My Sunday Washington Post Business Section column is out. This morning, we look at how to avoid usual errors when you are managing your online banking, investment, and retirement accounts: Protect your assets by practicing common-sense cybersecurity.
Here’s an excerpt from the column:
“We spend most of our time in financial markets looking at ways to deploy our capital: What assets to buy or sell, how much we should save for retirement, whether we should own more of these stocks and less of those bonds.
We don’t spend so much time thinking about the ways we can lose that money — to fraud and to common theft. We should be more vigilant, especially as we move our lives online, with digital access to our checking and savings accounts, our online portfolios, even our taxes.
It is impossible to make yourself hack-proof, but you can make yourself less vulnerable. It all starts with some common-sense security steps. Three ways you probably can improve your existing practices.”
There are quote a few common sense suggestions that I am going to bet many of you are not following . . .
Source:
Protect your assets by practicing common-sense cybersecurity
Barry Ritholtz
Washington Post, April 12 2015
http://wapo.st/1GWSmMH
BR, what’s your feeling about using password managers (e.g., 1password or Keychain Assistant)? When one uses a different password for everything that wants one, it quickly spirals beyond and human’s ability to manage. And how often do you think that passwords should be changed?
My thinking is that if one uses a different password (key) for every account (lock), the scope of the damage from any service you connect to is limited, and making changes for the sake of change imposes huge overhead (when one has thousands of passwords), and would seem to offer no advantage if one uses randomized passwords that have no semantic content (e.g., words, leet-speak, dates or other significant numbers).
Do you think that multi-factor authentication offers significant benefits?
One of the things that baffles me is why I still have financial accounts with major financial firms where the usernames and passwords for internet access are not case sensitive and can’t use special characters. Those are simple changes that dramatically reduce the breakability of passwords.
I use Thunderbird running on my Linux operating system. The email is always shown as plain text. You have to enable any thing beyond that for each email. Nothing automatic. I run programs like that in non root mode so it is hard to install malware with out me granting the root password. Good administrators can lock down a Window computer like this. I am a hobbyist not a professional. A tip for creating a good password is to use a sentence and use some symbols and numbers for some of the words. This makes it easy to remember but hard to crack. Ritholtz’s blog is greater than the power six to educated and inform, becomes Rbi>tt^62eai which is tough to crack but not hard to remember. Store passwords like this in a file encrypted with the directory being set to only give you privileges to read or write to. And do not share your passwords. Never just click on links in browsers or emails unless you first check and see where the link goes to. Beware of plishing attempts. One clues is they all seem to prey on peoples greed or fears. Readers to this blog are a sophisticate bunch and I am sure others have good tips.
I use “two factor” authentication for my investment accounts: They provide me an RSA random number generator and I enter that code along with my password each time I login. If my password gets hacked a thief still can’t log on to my account because they don’t have the dongle.
Also, when I create passwords I take the first letters from each word in a sentence that is meaningful to me. For example:
I went to Jamaica this summer with my Son George, wife Sharon and daughter Sally.
Becomes as a password (with a special character and number at the end). So to remember the password, just remember the sentence. It is for all purposes un-crackable.
IwtJtswmsGwSadS2!
Very good advice! Unfortunately nothing is infallible. “This is your main address — for colleagues, clients and peers.” I have such an address for family use only. I have a different one for friends, yet another for business, and still yet another for businesses that have been hacked but I must deal with anyway.
Yesterday my family address received spam from a bot that is running on one of my grandson’s tablet. Now that address will soon get spam. I think my e-mail provider provides for “whitelist only” and I’ll have to switch to that.