Secure Your On-line Financial Identity

Secure Your On-line Financial Identity

Banks secure your money. They do this by offering insurance (FDIC or otherwise), and are liable for any stolen funds. Because of this, they have an intrinsic interest in protecting that money — making sure it doesn’t end up in the hands of some criminal looking for a free lunch. However, they don’t insure your personal information, and they sure don’t insure your credit rating. Are there ways you can protect yourself from unscrupulous hackers and identity thieves? Sure there are, if you’re willing to put up with a bit of inconvenience.

paypal security key

Photo by Robert Nelson via Flickr

Pick A Bank Based on Security First and It’s APR Second

This suggestion probably flies in the face of what you will read on some other finance blogs. However, what is more important to you — that you get an extra 0.05% interest per month on your savings account, or that your on-line financial identity is protected?

Secure Online Banking

There are a lot of options when it comes to secure online banks, and I’m not going to pretend to know which one is the best. Personally, I use E*Trade, because they have an extra security feature available that uses RSA SecurID key fobs to generate a unique password for every login. This is an extremely secure technology, and was a big reason why I went with them. Other banks have different approaches to this issue. Some have you enter your ATM PIN along with your password, or give you a custom login screen so you know the site is genuine.

If the bank has optional security features at minimal cost (such as SecurID, although that isn’t the only secure key fob technology out there), you may want to consider getting it. Particularly if you like me and have most of your money flowing through one on-line bank and brokerage combination.

Privacy Protection

The other thing to consider in this equation is the bank’s privacy policy. Do they resell your information? I’m a big believer that those commercial “junk mail” mailing lists are a huge problem and make your identity that much easier to steal, because of the way they link all of your personal information together with a specific institution which you do business with. In this case, I will pretend to tell you what is best –- if they reserve the right to sell any and all information about you to a third party, reserve your right to not do business with them.

Secure Your Online Identity With Strong Usernames and Passwords

Use Different Usernames for Important Accounts

One of the best ways to keep your accounts from all being compromised is by using different username and password combination for important accounts. Everyone has a preferred handle or two that they like to use when registering for a site, be it Facebook or Pizza Hut. But when you’re talking about any site that stores important financial data, you may want to resist that urge.

Here’s why –- big sites like Google, MySpace, Facebook, etc., get attacked — a lot. Some of these attacks get through security, and the hacker can obtain personally identifiable information. Sometimes even usernames and passwords. And what’s worse, sometimes no one is the wiser. That is scary, because you might not know that your account was compromised.

These hackers and identity thieves know that most people use the same username and password combination as much as possible. So now you haven’t just lost access to your MySpace account, but your bank accounts and credit card accounts have just been compromised as well.

Strong Username Convention

Here’s what you can do –- develop a username convention. What I mean is that you want some scheme for being able to figure out what your username is for a given site, but you always want those values to be unique to that site. For example, if you normally go by JohnnyBoy81, maybe on your bank account site you go by BankJohnnyBoy81. Since usernames aren’t supposed to be secure, it doesn’t really matter what it is –- you’re just trying to make it just a bit harder for whomever it is that has your login to another site to get at something you actually care about. Hackers and identity thieves go after low hanging fruit -– if they start running into road blocks, they will tend to go after an easier target unless they know you’re worth quite a bit of money.

Strong Password Convention

I usually go a bit further with my passwords, but still do something similar. I have a few passwords that I use regularly on sites that require authentication, but where that authentication isn’t really protecting much. I also have a separate password that I use for highly public sites like MySpace. What you can do for your financial sites, however, is come up with a ‘secure’ password convention. Make sure it follows these rules:

  • Include mixed case letters and numbers, as well as special characters if allowed
  • Do not base it on a dictionary word (if you can search for it on Google, it qualifies as a dictionary word)
  • Determine a pattern for adding a additional characters unique to each site

What would a password like this look like? Maybe you decide that you would like your ‘base’ password for your financial sites to be g3tM3$0m3. Okay, that’s a pretty strong password, and is something you could remember by thinking, “get me some.” It meets the first two rules -– it uses mixed case letters and numbers, as well as a special character.

But we need to add something unique to that particular site. There are a few ways to go about this, but in general, I usually pick a letter from inside the site name (say the fourth letter after the first dot in the web address, and the last letter before the last dot) and add it somewhere into my password. Using Google as an example, maybe I would end up with a password like eg3tM3$0m3G (G being the fourth letter in Google and added at the end, and e being the last letter of the site name but added at the beginning of the password). You can come up with any pattern you like, as long as your passwords are sufficiently different from one another and hard to guess.

I hope I don’t have to mention this, but I would avoid using my example as your actual password scheme –- it isn’t secure if it’s been published on the Internet, now is it?

Will this stuff keep individual accounts from getting broken into? Maybe, but I wouldn’t count on it –- you don’t have control over the back-end system, and that’s where a lot of the security burden is for an individual site. But hopefully it will stop a cascading situation where you have to rush around, changing every single password you’ve ever used because one account was compromised. And that piece of mind might just be worth the extra hassle.

Read More

Please follow and like us:
Secure Your On-line Financial Identity 1

5 thoughts on “Secure Your On-line Financial Identity”

  1. You may also want to add, when it comes to banking online, users should adopt a two browser system. I do this myself and also have been preaching it to others. What do I mean by a two browser system? Well, for all my regular browsing of the internet I use Firefox and never visit any of my financial websites with it. When I need to do any online banking I use a different browser like Opera to connect to my banks website, and I never visit any other sites with it. This way if there ever is vulnerability in Firefox that happens to steal information like passwords or cookies, they won’t get my banking info, because that is in the other browser, they will just get info on sites that won’t matter as much.

  2. @DDFD Yes, paypal offers a secure key https://www.paypal.com/securitykey

    @Saj First thing I look for is some sort of ‘enhanced online security’ – if the bank has it they will probably be advertising it. The SecurID I have from ETrade is very easy to find out about. Other than that, I tend to read their privacy documents (I know, boring) and if I can’t figure it out from there, I call them and tell them I am interested in knowing what additional security features they have available to their online-banking customers.

  3. It’s simple but you are right about using different passwords for different banking/credit card related accounts. Also I try to use very complex passwords and make them as long as possible with a variety of characters to make it more difficult (although not impossible to hack

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.