(Disclosure: Some of the links below may be affiliate links)
In these days, most of your personal finances are probably done online. You probably have access to your bank through an online banking platform. Also, you are likely to access your broker through your browser or through your phone. If someone is getting access to your online personal finances, he can do a lot of harm! You need to protect yourself!
It is very important to protect your Online Personal Finances! There are many things you can do to avoid getting hacked. Many people have very poor online security because they think it cannot happen to them. But it can happen to anybody! And some people do not care because they only think of their Facebook user for instance. You may not care about your Facebook account. But you need to be extremely careful about your Online Personal Finances!
Contrary to what a lot of people believe, anybody can be a target for hackers. You want to avoid being an easy target. Most hackers will stop early because they want to focus on easy targets. You are unlikely to be a target of a team of hackers ready to do everything to get to your online accounts.
Now, I am not a security expert. But I am a computer scientist and I have had several courses about security. I want to share with you some simple tips that could greatly improve the security of your personal finances!
Here are 9 Tips to Secure Your Online Personal Finances! If you follow them all, your online personal finances will be much more secure!
1. Use Long Passwords
The most important thing you can do to secure your online personal finances is to use very long passwords! This one time, length matters! The time of passwords that were eight or ten characters long is over. You need to use very long passwords. Generally, most online services will have a limit on the length of passwords. You should use a password as long as they allow.
A password such as Iamaverylngpasswrdthatalmstnbdyculdguess is much better than 1@#Ç[¬982. The latter can be cracked in less than a day by any computer these days. But it would take a century to crack the first one. Note that I omitted all the o characters from the password. While the password made of dictionary words would still take very long to crack, the other one is almost impossible to crack.
It takes much longer to crack a long password than a complex one. This is why some websites do not even allow special characters anymore.
Longer passwords beat complex passwords!
2. Avoid Simple Passwords
Unfortunately, long passwords are not enough. You need to avoid simple passwords containing dictionary words. A simple phrase is too simple to crack. For instance, averylongpasswordforme can be cracked in less than a day by a simple computer. On the other hand, averrylonggpasswwordformme would take forever to crack even on a very powerful cracking computer. And it is not because it is longer. It is especially strong because it does not contain only dictionary words. Typos will help you a lot if you want to craft long passwords.
Here are a few things you can do some to avoid simple passwords:
- Avoid dictionary words. For instance, avoid the words dog, cat, and password in your password.
- Make typos in words. Replace password with passwword (still not a good password!).
- Add some punctuations
- Add some numbers into it
If you make a long password following these rules, it should be really safe.
3. Never Reuse Any Password
Even if you use the strongest password on earth, you should never reuse it more than once. It may never be cracked by a computer, but what if the company you use is hacked and your password is compromised? Or what if someone learns your password in another way?
If one of your passwords is compromised, this should not impact the other websites you are using! You do not want to take the risk of having a single security issue become a huge problem for you!
Never use the same password on more than one website!
Now, you are probably thinking: How can I remember unique passwords that are long and do not use dictionary words? Do not worry! Most people cannot!
If you have many passwords, you will need to use a Password Manager to help you. A password manager is like a safe containing passwords. It will contain all your passwords and will help you generate new passwords. There are tons of Password Manager available. I personally use LastPass. I have been using it for several years and I am very satisfied with it. But there are others such as KeePass and 1Password for instance.
Now, a password manager will only be as safe as the master password you are choosing. You need to be extra careful with this master password. You want as many characters as you can possibly remember, ideally about 20 characters or more if you can remember more. And you should never write down this password! And you must use Two-Factor Authentication (2FA) to access your Password Manager.
4. Use Two-Factor Authentication (2FA)
Whenever it is available, you should use Two-Factor Authentication (2FA) for all online services! 2FA adds a second layer of security to your accounts. After you have typed in your password, the service will ask you a second question.
These days, the most common type of 2FA is done by using a smartphone. The most used way is that you have an application on your phone such as Google Authenticator that will generate a key for you. Another way is for the service to send you a text message with a code. For both ways, you can then enter the code into the online service.
There are other, more secure, ways to do 2FA. These ways are based on hardware computation of a key. This will be the most secure way to protect your account by requiring a hardware unique token to be authenticated. One good example is a Yubikey. But this is overkill for most services and many online services do not support it.
Two-Factor Authentication will not protect you from everything. But this will add a very strong layer of security on top of your password. If somebody happens to crack your password, it still has to go through this second layer. I am using 2FA for several services such as my Interactive Brokers account and my DEGIRO account.
Two-Factor Authentication is not an option but a must to secure your Online Finances!
5. Do not answer security questions
Security questions for account security are a thing of the past. Questions such as “What is the maiden name of your mother?” should not be answered faithfully. You should not answer any of these questions with the real answer. The problem is is that most of them can be answered by researching information about you.
One good strategy is to treat these questions as a secondary password. You can use a second password to answer them. But most of the time, you should skip them if the website lets you. They are just more open doors for hackers.
6. Protect your computer
Your online security is not only about passwords. You also need to protect the devices that access the internet. If you have extremely strong passwords but anybody can access your computer without a password and login back into your broker account, your passwords are useless.
Since you use your computer to access all these vital online personal finance services, you also need to protect your computer. Here are 9 Simple Tips To Secure your Computer:
- Always have a password for your account.
- Always lock your computer when you are not on it!
- Install strong antivirus software and make sure it runs often.
- Keep your computer up to date at all times.
- Keep your applications up to date at all times.
- Do not disable the firewall!
- Avoid opening attachments from unknown emails!
- Do not save any passwords in your browser, your password manager should do that!
- Be careful with what you install on your computer!
If you follow these simple tips, you should already be quite secure. You need some discipline and think about what you are doing. If you do not know if a program is secure, simply look it up online. By spending five minutes researching security, you can save yourself tons of troubles!
7. Protect your phone
While your computer is important, your phone is probably even more important. First, a lot of people are using their phone more than their computer these days. And some online services only have mobile applications and no online platform. And second, you are likely to use your phone as a second factor for authentication (2FA). That means your phone is becoming as important as your password!
There are a few things you can do to improve the security of your phone:
- Set your phone to automatically locks after some inactivity time!
- Use a password and not a pattern to draw to unlock your phone or use a fingerprint!
- Keep your phone up to date!
- Keep the number of applications to a minimum. And keep them up to date as well!
- Turn off network connections when you do not use them. This will also save you some battery!
- Do not save any passwords in your browser, your password manager should do that!
- Encrypt your phone if you can.
If you follow these simple tips, your phone will already be more secure than for most people! You should treat your phone as a sensitive tool!
8. Be careful on public WiFi
The worst threat to your smartphone and your laptop is a compromised public WiFi. A lot of time, these public WiFI networks are not secure at all. Hackers could compromise the network and place themselves between you and the services you use. This means that everything you do can be recorded by a hacker on the same network.
Since the network is public, a hacker can be connected as well on it. And it can even create a fake hotspot that you will connect to instead of connecting to the real hotspot. If you then connect to your bank account, the hacker will have all the necessary information to do whatever he wants. Many people highly underestimate the risks of public WiFi.
Ideally, you should never connect to a public WiFi network. Mobile data networks are much more secure than Public WiFi. If you have unlimited data on your phone plan, you should simply never connect to a public WiFi. If you really need to connect to a public WiFi, there are a few rules that you should follow:
- Never connect to your sensitive accounts on a public WiFi.
- Never shop online on a public WiFi.
- Only use secured public WiFi. This will not entirely protect but will eliminate some threats.
- Use a VPN service if you have one.
- Disable File Sharing services from your phone.
These tips will not entirely protect you. But at least, they will help prevent hackers to get access to sensitive data.
Never connect to your Online Finance Services on a public WiFi!
9. React to security breaches
Having the best password in the world for an online service will not help if this service gets hacked and its data gets exposed. Indeed, if this service was poorly managing its data, it could even expose your password directly to the hackers!
And generally, when hackers get hold of this data, they will put it up for sale or even distribute it freely. That means that all the data that was breached is now public.
Since you use a unique password for each service, you only need to update the password from the compromised service. You should do this as soon as you learn of the breach. For instance, if you learn that Facebook data has been compromised, you should directly update your Facebook password!
Good services will send you an email after they have been compromised. For instance, I have recently received an email from Canva telling me some of their data has been stolen. I directly changed my password at Canva. You need to react fast in these cases. The problem is that most people ignore these issues.
You should also check if you have not been compromised before. You can find collections of compromised data where you can check if your account has been compromised. For instance, you can go to haveibeenpwned.com to check if one of your emails are present in one of the breaches.
If one of your accounts happens to be in one of these lists, you do not need to panic! This does not mean you have been hacked. It just means some of your data is available. You need to change the password of the breached service directly. If you are unsure about the email account itself, you can also change the password of your account. If you did not use 2FA before, try to use it now!
Protect your Online Services!
If you follow all these tips, your security will be much that of most people! You should not take lightly online security. Your Online Personal Finances need to be secured! You do not want a hacker to get access to your bank or broker account!
The single most important thing you can do is to use different passwords for each service. First, never use the same password on two different websites! If you are not yet doing that, you should use a password manager to remember the passwords for you. And make sure to use a very strong master password and Two-Factor Authentication. Only doing that will make your online presence more secure than 95% of the world!
If you are not yet using a password manager, I recommend using LastPass. But there are plenty of other options. Do yourself a favor and start using strong passwords!
Now, there is no perfect security. You need to be aware that online data will never be 100% safe. Even if your password is safe, some websites are not! There are new leaks every single week! You will need to update the passwords to breached services if you happen to use them!
How do you secure your Online Personal Finances? Have you ever been hacked?