Secure Your On-line Financial Identity

By Keith, on June 15, 2009

Banks secure your money. They do this by offering insurance (FDIC or otherwise), and are liable for any stolen funds. Because of this, they have an intrinsic interest in protecting that money — making sure it doesn’t end up in the hands of some criminal looking for a free lunch. However, they don’t insure your personal information, and they sure don’t insure your credit rating. Are there ways you can protect yourself from unscrupulous hackers and identity thieves? Sure there are, if you’re willing to put up with a bit of inconvenience.

Photo by Robert Nelson via Flickr

Pick A Bank Based on Security First and It’s APR Second

This suggestion probably flies in the face of what you will read on some other finance blogs. However, what is more important to you — that you get an extra 0.05% interest per month on your savings account, or that your on-line financial identity is protected?

Secure Online Banking

There are a lot of options when it comes to secure online banks, and I’m not going to pretend to know which one is the best. Personally, I use E*Trade, because they have an extra security feature available that uses RSA SecurID key fobs to generate a unique password for every login. This is an extremely secure technology, and was a big reason why I went with them. Other banks have different approaches to this issue. Some have you enter your ATM PIN along with your password, or give you a custom login screen so you know the site is genuine.

If the bank has optional security features at minimal cost (such as SecurID, although that isn’t the only secure key fob technology out there), you may want to consider getting it. Particularly if you like me and have most of your money flowing through one on-line bank and brokerage combination.

Privacy Protection

The other thing to consider in this equation is the bank’s privacy policy. Do they resell your information? I’m a big believer that those commercial “junk mail” mailing lists are a huge problem and make your identity that much easier to steal, because of the way they link all of your personal information together with a specific institution which you do business with. In this case, I will pretend to tell you what is best –- if they reserve the right to sell any and all information about you to a third party, reserve your right to not do business with them.

Secure Your Online Identity With Strong Usernames and Passwords

Use Different Usernames for Important Accounts

One of the best ways to keep your accounts from all being compromised is by using different username and password combination for important accounts. Everyone has a preferred handle or two that they like to use when registering for a site, be it Facebook or Pizza Hut. But when you’re talking about any site that stores important financial data, you may want to resist that urge.

Here’s why –- big sites like Google, MySpace, Facebook, etc., get attacked — a lot. Some of these attacks get through security, and the hacker can obtain personally identifiable information. Sometimes even usernames and passwords. And what’s worse, sometimes no one is the wiser. That is scary, because you might not know that your account was compromised.

These hackers and identity thieves know that most people use the same username and password combination as much as possible. So now you haven’t just lost access to your MySpace account, but your bank accounts and credit card accounts have just been compromised as well.

Strong Username Convention

Here’s what you can do –- develop a username convention. What I mean is that you want some scheme for being able to figure out what your username is for a given site, but you always want those values to be unique to that site. For example, if you normally go by JohnnyBoy81, maybe on your bank account site you go by BankJohnnyBoy81. Since usernames aren’t supposed to be secure, it doesn’t really matter what it is –- you’re just trying to make it just a bit harder for whomever it is that has your login to another site to get at something you actually care about. Hackers and identity thieves go after low hanging fruit -– if they start running into road blocks, they will tend to go after an easier target unless they know you’re worth quite a bit of money.

Strong Password Convention

I usually go a bit further with my passwords, but still do something similar. I have a few passwords that I use regularly on sites that require authentication, but where that authentication isn’t really protecting much. I also have a separate password that I use for highly public sites like MySpace. What you can do for your financial sites, however, is come up with a ’secure’ password convention. Make sure it follows these rules:

• Include mixed case letters and numbers, as well as special characters if allowed
• Do not base it on a dictionary word (if you can search for it on Google, it qualifies as a dictionary word)
• Determine a pattern for adding a additional characters unique to each site

What would a password like this look like? Maybe you decide that you would like your ‘base’ password for your financial sites to be g3tM3$0m3. Okay, that’s a pretty strong password, and is something you could remember by thinking, “get me some.” It meets the first two rules -– it uses mixed case letters and numbers, as well as a special character.

But we need to add something unique to that particular site. There are a few ways to go about this, but in general, I usually pick a letter from inside the site name (say the fourth letter after the first dot in the web address, and the last letter before the last dot) and add it somewhere into my password. Using Google as an example, maybe I would end up with a password like eg3tM3$0m3G (G being the fourth letter in Google and added at the end, and e being the last letter of the site name but added at the beginning of the password). You can come up with any pattern you like, as long as your passwords are sufficiently different from one another and hard to guess.

I hope I don’t have to mention this, but I would avoid using my example as your actual password scheme –- it isn’t secure if it’s been published on the Internet, now is it?

Will this stuff keep individual accounts from getting broken into? Maybe, but I wouldn’t count on it –- you don’t have control over the back-end system, and that’s where a lot of the security burden is for an individual site. But hopefully it will stop a cascading situation where you have to rush around, changing every single password you’ve ever used because one account was compromised. And that piece of mind might just be worth the extra hassle.

Read more about

Get free updates

    via Twitter
    via Facebook
    via RSS or Email

Share this article

• 
• 
• 
• 
• Share

Keith is a software engineer and freelance writer based out of Washington, D.C. His current writing project is {be} Wealthy / [get] Happy, a blog that focuses on balancing personal finance with living a full and happy life. You can also check out his Twitter feed for short bits from him throughout the week.

All posts by Keith

Please share your comment:

Comment Rules: Constructive criticism is welcomed. Please use your PERSONAL name or initials and not your business name or URL, as the latter comes off like spam and I'll most likely delete your comment. Have fun and thanks for adding to the conversation! Here's our comment policy and guidelines.

1 blogs that link to this article:

If your trackback does not show in 24 hours, please resend to this trackback URI.

1. Monday Money Links