Banks secure your money. They do this by offering insurance (FDIC or otherwise), and are liable for any stolen funds. Because of this, they have an intrinsic interest in protecting that money — making sure it doesn’t end up in the hands of some criminal looking for a free lunch. However, they don’t insure your personal information, and they sure don’t insure your credit rating. Are there ways you can protect yourself from unscrupulous hackers and identity thieves? Sure there are, if you’re willing to put up with a bit of inconvenience.
Photo by Robert Nelson via Flickr
This suggestion probably flies in the face of what you will read on some other finance blogs. However, what is more important to you — that you get an extra 0.05% interest per month on your savings account, or that your on-line financial identity is protected?
There are a lot of options when it comes to secure online banks, and I’m not going to pretend to know which one is the best. Personally, I use E*Trade, because they have an extra security feature available that uses RSA SecurID key fobs to generate a unique password for every login. This is an extremely secure technology, and was a big reason why I went with them. Other banks have different approaches to this issue. Some have you enter your ATM PIN along with your password, or give you a custom login screen so you know the site is genuine.
If the bank has optional security features at minimal cost (such as SecurID, although that isn’t the only secure key fob technology out there), you may want to consider getting it. Particularly if you like me and have most of your money flowing through one on-line bank and brokerage combination.
One of the best ways to keep your accounts from all being compromised is by using different username and password combination for important accounts. Everyone has a preferred handle or two that they like to use when registering for a site, be it Facebook or Pizza Hut. But when you’re talking about any site that stores important financial data, you may want to resist that urge.
Here’s why –- big sites like Google, MySpace, Facebook, etc., get attacked — a lot. Some of these attacks get through security, and the hacker can obtain personally identifiable information. Sometimes even usernames and passwords. And what’s worse, sometimes no one is the wiser. That is scary, because you might not know that your account was compromised.
These hackers and identity thieves know that most people use the same username and password combination as much as possible. So now you haven’t just lost access to your MySpace account, but your bank accounts and credit card accounts have just been compromised as well.
Here’s what you can do –- develop a username convention. What I mean is that you want some scheme for being able to figure out what your username is for a given site, but you always want those values to be unique to that site. For example, if you normally go by JohnnyBoy81, maybe on your bank account site you go by BankJohnnyBoy81. Since usernames aren’t supposed to be secure, it doesn’t really matter what it is –- you’re just trying to make it just a bit harder for whomever it is that has your login to another site to get at something you actually care about. Hackers and identity thieves go after low hanging fruit -– if they start running into road blocks, they will tend to go after an easier target unless they know you’re worth quite a bit of money.
I usually go a bit further with my passwords, but still do something similar. I have a few passwords that I use regularly on sites that require authentication, but where that authentication isn’t really protecting much. I also have a separate password that I use for highly public sites like MySpace. What you can do for your financial sites, however, is come up with a ‘secure’ password convention. Make sure it follows these rules:
What would a password like this look like? Maybe you decide that you would like your ‘base’ password for your financial sites to be g3tM3$0m3. Okay, that’s a pretty strong password, and is something you could remember by thinking, “get me some.” It meets the first two rules -– it uses mixed case letters and numbers, as well as a special character.
But we need to add something unique to that particular site. There are a few ways to go about this, but in general, I usually pick a letter from inside the site name (say the fourth letter after the first dot in the web address, and the last letter before the last dot) and add it somewhere into my password. Using Google as an example, maybe I would end up with a password like eg3tM3$0m3G (G being the fourth letter in Google and added at the end, and e being the last letter of the site name but added at the beginning of the password). You can come up with any pattern you like, as long as your passwords are sufficiently different from one another and hard to guess.
I hope I don’t have to mention this, but I would avoid using my example as your actual password scheme –- it isn’t secure if it’s been published on the Internet, now is it?
Will this stuff keep individual accounts from getting broken into? Maybe, but I wouldn’t count on it –- you don’t have control over the back-end system, and that’s where a lot of the security burden is for an individual site. But hopefully it will stop a cascading situation where you have to rush around, changing every single password you’ve ever used because one account was compromised. And that piece of mind might just be worth the extra hassle.
|700 - 750||Good|
|640 - 700||Average|
|580 - 640||Poor|