This post is the latest in our series of deep dives into cybersecurity steps each of us can take to better protect ourselves against vulnerabilities online. Check out our previous installments: Vigilance is Key to Protecting Yourself in a Digital World and Ways to Protect Yourself from Cybercrime
When we go paperless for simplicity or sustainability, create a new account to do some online shopping, or log in to access personal records, we typically create a username and password – and in so doing, increase our vulnerability to cybercrime. In fact, password breaches are one of the most common pathways to cybercrime. But our increasingly digital world requires us to conduct business and complete transactions online. An estimated 300 billion passwords will be used this year, and the average U.S. consumer maintains more than 200 password-protected logins. So, how can we navigate our virtual reality while protecting our interests and assets?
Our partner Neal O’Farrell, one of the world’s original security and privacy experts, suggests a few key steps you can take to ensure your passwords are safe…
Try to create passwords between 14-16 characters. Ideally, it’s beneficial to use passwords that are both complex and lengthy to provide the most robust line of defense against potential hackers, but, longer passwords are harder to crack even if they are simple. Cybersecurity experts recommend passphrases when possible – that is, longer phrases, even if composed of simpler words and no special characters. The longer the password, the more time and more computational resources needed to crack it.
Never reuse a password.
We are all tempted to reuse our passwords – particularly if we feel one is particularly strong or if it’s easy for us to remember. But when we reuse passwords across multiple accounts, we’re giving away the proverbial keys to the kingdom. Cybercriminals operate sophisticated programming that can test your username and passwords across popular online platforms in a matter of minutes – and give them easy access to your protected accounts and stored information.
Make your email password your most secure.
It may not seem as obvious, but it’s critical the password to your email account is your most secure. If a cybercriminal gains access to your email, they likely gain easy access to your most personal information – including where you hold accounts, where you shop frequently, and even the names of your close contacts. This gives them potential answers for security questions, the ability to take on your persona, and even the ability to change passwords at their will – and lock you out of your accounts. The more assets you have, the more valuable that information – and the more worthy of a cybercriminal’s time to delve deep into your personal information.
Don’t let browsers or websites store your passwords.
Oftentimes, your browser or a website will offer to store your password. And with so many passwords to remember, it’s an offer we may be inclined to take. While that may be convenient, it’s not the most secure. Why? Because it can make it easy for anyone who has access to use your computer – physically or remotely – to view those saved passwords with a few simple clicks. However, there are exceptions. Apple’s iCloud Keychain and Firefox’s password manager can be secured – so you have to enter a master password to access saved passwords. Other browsers, however, do not offer that additional security step, so be sure to do your due diligence before allowing a browser to remember your sensitive password information.
Utilize a password manager.
The above recommendations can seem insurmountable – and indeed, each can take significant time, vigilance, and care. More and more, a reputable password manager can be a valuable investment, particularly if you have considerable assets at stake. Secure password managers are different from browser password managers: they provide an enhanced level of security by automatically creating robust online passwords and storing them with encryption for maximum protection. Lastpass, and Dashlane are two of the top password managers available. Both offer services that work across various platforms, including macOS, Windows, iOS, and Android, and both offer free versions and premium, subscription-based upgrades. To date, these services have not experienced data breaches, and because they use sophisticated encryption, even if hackers would gain access, they would not gain usable data.
Everything we do online comes with an unavoidable level of risk. Safeguarding our passwords provides one of the best levels of defense we can build between cybercriminals and our valuable personal information.
Bartlett takes cybersecurity seriously. Neal O’Farrell, one of the world’s original security and privacy experts (and one of the few with more than a decade of experience working with affluent and high net worth consumers and their families), helped develop Bartlett’s Cybersecurity Education Center, a comprehensive website that offers a wide variety of resources to improve cybersecurity, including tips, security guides, videos, and self-audits, and more. We hope you will access these resources to learn more about how to improve your cybersecurity, and share this valuable information with family, friends, business and social connections, employees, and anyone else you know.