News & Publications

Blog

Online Security Tips & Safeguards

September 01, 2015

Have you ever received an email indicating that your password for a routinely used website had been successfully changed?  This type of email is usually reassuring as an added measure of security. But what if you did not change the password? Suddenly this kind of email takes on a new tone.

As consumers in the digital age, you take online security seriously. And with multiple email accounts and a wide variety of website accounts  - from myPay, healthcare accounts , Amazon, social media, banks, investment companies, libraries and probably about 50 or 60 you have forgotten since you only signed up to get a discount coupon - you do our best to use secure passwords.  You also sign up for two-factor authentication, and you list an email or cell number to receive verification when you need to change a forgotten password. These safeguards provide a sense of security.

Now Consider This:

You move and change your phone to a new, local number or you change cell phone providers. .  You diligently update your new address on all your different accounts, but you neglect to update the previous phone number. Months go by and everything is fine.  Then you get that email (at least you remembered to sign up for alerts) saying that your password on a site has been changed using a text link which you discover was sent to your old cell number.  You try to log into the site, but find that the password has been changed and you cannot log in. Since this site offers you the option to use their log in for many of the other sites you frequent, and there are just too many passwords to remember, you have taken advantage of this option.

Now what?

Determine how the password was changed and set up a new, secure password. Then remove the old phone number from your profile. Once the site is secure you can concentrate on tracking down how the new owner of your previous phone number and figuring out how and why this happened.

Be aware of how this information was accessed. There are multiple online sites that will facilitate finding the owner of a phone number. Two of the most common sites are Spokeo and White Pages, which collect information from public records and allows site users to find information about people using a name, phone number, address or business.  This can be an excellent tool when you would like to reconnect with someone you haven’t seen in a long time or whose contact information you have lost, but it also allows those whose intentions are not as benign access a great deal of personal and historical information.  A quick check using my name turned up 13 past addresses. Once you have a name, it is easy to try some of the most used combinations of email addresses to gain access an account. To help protect your privacy, you can remove your information from Spokeo using http://www.spokeo.com/privacy, but since the site keeps getting information and generating listings you may want to make this an annual event for everyone in your family, including your children.

Consider a Password Manager. With so many financial transactions now done online, it can be difficult to make sure these transactions are secure.  Using a single password across all sites is tempting, but a better option is to use unique passwords and rely on a password manager. Top Ten Reviews provides an excellent comparison chart for selecting one that suits your needs.  Many offer the option to generate passwords based on criteria you provide, such as length, special characters, or upper/lower case, and to export the information to a spreadsheet so that you can save the most recent set in a secure place in your home (not in the desk next to your computer) in case you need to access a site but have lost access to your manager.

After putting in so much effort to pay bills on time, save, invest and manage your money, it is important to protect your hard work by using some of the tools available for online security. For more information on passwords and online security visit:

Public Wi-Fi Safety

Worst Passwords of 2014

Guide to Password Security

Guest Contributor: Cheryl Myrick, AFC® 


Comments


Back to Top