The types of data breaches that happen regularly are not typically affected by how secure our login passwords/procedures are. When point-of-sale systems are breached, my login has no bearing on how companies store and secure personally identifiable information. I believe that the security of financial data has a fundamental infrastructure problem that needs to be addressed. When user data is hacked though, there are things that we as users can do to reduce our risks.
- 2 part authentication should be active on every account that you have that allows it – even email and facebook. When passwords are hacked, your account will still be secure with 2 part authentication. Here is a good article to get you started… Here’s Everywhere You Should Enable Two-Factor Authentication Right Now
- use good passwords – not stuff like 12345 or password, change your passwords regularly too and don’t share them with ANYONE – no company should EVER ask you for your password. If you get such a request, that should be a red flag (see below for more info)
- monitor your credit for free through Credit Karma (https://www.creditkarma.com/), if you see anything fishy, take care of it right away – don’t wait
- have a separate account for online purchases and only transfer the money into it that you need to make specific purchases
- understand that your phone, your tablet, and most any other portable devices, upload your pictures and other things automatically to your account on the internet. This is a feature that can be disabled if you don’t want it happening
- finally, this is for all online activity, if it’s important to you that something stays private i.e. pictures, what your doing, where you are, who you are with, etc., don’t put it online period
For login security, 2 part authentication is a must. I was disappointed find that not all financial sites offer it. (I’m calling you out Chase Card Services and Mint!).
The folks at Experte reached out to ask me if I would include a link to their password generator here: Experte secure generator with a computability simulator and check to see if the password was found in a data breach/hack built in. I would not recommend using this service for any account that you care to protect. I asked them if the password is hashed or otherwise secured so it is not sent in plain text for the computability check or hack check. They never responded.