Topics:Internet Security Identity Theft 101 Data Breach News Business Security Tax Identity Theft Medical Identity Theft Scams
Unfortunately, not everyone practices proper password management. And, in this digital age, how you manage your passwords can be the ultimate determining factor between staying safe and falling victim to identity theft and other serious cyber crimes. When you think of password management, you may think that you can just change some of your most-used passwords once and not have to worry. Although that’s a good beginning step, there are so many other factors you have to consider in order to practice good password management. One huge mistake that people make when it comes to passwords is that they use the same password for multiple accounts/websites. This may seem like a smart idea since one password is obviously easier to remember than several, but reusing passwords can cost you more than you may know. For instance, if anyone happens to guess or learn that one frequently-used password, they will then have full access to whatever accounts and websites you used that password for. Google recently partnered with Harris poll and surveyed 3,000 adults ranging from ages 16 to 50 and up. According to the 2019 survey, 52 percent of people who were polled stated that they reused the same password for multiple accounts and 13 percent stated that they reused the same password for all accounts. The survey also showed that only 24 percent of respondents use a password manager service. If you are struggling with password management, know that you’re not alone. Millions of people each year fall victim to cyber criminals, and their lack of strong password usage is a big part of the problem. To help you and others who are struggling with passwords, we decided to ask a few security experts to provide their best tips regarding password creation, storage, and management. They gave the following 10 tips: Avoid using personal information Use a phrase as your foundation Don't shy away from long passwords Check your password strength Stay far away from reusing passwords Remember to reset your passwords Consider deleting less used accounts Set up two-factor authentication Use a password manager service Secure your Wi-Fi network Read on to see what each expert had to say about the tips listed above. Tip #1: Avoid using personal information Kyle Hrzenak, CISO at Green Shield Security LLC “A tip that I have for people, especially families, who want to create secure passwords would be to leave any personal information out of passwords. Things such as birthdate, city of birth, first child's name, etc. are easy to guess. These entries are the prime target for malicious users to guess and crack.” Steven J. Hausman, President of Hausman Technology Presentations “Do not use obvious personal information. That is, especially with regard to families, do not use kid’s names, pet names, the name of your street, or your school. When you have to respond to security questions (like your pet’s name), it can often be found on your social media account, so make up fake information to use in answering security questions. For example, if your high school was Middleburg High School, then for the security questions say it was Regional High School. You should also make certain that your social media accounts do not contain private information if at all possible.” Tip #2: Use a phrase as your foundation Steve Weiseman, Lawyer, College Professor, Author, and Identity Theft/Scam Expert at Scamicide “If [...] you wish to keep things simple and you want to manage your own passwords, the best thing to do is to develop a basic password that gets adapted in an easily remembered manner for each of your accounts. A good, strong password will have capital letters, small letters, and symbols. A good way to achieve this is to make a phrase your core password, such as IDon'tLikePasswords.This is a good start. Now add a couple of symbols so it reads IDon'tLikePasswords!!! and you have a good strong base password. You can adapt the password to a unique password for each of your accounts by merely adding a few letters to distinguish each account. So, for instance, your Amazon password can be IDon'tLikePasswords!!!AMA. This manner of picking passwords will provide you with unique, strong, and easily remembered passwords for each of your accounts.” Maddie Roderick, Security Consultant at Frontier Business “Bots are able to check up to 1,000 passwords per second, so it’s essential to get creative with passwords to secure sensitive information, like your bank login. My favorite advice to give when it comes to choosing secure passwords is to think of a phrase — maybe a favorite quote from a movie. Instead of the phrase, use the first letter of each word in that phrase. To anyone but you, that password will seem nonsensical, be harder to guess, and harder to remember.” Tip #3: Don’t shy away from long passwords Jason Nickola, Senior Security Consultant and COO at Pulsar Security “The conventional password guidance which has permeated corporate environments and commercial products over the last thirty years has been to use at least eight characters and to include at least one uppercase, lowercase, number, and symbol. In other words, the focus has been on complexity (including different kinds of characters). These requirements have caused people to choose short words that they remember — like their dog's name — and then add numbers and symbols until complexity requirements are met, resulting in something like Scooby#2, which is an easy password to guess even if an attacker has to brute force all possibilities. Instead, emphasizing length is a better approach. For example, the password "my dog scooby is an awesome dog who i love very much" — although it doesn't meet any of the aforementioned complexity requirements — is a much more secure password than Scooby#2 and is easier to remember for the user, too.” Dan Merino, CEO of Green Dot Security “Password length can be a great defense against a site that has their database of usernames and passwords breached. If the site is not doing anything to protect the password, which is rare but does happen, then the length will not make any difference. However, assuming there is at least some basic encryption of the passwords, the longer the password the less likely anyone will even attempt to try to crack them.” Tip #4: Check your password strength Steven J. Hausman “One important resource is the password strength manager at my1login where you can type in your password to see how strong it is. This site also gives you an estimate of the amount of time it would take for a hacker to crack your password. The password "4$core&7YrsAg0" would, according to this site, take 12,000 years to crack. If you added "xxx123" to it, then the cracking time would rise to 127 million years and so forth.” Tip #5: Stay far away from reusing passwords Casey Crane, Cybersecurity Journalist for SectigoStore.com “While it’s easy to use the same password between multiple accounts, resist the urge! All it takes is one data breach of your favorite mobile app or website, and you’ll suddenly find yourself in a world of pain. For example, if you use the same password for your email address, a hacker can use your compromised credentials to access your email and any other accounts associated with it.” John Svazic, Founder and Principal Consultant at EliteSec Information Security Consultants, Inc. “Always make sure you use unique passwords for every site. Lots of ‘hacks’ are actually people just re-using the same password over and over again, allowing attackers to gain access to different accounts with very little effort. The website haveibeenpwned.com is a great place to find out if your email has been part of a data breach, or if a common password you use has been compromised.” Tip #6: Remember to reset your passwords Kyle Hrzenak “In reality, you should be keeping any password safe and confidential. It's recommended to change your passwords once a month for any monetary purpose, such as bank accounts, credit card accounts, etc.” Casey Crane “Historically, industry experts’ recommendations about how frequently you should change up your password have been all over the place — anywhere from every 30 days to upwards of 180 days. Personally, I try to change my passwords every three or so months. Obviously, if your account has been hacked, it’s best to update it as soon as you’ve become aware. Similarly, if there’s been a data breach at a site where you have an account, change your password immediately.” Rob Shavell, CEO of Abine/Delete Me “It used to be popularly recommended that people change passwords frequently. This is less the case now, as security experts recognize that people often end up creating a greater risk for themselves in the process of frequently re-accessing account security settings. With things like network passwords, they should probably be changed after you’ve shared them with any third parties (like guests). Things like primary email accounts (like Gmail or Yahoo) should be changed if you’ve received any warnings of attempts to access your account, or if you’ve accessed your email from some public computer (like a library). Social media accounts or online-shopping (like Amazon) should probably be rotated on a periodic basis. Once or twice a year, depending on how frequently you use these services, should be fine.” Tip #7: Consider deleting less used accounts Chelsea Brown, CEO and Founder of Digital Mom Talk “If you don't use the account often (like monthly), delete it. Often accounts we don't use often are ones that get compromised in a data breach and can be the gateway into compromising us more.” Tip #8: Set up two-factor authentication Larry Aucoin, CTO and Managing Partner of Optimal IdM “Use two-factor authentication, like a push notification to your mobile phone, when it’s offered. If hackers do succeed in guessing a password, they will still need to breach another level of authentication.” Dave Hatter, Cyber Security Consultant at Intrust IT “Everyone should enable multi-factor authentication (MFA) aka Two-Step Verification or Two Factor Authentication anywhere and everywhere they can. Microsoft and Google have both stated that MFA will block 99 percent of all automated attacks.” Jason Nickola “Use multi-factor authentication wherever you can. Historically, a valid username and password are all that has been needed to login to a system, website, or service. This presents a security challenge because it is just one factor — something you know — and anyone who is able to guess or find your password in a breach dump will be able to log in, too. Multi-factor authentication (MFA) adds an additional requirement — generally something you have — on top of knowledge of your password. Most often this means a notification or code pushed to your phone via an app or text message. Many of the most common services and vendors offer the ability to enable MFA but it is not often enabled by default. This is probably the most important bang-for-your-buck step someone can take and the one I suggest to the general public most often.” Tip #9: Use a password manager service Bruce Hogan, Co-Founder and CEO of SoftwarePundit “The best way to create and manage secure passwords is to use a password manager. There are several highly popular, tested software solutions in the market that work well for individuals and families. Some of the most popular solutions are 1Password, Dashlane, LastPass, and OneLogin. Here's how these solutions work: After you sign up for the software, you enter your accounts and passwords into the application. Next, you install a plug-in on your browser. You can access your accounts either by clicking a link in the password manager application or using the plug-in. Any time you update your password, it is automatically captured by the tool. One specific benefit of password managers for families is that you can share log-ins with other people without sharing the actual usernames and passwords. This feature increases safety and also allows you to control which family members have access to each account. If the family is interested in additional security measures, they can take advantage of the password generators offered by these solutions. These passwords are extremely strong and unique to each account.” Dan Merino “If correctly used the password manager would allow individuals to create new and unique passwords for all services and sites while the individual would not even need to know what the password is. Additionally, within a family, a password manager allows for easy sharing. As an end-user using a password manager means that you should only need the password for the password manager, and it gives you all the other passwords you would need. Finally, the better password managers will allow for audits of your passwords and bulk changes.” Tip #10: Secure your Wi-Fi network Patricia Vercillo, Vice President of Smith Training Centre and The Smith Investigation Agency “With the number of dangers online, it's critical to have a strong and secure Wi-Fi, particularly families. A defense plan is needed to remove any opportunities from cybercriminals and hackers. My first suggestion is to simply build a stronger Wi-Fi router. Give your router a name, but don't use the name of the manufacturer or your own name or street address. Use a strong encryption method for Wi-Fi like WPA2. Next, I suggest setting up a guest network. This network would only be used by friends or family members — a private network. I also highly recommend changing the default passwords, as many cybercriminals are already aware of what those are. If a device does not allow you to change the password, I’d consider going with something different. Be sure to make your passwords challenging as well. I’d recommend changing your Wi-Fii password every three months. It would also be good to get in the habit of doing the same, for all of your sensitive technological devices.” Additional security tips It’s safe to say that there’s a lot that goes into properly creating, managing, and securing passwords. Along with the expert tips listed above, here are three additional tips that can help as you and your family start learning and developing good password security habits: Consider conducting a regular family password audit It’s important to review and revisit passwords for your online accounts at least once per year, and conducting a family password audit can help motivate you and your family members to have more in-depth security conversations and stronger passwords. This audit should involve a thorough review of all of your passwords and should institute a new level of security within your home. Read this step-by-step guide to learn more about family passwords audits and how they can help you and your loved ones stay safe online. Stay up-to-date on password trends and data breach news Knowing what is happening in terms of password trends and data breach news can help you and your family stay safe in this digital world. It can be tedious to stay up-to-date on the latest data breach and password developments, especially since it can feel like data breaches occur constantly. Taking the time to stay aware of what is happening around you, can make all the difference in terms of your personal security efforts. To do this, you can sign up for notifications from various security news outlets and regularly check reliable sources like The Identity Theft Resource Center (ITRC) for the latest security information. You can also stay in-tune with what major security leaders and companies are saying on their blogs, social media platforms, etc. Look into getting professional identity monitoring services You can take your personal security and your family’s security a step further by signing up for professional identity monitoring and protection services like NortonLifeLock, IdentityIQ, Complete ID, etc. The companies mentioned above and other companies in the industry can provide you with important alerts and updates, identity restoration services, various monitoring services, and up to $1 million in identity theft insurance. search Highlight: Identity theft protection plans for families do exist. Many identity theft protection services also provide family-based plans to help you protect not only your identity but each one of your loved ones’ identities and personal information as well. The bottom line Being proactive when it comes to your personal security can save you and your family a significant amount of trouble, stress, and money. If you follow the tips listed above, practice proper password hygiene, and have frequent conversations regarding online security and best password practices with your family members, you and your loved ones will have better chances of averting devastating online crimes.
Passwords might not seem like a big deal in your everyday life, but in reality, they’re what stands between you and countless cyber criminals. report_problem Attention: Data breaches are still a major threat. According to Forbes, "more than 4 billion records were exposed by data breaches” within the first six months of 2019. Since passwords play a big part in modern data breach scenarios, reviewing and securing your passwords should be on the top of your family security audit checklist. When creating passwords, you and your family members might just think it’s easier to use the same or similar password for multiple websites, devices, etc. After all, who wants to have to memorize hundreds of different passwords? No one does. There are ways you can have strong passwords without having to worry about that. Once you develop the right password-creating system, you won’t have to stress about keeping track of a never-ending list of different passwords. Password audit steps In this article, we’ll go over the following steps you can take to conduct a thorough review of your passwords. Step 1: Create your list Step 2: Review your passwords Step 3: Make a list of unique phrases, words, and numbers Step 4: Create your new passwords Step 5: Determine your password storing method and set your passwords Step 6: Get your family started When conducting a family-based password audit, the first thing you should do is lead by example. This means reviewing your individual passwords first. Step 1: Create your list To start, try physically writing down your most-used websites and accounts on a piece of paper. Then, add in the most important websites and accounts if they are not already part of your most-used list. At this point, you should have a lengthy list of websites. If you don’t have a solid list yet, try viewing your browser history and think of the websites you have used in the last three months or so. You can also check your email for ideas or to see if you have any digital receipts from websites you’ve purchased items from in the last few months. Additionally, you can check your bank accounts or credit card statements to see if you’ve made any online account purchases in the last few months from websites that aren’t already on your list. Step 2: Review your passwords Once you have your list of websites finished, review the passwords you use for each website and online account. If you can’t remember some of these passwords, make sure to make a note of that next to the website or account name. If you have extra time, you can try to visit the websites you can’t remember your passwords for and see if they have a recovery password option. If the only option they have is to reset your password, make a note and refrain from resetting it at this time. Try to look for your password weak points. For example, maybe you use the same password for multiple accounts, knowingly shared a password with others, or maybe you use your birthday or your name in your passwords. Step 3: Make a list of unique phrases, words, and numbers When you’ve determined what your password weaknesses are, your next step is to create three lists — one for unique keywords, one for unique phrases, and one for unique number sequences/dates. If you can, try coming up with at least five items for each list. Here are a few examples of unique keywords, phrases, and numbers you can write down: Keywords — your childhood best friend’s nickname, your first pet’s name, etc. Phrases — a recurring fun phrase a relative always said to you, a unique inside joke between you and your significant other, what you first said when you graduated from college, etc. Numbers/dates — your secret lucky number, your first dog’s birthday, the day your first relationship started, etc. Marcus Chung, CEO of BoldCloud, states that “any part of your name, birthday, Social Security number, or similar information for your loved ones is a bad password choice.” So, when you are making your three lists, make sure to think about what is unique to you that most people would never be able to guess. Pro tip: Make sure to not choose any numbers, keywords, or phrases that match up with what you’ve posted online, i.e. your social media accounts, blog, etc. Step 4: Create your new passwords Use the lists you created in step three to generate unique password combinations. Do not use one password more than once per website. If you run out of good password ideas, try creating more combinations from the phrases, keywords, and numbers you have listed. Stephen Arndt, President of Silver Linings Technology, believes that “a good password should be at least eight characters long (or longer) and have a combination of uppercase and lowercase letters, numbers, and symbols that are hard to guess.” He says it’s best to avoid using “dictionary words with proper capitalization because they’re easy to guess (like Password123#).” Arndt explains that “even though it meets the requirements we just discussed, it’s easily hacked. Remember, hackers have sophisticated password-hacking software that will run 24/7/365.” If you want a quick tip for remembering your new password, Arndt suggests that you use a “phrase and insert letters and numbers into it, like [email protected]” Read also: 10 Expert Tips to Help You with Password Management Step 5: Determine your password storing method and set your passwords Now that you have your different password combinations created, determine which secure password storing method you want to use. If you have a strong password sequence that can be changed per website and that is something unique to you and easy for you to remember, you can just keep that in your memory. If you have multiple passwords, you can either use a password notebook or use a secure password manager service like LastPass. Chelsea Brown, Security Analyst, Ethical Hacker, and Owner of Digital MomTalk says that “password generators are good, but can be difficult to remember for some. You can use a password manager like 1Password, LastPass or Dashlane, but be careful where you store passwords. She states that “many individuals aren't aware that, with browsers like Chrome and Firefox, hackers can use your browser account to access all of your passwords that your browser has stored. This can be done without even infecting your computer with a virus.” Brown recommends that you should make sure to not “use your browser for password storage. She explains that “this is one of the biggest reasons why you should always make sure you're logged out of accounts if using public access places like libraries and internet cafés or even friends' houses.” After you choose your storing method, reset your passwords. Again, never use the same password twice. Once you change your passwords, write down (on the first list you created in step one) the date you changed each password. Lastly, store this list in a secure location and revisit this list at least once per year and redo this password audit process. Step 6: Get your family started After you go through the steps (1–5) listed above, it may be a good idea to take the time to sit down with each individual family member and help them go through this process for their passwords. If your family members do not want you to help them or if you want to give them privacy regarding their passwords, provide them with the steps above and let them go through the process themselves. You can always provide them with helpful password resources found online or you can be their first point of contact if they have questions during the process. Additional protection Once you and your family have completed the password audit process above, you can choose to take your security to the next level by looking into different identity theft monitoring and protection service options. Professional identity theft monitoring and protection services can help you catch identity theft before it happens. Additionally, some services provide recovery and restoration assistance in the event that you or one of your family members do become an identity theft victim. Many identity theft protection services offer solid identity theft insurance and provide several different identity protection and monitoring options, including protection services for the whole family. Here's a brief overview of three of our top-rated identity theft protection companies — NortonLifeLock, Complete ID, and IdentityIQ. NortonLifeLock NortonLifeLock offers identity theft protection and monitoring services to individuals, families, and businesses. This company provides a variety of monitoring services including public records monitoring, financial account monitoring, and credit monitoring. In addition to monitoring services, NortonLifeLock also offers 24/7 live member support, recovery services, a helpful mobile app, a money-back guarantee, and a Million Dollar™ Protection Package. See a recent customer review below and read our full NortonLifeLock review to learn more. Customer Review: Jacob from American Fork, Utah "Norton has always been our top protection provider. With constant updates and communication, we are alerted of any suspicious activity immediately." Complete ID Complete ID, an Experian identity theft protection product, is offered to Costco members for a fairly affordable monthly price. This service includes helpful monitoring services like Social Security Number monitoring, dark web surveillance, non-credit identity monitoring, and child monitoring. Additionally, Complete ID provides around-the-clock live customer support, up to $1 million in identity theft insurance, and U.S.-based certified identity theft restoration. Several customer reviews, like the one below, have praised Complete ID's customer service. Read our full Complete ID review to learn more. Customer Review: Joseph York from Atlanta, Georgia "The customer service professional was fantastic! She was knowledgable, professional, friendly, and very helpful explaining what my notifications meant and she provided going forward recommendations." IdentityIQ IdentityIQ provides a number of monitoring services including dark web and internet monitoring, credit monitoring, and more. The company also offers a specific family protection service that involves identity fraud restoration. In addition to its monitoring services, IdentityIQ also offers up to $1 million identity theft insurance and up to $25,000 for children, U.S.-based fraud restoration, and lost wallet assistance. Check out the recent customer review below and read our full IdentityIQ review to learn more about what this company has to offer. Customer Review: Ariel H. from Cleveland, Ohio "I haven’t had any problems with this service and it helped me get help fixing my credit. Good investment." The bottom line Although there is no way to make sure you and your family are 100 percent protected from cyber crimes and identity theft, you can be proactive and help your family avoid falling victim to such threats. For instance, conducting an annual (or even biannual) family password audit and considering professional identity theft monitoring options can better your family members' chances of staying safe online. Overall, it's important to make sure you and your family have continual conversations about personal security and that each family member recognizes the importance of creating and having strong passwords.
Disney+, a new streaming TV and movie service provided by Disney, allows customers to view everything from classic movies to original, exclusive television shows. Although the streaming service has only been active since November 12, 2019, customers have already complained about technical issues with their Disney+ accounts. Many customers were not able to access their Disney+ accounts and, therefore, were not able to use the company’s streaming services. And it turns out, these Disney+ technical issues may be correlated to a customer hacking situation. What happened Many Disney+ users claimed that hackers logged them out of their devices and changed their email and password information associated with their Disney+ accounts, according to CNBC. And, as stated on a Global News article, “thousands of Disney+ accounts have been hacked and are being sold online on the dark web, according to a report published on Monday.” According to a ZDNet, the accounts that were stolen “were put up for sale on hacking forums within hours after the service's launch.” ZDNet also found that the accounts put up for sale on the dark web were priced between $3 and $11 per account. Although Disney+ user accounts are being affected by hacker efforts, it doesn’t seem that the streaming service, itself, was breached. According to Global News, a Disney spokesperson recently provided a statement saying that “Disney takes the privacy and security of our users’ data very seriously and there is no indication of a security breach on Disney+.” What you can do Disney+ isn’t the only streaming service that has faced this type of hacking situation. In fact, other streaming services like Netflix, Amazon Prime, and Hulu all continue to struggle with similar threats. These popular streaming services have made an effort to protect customers against hacker-related threats; however, there is still a long way to go in terms of protection. According to a recent BBC article, Disney+ “does not have two-factor authentication.” And users may quickly realize that this lack of multi-factor authentication definitely puts them and their information more at-risk. Since there is a lack of preventative measures on the company side of things, the one thing you can do to make sure your account is safe for any streaming service is to use a unique password. Although creating and using a unique password for every online account you have may sound exhausting, it’s an incredibly important step in protecting your account and your personal information. The bottom line It can be difficult to know how to protect yourself when using popular streaming services like Disney+; however, the more active you are in taking control of your personal security, the less likely you’ll be to fall victim to common hacking situations. If you are struggling to find ways to enhance your streaming service account security, here are five basic tips you can follow: Avoid sharing your password and writing it down Change your passwords up at least once per year Use a secure password management service to stay organized Follow these steps to create unique, secure passwords Immediately report any suspicious account activity Along with following the tips listed above, it’s important that you stay up-to-date on the latest data breach and hacking trends. After all, knowing what is happening in the news today can help you protect yourself tomorrow.
Designing a secure and unique password for everything you do online can be difficult, especially when you are making a password for a site you’ll never use again. Although making a password with your dog’s middle name and your second cousin’s birthday may not seem important, it can save you from being hacked daily. According to a 2019 Forbes article, the top five most common passwords are "123456," "123456789," "qwerty," "password," and "111111." It’s not rare to see millions of passwords get hacked each year due to weak passwords. Here are some tips to help you increase your password security and help others do the same: Avoid using the obvious Using obvious passwords such as "123456" is not going to provide any sense of online security. When creating a password, even for a site you don’t care about, use words and numbers that are not commonly used by everyone else, like a pet’s name, an inside joke, or a keyword from a favorite memory. Any number that has significance to you, like the day you got your first bike or the date of your first kiss, would work well in a password. Make every password longer Passwords are designed to be difficult for hackers to break, so having a longer, more complex password will give you a better chance of staying out of their reach. According to an article on theguardian.com, passwords should be created with 12-14 base minimum characters. The more characters there are, the more password options hackers are faced with. Many people don’t have long enough passwords, simply because they are harder to remember. An easier way to remember passwords, according to the Guardian article, is to use a long phrase as a password instead of having an all number-based password. Switch it up An important part of creating a strong password is to switch up capitalization, the numbers you use, punctuation, and spelling. Like character length, this will give hackers more options to work with, thus taking more time and energy for them to hack the password. Remember it yourself Although it may be difficult to remember passwords, relying on yourself, rather than a program or app, is the best way to go. Many people choose to have their browser remember their passwords for them, but this makes your password easier to obtain by not just you, but others as well. Remember not to openly share your passwords with anyone. According to a cnbc.com article, approximately 31 percent of today’s millennials are likely to share their passwords with other people. And it’s not just millennials who aren’t practicing password security; the very same cnbc.com article states that 58 percent of the baby boomer generation are struggling with creating strong passwords as well. It’s not one and done Many people create one password and use it for multiple sites. In general, people should use different passwords for each website they use. That's a lot of passwords to remember, which is why there are many helpful password manager tools available if you simply cannot keep track of them all on your own. Although you may want to make things easier on yourself by using one password for everything, you will make it easier for hackers to get that password as well. Identity theft is one of the most common crimes committed each year. Creating secure passwords is just one thing you can do to protect yourself. For even more security and hacker protection, consider using an identity theft company or service designed to stop hackers and attackers before they get to you. To help you decide what identity theft service to choose, a ranked and reviewed list of the best identity theft companies available can be found on bestcompany.com. Creating strong passwords and learning how to protect your information is the best way to stop cybercriminals.