5 ways to keep your financial information safer from hackers

Hey, do you mind if I try to guess one of your passwords? No? Okay, how about “123456” or “password”? Maybe “Max123” or “Bella2011”?

Although I hope no Get Rich Slowly readers are using any of these passwords currently, “123456” and “password” are among the most common passwords chosen. And “Max” and “Bella”? Those are some of the most popular pet names; and since pet names are commonly used too — Well …

I am no hacker, and I spend very little time thinking about hackers. I wouldn't hack into someone else's information, so why would anyone think about hacking into my information?

It happens. Every day, it happens to ordinary citizens. Tomorrow it may be you or me. Are we being as smart as possible online to protect our financial information?

While these tips will not always refer specifically to keeping your financial information safe, I want you to consider something: The more information hackers can learn about you, the more they can guess. If you act carelessly with your Facebook account, you could be indirectly compromising your sensitive information, which could possibly include your banking relationships.

Basic street smarts in cyberspace

In real life, most of us shy away from rough neighborhoods. We lock our cars and install security systems in our houses. But we're strangely lax when we're online.

Let's review a few basic guidelines.

  • Use a security code for your smartphone or tablet and a password for your computer.
  • Don't send personal or financial information via email.
  • Don't click on links you didn't expect in pop-up windows or what could be phishing emails.
  • Don't share your password or username.
  • Keep current with the latest software updates which are often released to patch some holes.

1. Pay attention to your passwords

Now that we have the basics out of the way, let's talk about passwords. If you are using “123456” as a password, it's got to go now! A few years ago, I naively contributed to its popularity too (oops!). Then I found a statistic somewhere that said up to 50 percent of Internet users use “123456” for their pass phrase, so I changed it to something with words and one number. To help me remember, I also used that password for almost all of my online surfing. Not much better. I can't find that statistic today, but I mention it because it did cause me to change what I was doing.

Here's how to make your passwords tough to crack:

  • Do not use the same password for multiple sites or logins.
  • Do not use your name or other commonly known information or anything else that could be easily guessed or researched. This could include names of family members or pets. How could hackers find out that information? More on that in a minute.
  • Use combinations of upper- and lower-case letters, along with numbers and special characters if allowed.
  • Make the password as long as possible. Hackers use programs to guess your password, so longer passwords take longer to guess. Make them tired so they move on to someone else.

We violate the above rules for good reason: it's hard to remember one password, let alone many complicated passwords, isn't it? While you can allow your browser to store your logins to websites, this isn't the most secure option either. If your computer is hacked, those passwords may also be accessed.

There is another solution. Password managers encrypt your password database and create random passwords. Everything is hidden behind a master password that you must key in and the master password is not stored on the password manager company's servers. Examples of these password managers include LastPass, KeePass, and 1Password — and there are others.

2. Keep your information private when using public Wi-Fi

I wonder how much of your private information has been viewed while you're sipping your latte at Starbucks. That brings a whole new meaning to the term “Latte Factor®,” right?

  • First, if possible, avoid visiting any websites that are sensitive until you are at home on a more private Internet connection.
  • When using public Wi-Fi, specify the connection as a public connection so your computer doesn't share information. (If you specify a private connection, your computer may become discoverable and accessible.)
  • Don't allow file- or printer-sharing. Also turn off network discovery or Bluetooth capability for devices to keep your files safer. (For PCs, turning off Bluetooth and network discovery is done through the Network and Internet portion of the Control Panel.)
  • Also, make sure your firewall is on. (This is checked under System and Security under the Control Panel for PCs.)
  • To be extra safe, you can use a virtual private network (VPN) to increase the privacy and security of your computer's Internet connection.

3. Surf safely

After all your precautions, you want to be able to visit websites safely too. First of all, don't store your credit card details on websites. And when you visit websites, make sure to look at the browser's address bar. You want to see “https” instead of “http,” especially if you are purchasing something or sharing information.

You'll definitely see “https” when you're doing online banking. If you want to log in to your online savings account, for example, you should make sure that you're actually logging in to a secure site. If you verify that “https” appears in your browser bar whenever you log in, you can feel confident that you're not landing on a fake banking page.

4. Be smart with social media

Haven't we all rolled our eyes when a friend shares too much on Facebook? Well, everyone should know that oversharing on social media has more sinister side effects too. You really don't know who is watching. If you would shred the paper version, don't post the electronic version, you know?

  • Don't accept social media invites from people you don't know.
  • Don't participate in any of the “10 Things You Don't Know About Me” posts either. Why? Some of the answers are answers to security questions that are supposed to secure your financial questions.
  • Periodically check your security settings on social media and tweak them if necessary.
  • Social media scams exist and try to get you to click on URLs that install malware or take you to phishing sites as well. You don't have to eliminate social media from your life, but maybe don't be so click-happy.
  • Customize your posts to control what is seen. Never share pictures of your paycheck or driver's license, for example.
  • Turn off geo-tagging on Facebook of when you will be home or when you won't be home — or turn off social geo-tagging.

5. Keep your email secure

Even if your email account hasn't been hacked, I'm guessing you have received emails from a friend's account that has been hacked. Try these tips to keep your information safe (and your friends' inboxes safe too).

  • Consider using more than one email account. Share one with your family and friends, use one for online shopping and newsletter sign-ups, and another one for sensitive information, such as retirement accounts or credit card accounts. Why a separate one for online shopping or newsletter sign-ups? Your information is bound to be sold at some point, so why not have a junk email address to give away?
  • You may want to change your email address from time to time, or if it has been compromised.
  • Change your email password periodically.
  • Use an email service that offers two-factor authorization. An example of two-factor authorization is: If you are logging in to your Gmail account on a computer that you have never used before, a 4-digit PIN is sent to your phone that you have to input after you have put in your actual password.
  • This seems counter-intuitive, but don't unsubscribe to newsletters to which you have never subscribed. Sneaky people blast unsuspecting email users and, by unsubscribing to these newsletters, you'll actually get more spam. Instead, use the report-spam feature of your email provider if there is one. (Personal note: I used to just delete suspicious emails, but I have an itchy report-spam finger now.)
  • Signs of phishing: misspelling, suspicious links, asking for personal information or suggesting you give out your personal information (as in, they need your login information because something has changed).

Security questions deserve special attention. When I worked at a bank years ago, one of our customers had his mother's maiden name printed on his checks. That's making it way too easy for someone to answer your security questions and reset your passwords. You don't want that.

So make it as hard as you possibly can.

  • Answer the security questions incorrectly
  • Or better yet, create some randomized set of numbers, letters, and special characters
  • Whatever you do, do not answer the question with something you just posted on Facebook

Your online information is like a puzzle. Facebook is one piece. Your email account is another. If you make it too easy to put some of the pieces together, hackers can start to see the whole picture of your life, including your financial accounts.

Yes, you need to be careful online. No, you don't need to go analog in a digital world. But you do need to be very careful. Start by evaluating these five areas of your digital life and fill in the gaps where needed. Once you have made some improvements with these areas, there is more to learn, including more about how to increase the security of your home Internet connection.

Has your information ever been hacked? Share your tips: How do you keep your financial information safe online?

More about...Banking, Planning

Become A Money Boss And Join 15,000 Others

Subscribe to the GRS Insider (FREE) and we’ll give you a copy of the Money Boss Manifesto (also FREE)

Yes! Sign up and get your free gift
Become A Money Boss And Join 15,000 Others
guest
19 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Brian
Brian
5 years ago

As a full-time traveler I’m pretty much reliant on public wifi to connect to the internet. That’s why I started to use a good VPN to encrypt all of my sensitive internet traffic. The VPN also has the side benefit of letting me stream television shows on Netflix etc. that are normally blocked when I’m traveling outside the US (more about that here: (http://everywhereonce.com/2014/05/19/how-to-stream-u-s-television-shows-while-traveling-abroad/) I don’t go crazy with “strong passwords” though because most sites lock accounts after a certain number of failed log-in attempts. The difference between a 1 MM combination password and a 10^120 combination password is a… Read more »

Beth
Beth
5 years ago

Really good point about not posting personal information that could be used to reset your passwords. People don’t view a single social media post as being threatening or too revealing, but ask them to consider the whole body of information about them that’s out there — social media posts, profiles, phone book, Google Street View, etc. — it’s a whole different story! I second the point about having a separate email address for newsletters and promotions. I also use a separate email for commenting on blogs so if I want to receive notifications it doesn’t clog up my inbox. (Many… Read more »

Jon
Jon
5 years ago

All great tips! When I am on public wifi, I only do the basics and never log into my bank account or credit card account or apps. I just get directions, do basic web searches and maybe see if a certain email has come through. I wait until I am on our private network at home to check everything else.

JoeM
JoeM
5 years ago

Bluetooth is a pretty common way for people to hack into mobile devices. If you’re not using Bluetooth (such as for hands-free car use) then disable it.

Kyle
Kyle
5 years ago

Last couple years I started using super long passwords that are really combinations of things in my life to try and help me remember. I don’t have a great way to keep track of all my passwords though.

Ali @ Anything You Want
Ali @ Anything You Want
5 years ago

Good tips! The thing I struggle with is remembering all those unique and complex passwords! Any tips?

Brian @ EverywhereOnce
Brian @ EverywhereOnce
5 years ago

It helps to create a mnemonic. For example, say you got your dog Sam in 2012 from a shelter in Austin. You can turn those details into a sentence (In 2012 I got Sam from a shelter in Austin) and use the first letter in each word of that sentence to create the following strong password I2012IgSfasiA. Remember the phrase and you’ll remember the password.

Laura
Laura
5 years ago

My tip for long passwords is using parts of common words/names along with numbers and dashes or underbars. All I have to remember is the groups I use along with sequence and I can generally figure out (by the three tries allowed, LOL) which password I’m using. A work account might be part of a supervisor’s name with a certain number I associate with work, then an underbar, then part of my name with another number that I always use. A personal account would be part of another name that I use with another number I associate with that name,… Read more »

Laura
Laura
5 years ago
Reply to  Laura

I should stress, don’t use full names or words, only partials. You can combine ones for more randomness. Ex: you have a running joke with your spouse about the Green Dog Bar (this is an example, as far as I know there is no Green Dog Bar). You then use GreDgBr as your “name” associated with that account.

(Hopefully the hackers aren’t reading this post…)

Kelly
Kelly
5 years ago
Reply to  Laura

Good suggestions, Laura! I do something similar. To eliminate using the same password for multiple accounts, you might consider using part of the website/company as part of your password. For example, you might tack on the third letter of the company name onto your “typical” password.

Sasha
Sasha
5 years ago

I use KeePass for all of my sensitive passwords and I think it is a great tool. I learned about it from an article on The Intercept: https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/?utm_medium=twitter&utm_source=twitterfeed

Dollar Bits
Dollar Bits
5 years ago

Great ideas. I really like the idea of having THREE separate email accounts. Regarding passwords… people often suggest using a third-party software program for your passwords. I am not comfortable with that. I don’t like the idea of giving a third party access to my personal information. In the same way, I am unwilling to use one of these portfolio aggregating sites where you give them ALL of your passwords. How tempting would it be for a software employee to hack into the his or her company’s website and gain access to someone’s accounts. No thanks. Call me old fashioned… Read more »

AB
AB
5 years ago
Reply to  Dollar Bits

With LastPass, you encrypt the password vault with your master password on your computer, and then it’s synchronized onto their servers. They only have access to the encrypted blob, not your master password, and therefore not any of your other passwords. True, the encrypted blob still represents a single point of failure (which other technical details seem to reduce), but you’re not handing all logins over to a 3rd party.

Fred
Fred
5 years ago

I get slammed every day with spam to my Yahoo email account saying such things as “You account has reached its limit. Please log in to reset.” The first thing I do is check to see what email account I’m receiving these from. Lately, in all cases, these came from AOL accounts.
It’s unfortunate that these phishers are becoming much more professional and realistic with these emails.

Tony
Tony
5 years ago

Great article Lisa, we are regularly approached by people who have been ‘hacked’ but there is usually little we can do other than provide advice for the future.
I think you have pretty much covered all the main points and this article is definitely a great reference point.

Maria Christ
Maria Christ
5 years ago

Thank you so much Lisa … Normally we are unaware of general security breaches in our financial account safety. I think this article will help us a lot to prevent such scams.

CG
CG
5 years ago

The single best thing you can do to protect your social media/onlne accounts (gmail, Facebook, twitter, yahoo, etc) is enable two-factor on your accounts. typically the vendor will just send you a text with a code you enter after you proive user/pass. This protects you even if the attacker has or guesses your username and password.

Most of these services also have the ability to alert you on weird logins. you should enable that as well.

Kelli B
Kelli B
5 years ago

Great tips – very comprehensive! You should definitely be careful about what you post on social media since many password reset questions are things like “what month were you born in”, “what’s your mother’s maiden name”, “what city were you born in”, and “who was your childhood best friend”.

Unfortunately, if someone hacks your account you may not know immediately. That’s why it is important to keep a close eye on your credit reports (you’re entitled to 3 free a year) as well was to use some kind of monitoring service in the meantime. Learn more here: http://www.freebiefindingmom.com/how-can-i-fix-my-credit-score-now-were-glad-you-asked/

Zach
Zach
5 years ago

Putting a password on your computer is pointless, unless you think someone you allow in your house wants your information. The fact of the matter is, everything you do to protect yourself digitally is pointless if someone has physical access to your device. Takes me less than 1 minute (literally) and a screw driver to uninstall a solid state drive or hard drive from a computer. Then your password is useless, and I have all of your saved passwords, documents, and more. Also, using special characters defeats the purpose. A long password that is easy to remember is more secure… Read more »

shares