush has a strong history of dealing with all of these issues. Our hands-on approach mixed with cutting edge software will give you the best chance at keeping your personal information safe.
Call (888) 965-0171 and speak with a technician. Be sure to ask about a free security assessment so together we can make sure you continue to have a safe experience and are prepared from future problems.