After the recent Equifax data breach, you’ll want to make sure your accounts completely secure. Here are our best tips for creating strong passwords.
In the aftermath of the Equifax data breach this past summer, everyone is understandably concerned about identity protection. Many have to take extra steps to secure our identities. You may have put a freeze on your credit report. Or maybe you signed up for a credit monitoring service. But did you know that two-factor authentication and password strategies can also help you secure your accounts and your identity?
What these two strategies do is make access to your accounts more complicated. The downside is that making your accounts more difficult for thieves to access can also make things more inconvenient for you. But given that identity theft is rising dramatically, it’s well worth the minor inconvenience.
Types of Two Factor Authentication
Two factor authentication is commonly referred to as multifactor authentication. It’s based on the idea of requiring two or more verification steps in order to log into an account or a secure site. Some banks and other financial institutions already require two-factor authentication. Sometimes you can choose to add it to your account. If you have the choice, you should always say yes to this option.
One-Time-Use Security Codes
You’re probably already familiar with two factor authentication from some of your accounts require it. In this setup, an institution will send you a security code, typically by text or email. To log into your account with that institution, you’ll need both your password and this security code. In most cases, the security code will be temporary. It may be valid for only a few minutes for a few hours.
In some cases, you can log into your account with just a password if you’re using a recognized device from a recognized IP address. But if you log in from somewhere new, the institution will automatically send you a pass code. This protects your account from potential hackers using unfamiliar devices or IP addresses.
Other times an institution will use CAPTCHAs. These are the scrambled codes that you are asked to enter into a box on the same page in order to verify that you’re an actual human being. Websites have started using these to prevent “bots” from accessing your account. Hackers can program bots to search for and seize identifying information. Verifying your humanity confirms that you’re not a bot.
Credit Card Security Cotes
Online vendors typically use a different form of two factor authentication. When you make a purchase online using your credit or debit card, the vendor will ask for the basic information – your credit card number and the expiration date of the card. But then they will ask you for the three-digit security code that appears on the back side of the card next to the signature box.
This prevents someone from using your credit or debit card with just the number and expiration date. Store clerks, online representatives, and others can easily access this particular information. But the security code is less commonly used in transactions. So it provides an additional layer of security.
In many cases, a financial institution may also establish security questions. This can be obscure information, such as your mother’s maiden name, the name of your first best friend, or the name of your first pet. It could even be the name of the street that you grew up on. This is why you should always provide this information when you set up an account or sign up for a credit card. Thieves may have your credit card number and expiration date, but not the answers to the security questions.
Security questions are similar to one-time-use security codes, except that you already know the answers. You may be able to skip the security questions if you’re logging in from a trusted device. But if your login is coming from someplace new, the website may ask one of your security questions.
Even More Authentication Options
Some vendors and institutions are also asking for additional information, such as the last four or six digits of your Social Security number, in addition to your username and password. Others are turning to biometrics, such as your voice or your thumbprint. A bank that I deal with routinely requires a thumbprint on cash withdrawals. This is an example of biometrics as a security factor.
Password Strategies for Securing Your Accounts
Two factor authentication is an excellent strategy for securing your accounts. But whether or not that level of protection exists depends on the institution, and is largely out of your hands (unless you have the option to add it).
Closer to the ground, password strategies are perhaps the most proactive way to protect your identity and your accounts.
There’s a bit of tension on this front, and it’s completely understandable. The most secure passwords are the most complicated. But since we have to access our accounts on a regular basis, there’s a strong argument in favor of simplicity.
That conflict is best resolved in favor of security over ease.
That means creating strong passwords. As a general rule, you can think of a strong password as being one that you can’t remember yourself. After all, if you have difficulty with it, you’ll be making it virtually impossible for a thief to hack.
Creating Strong Passwords
Creating strong passwords is a multistep process. It takes more time, but it’s the best way to protect yourself.
Use these tips to create strong passwords:
1. Create passwords that use a mix of letters, numbers, and symbols. Also use both upper and lowercase letters. A thief may be able to guess a word or number that you will use. But it will be much more difficult to hack a password that contains a word and a number, as well as a symbol that makes absolutely no sense.
2. Never used identifiable names or numbers. For example, don’t use your name, any part of your address, your spouse’s name, your kids’ names, your phone number, and absolutely not your Social Security number. If you must use names or numbers, pick ones that are more obscure.
3. Scramble your passwords. That means creating passwords that don’t use identifiable words or number sequences.
4. Let websites create passwords for you. If that service is available, take advantage of it. They will create completely unrecognizable passwords that can’t remotely be tied to you.
5. Longer passwords are better than short ones. This is especially true if they make no sense.
6. Use a different password for every account that you have. No, that’s not convenient at all. But that’s the whole point. If you have a different password for each account, a thief can’t access all your accounts with a single password.
Naturally, any password that will be impossible for a thief to decipher will be difficult for you as well. That means you won’t be able to commit them to memory. Avoid writing passwords down and displaying them were people can see them. A better alternative is to use an online password manager such as LastPass.
It won’t be convenient, but that’s exactly what we’re going for!