A friend of mine recently sent a frantic group text to me and several other friends. “My bank account was hacked!” she told us.
What started as an ordinary day turned into an extremely stressful experience that almost resulted in losing all the money in her checking and savings.
“It all happened so fast,” she told me later.
First, she got an email confirming her phone number had been changed on the account, a change she hadn’t made. The hacker then changed her primary email address and had permitted touch ID to be used to log into the banking site. Within thirty minutes, the hacker had gained control of the account. The bank froze the account, preventing the hacker from taking any money, but situations like these occur all too often and not all of them end well.
The online world that we live in is vulnerable to these kinds of attacks, which often happen to unsuspecting people like my friend.
However, it is possible to take measures to secure your online accounts, making it more difficult for hackers to steal your information and, ultimately, your money.
4 Ways to Protect Your Online Accounts
- Use unique, strong passwords.
This is the most basic step in protecting your online accounts— it’s also the one that people most often fail to implement.
A strong password consists of uppercase and lowercase letters, numbers, and special characters. It should have at least 8 characters, but more is better. Don’t use anything that is easily guessed. Hackers have a list of commonly used passwords, so make sure yours isn’t on this list.
A password should also be unique, meaning it is not a password that you have used elsewhere.
Far too many of us are guilty of using the same password across multiple sites. We tend to use that password for everything from Netflix to our banking accounts. The problem with password reuse on all of our online accounts is that hackers often try to guess passwords on less secure sites. If successful, they then use that password to get into your banking or credit card accounts, which is exactly what happened to my friend.
If the password you use for Shutterfly, DoorDash, or Instagram is also your password for your banking site, you’re at an increased risk of having your financial accounts hacked.
The best way to create and remember all of these strong, unique passwords for individual accounts is through the use of a password manager such as Google Chrome or Apple Keychain. Password managers can be used to both generate a unique password and store it for you so that you don’t have to remember it.
- Be careful what you click on.
Most of us have been the recipients of those phishing emails that look disconcertingly legitimate. These emails will ask you to click on a link to verify your information. The link will then take to you a new web page that looks like it belongs to your bank, credit card company or even PayPal. You’ll be asked to enter your username and password or your financial information.
Don’t fall for this: your bank or credit card company will never ask you to provide account information online. If you get an email asking for this kind of information, it’s a scam.
Clicking on these links also puts users at an increased risk of Man-in-the-Middle password resets. Hackers use the information you provide via these links to get into your accounts. They will then change the password and other login information, gaining control of the account.
In addition to tricking people into providing information for your online accounts, phishing links can also be used to install malware on your computer.
- Use fake password reset verification questions.
Most of verification questions can be easily answered by hackers through basic Googling or even by checking your social media account.
To further protect your accounts, consider creating an alias or fake identity and answer password reset verification questions using that alias. In other words, if a verification question asks which street you lived on as a child or what your mother’s maiden name was, use a fake answer.
- Use multi-factor authentication.
Multi-factor authentication requires a user to provide two or more verification factors to access an account. This adds an extra layer of security and makes it more difficult for hackers to “Man-in-the-Middle” your accounts.
These factors usually consist of things you know, things you have, and things you are. A password or PIN is the thing you know. Multi-factor authentication adds the “thing you have” or “thing that you are” components, which consist of things like the security keys, smartphones with fingerprint or facial recognition software, and apps such as Authy. At the very least, you can authorize multi-factor authentication via text messages for many accounts.
We conduct much of our lives online, and in the age of information leaks and hacks, account security is becoming an increasing concern.