How to Keep Your Digital Accounts Secure
As Americans become more reliant on the Internet, cybersecurity threats also continue to surge. In 2017, there were 16.7 million identity fraud victims1 – this represents an increase of one million victims over one year alone.
Among these victims were consumers who had their account credentials stolen. Dubbed account takeover, this type of fraud involves a hacker using valid account information to extract funds or purchase new products and services. Account takeover fraud reached an all-time high in 2017 with $5.1 billion in losses.1
As account takeover continues to rise, how do consumers protect themselves?
While you might be tempted to go “off-the-grid” by reducing as many digital accounts as possible, this response is impractical. Because of the ubiquitous usage of the Internet, your account information is stored online, regardless of whether you conduct your activities online.
Instead, we recommend a multi-layered approach to cybersecurity – in other words, defense in depth. By setting up multiple layers of protection, you will decrease the likelihood and magnitude of account takeover fraud.
In this article, we’ll review six strategies for keeping your digital accounts secure.
Create strong passwords
This should be common sense. Unfortunately, many Americans still use easy-to-guess credentials. For example – SplashData analyzes millions of passwords from leaked data breaches to produce its annual Worst Passwords List.
The top three passwords of 2017?
123456, password, and 123456782.
Not only are these passwords incredibly easy to guess, but they have also remained unchanged for the past six years. Using weak passwords isn’t just foolish, it’s also incredibly counteractive to keeping your account information secure.
How to Create a Strong Password
Make sure your password is long (at least 12 characters) with a string of random numbers, capital and lowercase letters, and symbols. While it’s okay to use plain, random words, steer clear of common phrases, such as common quotes, Bible verses, or lines of Shakespeare. Remember – hackers aren’t always people. Instead, they are often algorithms that are trained on large sets of data. To stay ahead of these trained programs, it’s important to keep your password as long and randomized as possible.
Make sure each password is unique
In addition to making sure your password is strong, it’s important to keep each password unique. Facebook CEO Mark Zuckerberg learned this in 2016 – both his Pinterest and Twitter passwords were hacked after his LinkedIn password was decrypted. By reusing passwords, you make it easier for hackers to crack multiple accounts with just one login credential.
Instead of trying to remember each unique password, use a password manager, such as 1Password or LastPass. With password managers, you will only need to memorize one, unique master password.
Change passwords regularly
If a hacker does steal your password, regular changes will prevent continued access to your account. Stolen consumer data often circulates among hacker forums and online black markets for an extended period of time. By keeping your passwords fresh, you will prevent account takeover incidents from occurring.
Use multi-factor authentication whenever possible
Multi-factor authentication adds an extra level of security to prevent unauthorized access to your account. For example, if you have multi-factor authentication set up with your email, your email service provider will send a text message with a unique code upon each log in. If you enter the code before its expiration, your email service provider will then grant access to your account.
For an additional layer of protection, set up a login alert for each account when possible. When someone logs in from an unrecognized location, you will be notified immediately and – if the user is unauthorized - can contact the website administrator to block access.
Keep private information private
Private information, such as passwords, credit card numbers, social security numbers (SSN), and account numbers, should be guarded with the utmost privacy. Under no circumstances should you ever share such information over email. Furthermore, think twice before sharing your private information with third parties (for example – does your chiropractor really need to know your SSN?). When entering private information into online forms, verify that the website is legitimate and never use your browser to store sensitive information.
Avoid using public Wi-Fi to log in to your accounts. If you must use public Wi-Fi, use a virtual private network (VPN) to share data securely. Moreover, be cautious of clicking hyperlinks, even if they’re sent through known sources. Hackers have been known to use popular online quizzes to gain unauthorized access to social media accounts.
Update software regularly
Unfortunately, no software is perfect – there are vulnerabilities in every system. Keeping your operating systems, browsers, and anti-virus software up-to-date, however, will ensure hackers cannot easily use system flaws to hijack your accounts. Likewise, be sure to apply the same treatment to your mobile devices. Install trusted anti-virus software and ensure all software is updated regularly.
Although hackers are becoming increasingly sophisticated with their attacks, multiple layers of protection will help you prevent unauthorized access to your accounts. Remember, your approach to cybersecurity should be defense in depth. While you may not deter every attack, having multiple defenses will significantly decrease the likelihood and magnitude of account takeover fraud.
- “Identity Fraud Hits an All Time High With 16.7 Million U.S. Victims in 2017, According to New Javelin Strategy & Research Study”, Javelin, February 6, 2018
- “The 25 Most Common Passwords of 2017 Include ‘Star Wars’”, Fortune, December 19, 2017
How to Keep Your Digital Accounts Secure
This blog post was published by Axos Bank on October 7, 2019 and last updated on October 8, 2019.