Your password needs a password

Your password needs a passwordYour bank and your email provider know a thing or two about passwords so they know that to really protect you, your password needs a password.

Cyber criminals have developed the tools they need to crack just about any password. In fact, the question isn’t whether they can crack it, but how long it will take them to do so. That’s why Peoples Bank recommends that a password be “long and strong”, the longer and stronger the password, the more time it will take to crack, and the more time you have to protect your account when the attempts to hack it are being made.

But, there is a great way to introduce complications for the bad guys bent on cracking your password. The technology is called “two-factor” or “multi-factor authentication.” It is essentially a password for your password. Here’s how it works.

Multi-factor or 2-factor authentication processes require multiple assurances that you are the one trying to access the protected area. It asks for information only you are supposed to know and relying on something that only you can have. In most cases, those 2 things (what you know, what you have) are the 2 factors of authentication used at the time the account was setup and confirmed via mobile device.

Peoples Bank installed this multi-factor security system years ago for its online banking customers. When you are at the bank’s website and want to log in, you need a user id and password, the 1st factor, what you have to know in order to access the site. The system will send a message to the device you have (the 2nd factor), and if it’s in your possession, you can enter that bit of information to the site. With that action, the site has received reasonable assurance of 2 different types of input asserting that it is really you—so it will let you in.

Most of the big name email providers such as Microsoft’s Outlook.com (formerly Hotmail), Google’s Gmail and Yahoo! Mail provide 2-factor authentication systems to protect their customers’ email from being hacked. If your email provider offers it, we strongly suggest you enroll in that program; if it doesn’t, we suggest you get an email from a provider that does and use that new email account to access your online financial accounts.

In most 2-factor systems, the 2nd factor is a random number or set of characters sent as a text message to your phone. Other times it is a special message sent to an app that received certification when it was installed on your device.

Many businesses focused on security have replaced their vulnerable VPN systems with such multi-factor systems to protect their business. (If it has not, it should.)

The assumption is that a cyber criminal is unlikely to have your phone when trying to access your account. More advanced multi-factor authentication systems for business customers even take this scenario into consideration and remove the threat of a criminal having stolen your phone to access secure information.

Microsoft has developed a new technology released in Windows 10 to use facial recognition rather than a password. Called “Windows Hello”, it is hoped that such technology (and similar offerings from other vendors) will eventually establish true personal identity security.

How do you know if you have been hacked?

How do you know if you have been hacked?All this talk about how everybody is vulnerable to being hacked; how do I find out if it happened to me?

The Director of the FBI famously said that all the big companies in the country have been hacked, some just don’t know it yet. Strong words. With such widespread criminal behavior, against heavily protected organizations, it makes sense that every person with a computer should know how to figure out if he or she have been hacked.

You may have been hacked if:

  • There are posts on Facebook, Twitter or other social media from your account that you didn’t write.
  • A friend or family member says they received an email from you that you didn’t send.
  • Someone calls your mobile phone saying they are returning a call you didn’t make.

If you believe your account has been hacked, first diagnose the problem by determining which accounts are affected and the specific action performed on those accounts. Change your passwords to “long and strong” new ones, or in the case of your mobile phone, request a new SIM card. Then notify your friends and family that your account may have been hacked and to be on guard against a fraud. If you believe your computer or device has been hacked, run a malware checker or other detection tool to get it cleaned up.

If you suspect that your banking accounts (including debit or credit cards) have been hacked, notify the bank immediately to block those accounts from further fraudulent activity.

What to do if your account is taken over and you can’t change the password

Skilled hackers will try to take over your account and change the controlling email account so you can’t change your password on your own. (This is why we recommend you use a 2-factor email provider and that passwords are not shared by other online accounts.) If this happens, then your only recourse is to contact the support desk from the account(s) affected.

All the major web sites have people on staff to help with these problems. You can search for the particular support desk for your problem, or simply call their support number.

Prepare now to save money this holiday season

woman with shopping bagsThe joy of giving can give way to the heart-ache of debt if you have a poor strategy this upcoming holiday season. So, in the interest of long-term joy, we offer these tips to help you save money by spending wisely.

Experts recommend that you always work within a budget, and since your holiday budget is likely to be similar to last year, it shouldn’t be too hard to develop one for this year. Advance planning removes the pressure of a deadline, but it can also save you big dollars.

Shopping ahead is always smart. If you’re the type of person that likes to find special gifts, advance planning can save money with shipping, if nothing else.

Be aware that “Free Returns” doesn’t always mean free returns. Factor in the cost of shipping and packaging returned items.

Not all websites are created equal. Walmart.com offers free shipping, for example, where others don’t. And, you find just about everything you need on Amazon (just watch those shipping and return costs).

A lot of money can be saved by reducing what you spend now on everyday meals and entertainment. This will help you build up sufficient funds to avoid costly credit card balances later. The less you have to leave on a credit card every month, the less you pay in high interest costs.

For more information, and links to helpful resources, read Money Saving Tips for the Holidays on (of all places) bankrate.com.