Thursday, July 23, 2009

This Mistake Could Ruin Your Financial Life

Last week, microblogging service Twitter suffered a serious security breach. You could be next.

A hacker used time, sleuthing, and common tools to crack open a Twitter employee's Gmail account and download hundreds of sensitive company documents. Any of us could fall victim to an attack like this, and there's more than embarrassment at stake.

A March report from HSBC Direct (NYSE: HBC) found that 49% of the online population banks via the Web, up roughly 23% in two years. Online banking offers customers greater efficiency and convenience, and all the major financial institutions, including Bank of America (NYSE: BAC), American Express (NYSE: AXP), Citigroup (NYSE: C), and JPMorgan Chase (NYSE: JPM),  have online options. Most of them are secured via proven technology from VeriSign (Nasdaq: VRSN), while others employ the services of digital safekeepers such as VASCO Data Security (Nasdaq: VDSI).

Still, the password that protects your online bank information is only as good as it is difficult to decipher. Make it too easy, and you've got a serious problem. Here are three tips for making a hacker's job harder.

1. Use uncommon words.
The easiest passwords to guess are those that identify with us -- a last name, a child's name, a birthday, the name of a favored pet. Make the hacker's job harder by dabbling in cognitive dissonance, or by using gobbledygook. Have a dog named Frank? Make your password "stalactite," after the cave-dwelling rock formation.

2. Combine unrelated phrases.
Better yet, take "stalactite" and add a word to create a meaningless phrase. (Well, mostly meaningless, since it will be your password.) You can make the process fun by using one of the Web's many random word generators. One I just used returned "squeeze." New password: "stalactitesqueeze." Random. Meaningless. Awesome.

3. Use plenty of symbols.
But maybe not awesome enough. These are just words, after all, and a safecracking computer can bombard a portal with dictionaries of words and phrases until the right combination appears. You're better off adding symbols to your word or phrase of choice: "st@l@ct!te-squ3eze." Harder to guess, right? This still probably isn't perfect, because of the varying loopholes in Web security, but it'll be better than most passwords.

Yes, you should take this personally
Hackers are smart, resourceful, and equipped with a terrific variety of tools for stealing from us. YouTube alone shows 21,900 hits for videos related to "hacked password." There, you'll find plenty here's-how-you-bust-down-a-digital-door tutorials for miscreants. We're far more vulnerable than we'd care to admit.

What can we do about it? Be vigilant. Carefully watch our financial accounts. Balance our checkbooks, track our brokerage transactions, and double-check our credit-card statements every month. Because digital technology, no matter how good it gets, will never be enough to stop the most enterprising hacker. Personal security is still personal.

No comments:

Post a Comment