(Disclosure: Some of the links below may be affiliate links)
These days, most of your personal finances are probably online. You probably have access to your bank through an online banking platform. Also, you are likely to access your broker through your browser or your phone. If someone is getting access to your online personal finances, he can do a lot of harm!
It is essential to protect your Online Personal Finances! There are many things you can do to avoid getting hacked. Many people have very poor online security because they think it cannot happen to them. But it can happen to anybody! And some people do not care because they only think of their Facebook user account, for instance. You may not care about your Facebook account. But you need to be extremely careful about your Online Personal Finances!
Contrary to what a lot of people believe, anybody can be a target for hackers. You want to avoid being an easy target. Most hackers will stop early because they want to focus on easy targets. You are unlikely to be a target of a team of hackers ready to do everything to get to your online accounts.
Now, I am not a security expert by any means. But I am a computer scientist, and I have had several security courses. This knowledge makes me more security-aware than most people. I want to share some simple tips that could significantly improve the security of your personal finances!
In this article, you will find 12 Tips to Secure Your Online Personal Finances! If you follow them all, your online personal finances will be much more secure!
1. Use Long Passwords
The most important thing you can do to secure your online personal finances is to use very long passwords!
For password, length matters! The time when passwords were eight or ten characters long is over. You need to use very long passwords. Generally, most online services will have a limit on the length of passwords. You should use a password as long as allowed.
A password such as Iamaverylngpasswrdthatalmstnbdyculdguess is much better than 1@#Ç[¬982. The latter can be cracked in less than a day by any computer these days. But it would take a century to break the first one. Note that I omitted all the o characters from the password. While the password made of dictionary words would still take very long to crack, the other one is almost impossible to crack.
It takes much longer to crack a long password than a complex one. This fact is why some websites do not even allow special characters anymore. Of course, you should still try to make it a bit complex! A long and complex password is always a great thing!
Longer passwords beat complex passwords!
2. Avoid Simple Passwords
Unfortunately, long passwords are not enough. You need to avoid simple passwords containing dictionary words. A simple phrase is too simple to crack. For instance, averylongpasswordforme can be broken in less than a day by a simple computer. On the other hand, averrylonggpasswwordformme would take forever to crack, even on a mighty cracking computer. And it is not because it is longer. It is especially strong because it does not contain only dictionary words. Typos will help you a lot if you want to craft long passwords.
Here are a few things you can do to avoid simple passwords:
- Avoid dictionary words. For instance, avoid the words dog, cat, and password in your password.
- Make typos in words. Replace password with passwword (still not a good password!).
- Add some punctuations.
- Add some numbers into it.
If you make a long password following these rules, it should be safe.
3. Never Reuse Any Password
Even if you use the strongest password on earth, you should never reuse it more than once.
A computer may never crack it. But what if the company you use is hacked and your password is compromised? Or what if someone learns your password in another way?
If one of your passwords is compromised, this should not impact the other websites you are using! You do not want to risk having a single security issue becoming a huge problem for you!
Never use the same password on more than one website!
Now, you are probably thinking: How can I remember unique passwords that are long and do not use dictionary words? Do not worry! Most people cannot!
If you have many passwords, you will need to use a password manager to help you. A password manager is like a safe containing passwords. It will include all your passwords and will help you generate new passwords.
There are tons of password managers available. I use LastPass. I have been using it for several years, and I am delighted with it. But there are others such as KeePass and 1Password, for instance.
Now, a password manager will only be as safe as the master password you are choosing. You need to be extra careful with this master password. You want as many characters as you can remember, ideally about 20 characters or more if you can remember more. And you should never write down this password!
And you must use Two-Factor Authentication (2FA) to access your password manager.
4. Use Two-Factor Authentication (2FA)
Whenever it is available, you should use Two-Factor Authentication (2FA) for all online services! 2FA adds a second layer of security to your accounts. After you have typed in your password, the service will ask you a second question.
These days, the most common type of 2FA is done by using a smartphone. The most used way is to have an application on your phone, such as Google Authenticator, that will generate a key for you. This key is time-dependent, so it is only valid for about 30 seconds or so.
Another way is for the service to send you a text message with a code. For both ways, you can then enter the code into the online service.
There are other, more secure ways to do 2FA. These ways are based on the hardware computation of a key. Hardware keys will be the most reliable way to protect your account by requiring a unique hardware token to be authenticated. One good example is a Yubikey.
I am using a Yubikey on each of the services that support it. This is the best level of security that can be achieved. Unfortunately, many services still lack support for a true hardware 2FA solution. But even software 2FA already adds a great layer of security.
Two-Factor Authentication will not protect you from everything. But this will add a solid layer of security on top of your password. If somebody happens to crack your password, it still has to go through this second layer. I am using 2FA for several services, such as my Interactive Brokers account.
Two-Factor Authentication is not an option but a must to secure your Online Personal Finances!
5. Do not answer security questions
Security questions for account security are a thing of the past.
Questions such as “What is the maiden name of your mother?” should not be answered faithfully. You should not answer any of these questions with the real answer. The problem is that most of them can be answered by researching information about you.
One good strategy is to treat these questions as a secondary password. You can use a second password to answer them. But most of the time, you should skip them if the website lets you. They are just more open doors for hackers.
If you can, you should skip security questions for your online personal finance accounts. Otherwise, use a question that only you can answer.
6. Protect your computer
Your online security is not only about passwords. You also need to protect the devices that access the internet. If you have robust passwords, but anybody can access your computer without a password and login back into your broker account, your passwords are useless.
Since you use your computer to access all these vital online personal finance services, you also need to protect your computer. Here are 10 Simple Tips To Secure your Computer:
- Always have a password for your account.
- Always lock your computer when you are not on it!
- Install reliable antivirus software and make sure it runs often.
- Keep your computer up to date at all times.
- Keep your applications up to date at all times.
- Do not disable the firewall!
- Avoid opening attachments from unknown emails!
- Do not save any passwords in your browser. Your password manager should do that!
- Be careful with what you install on your computer!
- Remove applications you do not use.
If you follow these simple tips, you should already be quite secure. You need some discipline and think about what you are doing. If you do not know if a program is secure, look it up online. By spending five minutes researching security, you can save yourself tons of trouble!
Of course, you can adapt the tips based on what computer you are using. A desktop computer in your home is less of a risk than the laptop you use in a public restaurant.
7. Protect your phone
While your computer is essential to secure, your phone is probably even more critical.
First, a lot of people are using their phones more than their computers these days. And some online personal finance services only have mobile applications and no online platform. And second, you are likely to use your phone as a second factor for authentication (2FA). That means your phone is becoming as important as your password!
There are a few things you can do to improve the security of your phone:
- Set your phone to lock after some inactivity time automatically!
- Use a password and not a pattern to draw to unlock your phone or use a fingerprint!
- Keep your phone up to date!
- Keep the number of applications to a minimum. And keep them up to date as well!
- Turn off network connections when you do not use them. Turning them off will also save you some battery!
- Do not save any passwords in your mobile browser. Your password manager should do that!
- Encrypt the data on your phone if you can.
If you follow these simple tips, your phone will already be more secure than most! You should treat your phone as a sensitive tool!
8. Be careful on public WiFi
The worst threat to your smartphone and your laptop is a compromised public WiFi. A lot of times, these public WiFI networks are not secure at all. Hackers could compromise the network and place themselves between you and the services you use. So, a hacker on the same network can record everything you do.
Since the network is public, a hacker can be connected as well on it. And it can even create a fake hotspot that you will connect to instead of connecting to the real hotspot. If you connect to your bank account, the hacker will have all the necessary information to do whatever he wants. Many people highly underestimate the risks of public WiFi.
Ideally, you should never connect to a public WiFi network. Mobile data networks are much more secure than Public WiFi. If you have unlimited data on your phone plan, you should never connect to public WiFi.
If you need to connect to a public WiFi, there are a few rules that you should follow:
- Never connect to your sensitive online personal finance accounts on public WiFi.
- Never shop online on public WiFi.
- Only use secured public WiFi. It will not entirely protect you but will eliminate some threats.
- Use a VPN service if you have one.
- Disable File Sharing services from your phone.
These tips will not entirely protect you. But at least, they will help prevent hackers from getting access to sensitive data. And your online personal finances contain a lot of sensitive data.
Never connect to your Online Finance Services on a public WiFi!
9. React to security breaches
Having the best password in the world for an online service will not help if it gets hacked and its data gets exposed. Indeed, if this service was poorly managing its data, it could even expose your password directly to hackers!
And generally, when hackers get hold of this data, they will put it up for sale or even distribute it freely. That means that all the data that was breached is now public.
Since you use a unique password for each service, you only need to update the password from the compromised service. You should do this as soon as you learn of the breach. For instance, if you discover that Facebook data has been compromised, you should directly update your Facebook password!
Excellent services will send you an email after they have been compromised. For instance, I have recently received an email from Canva telling me that attackers stole some of their data. I directly changed my password at Canva. You need to react fast in these cases. The problem is that most people ignore these issues.
You should also check if you have not been compromised before. You can find collections of compromised data where you can check if your account has been compromised. For instance, you can go to haveibeenpwned.com to check if one of your emails is present in one of the breaches.
If one of your online personal finance accounts happens to be in one of these lists, you do not need to panic! It does not mean you have been hacked. It just means some of your data is available. You need to change the password of the breached service directly. If you are unsure about the email account itself, you can also change the password of your account. If you did not use 2FA before, try to use it now!
If you share too much information online, this could help hackers access your online personal finances.
For instance, if you are sharing a ton of personal information on Facebook and your profile is public, hackers can learn many things about you. And they can use these things to get access to some of your online personal finance services.
To reduce your digital footprint, you can do a few things:
- Share less information.
- Increase your privacy settings on social media.
- Remove the information that you already posted.
- Close digital accounts that you do not use.
Having a small digital footprint can help your online personal finances.
11. Use different email addresses
If you want to go one step further, you could use different email addresses for different online personal finance services.
When an attacker compromises one of your email addresses, you do not want this to give him access to several of your depending services. Often, you can use an email address to reset passwords. If you link one email address to many of your online personal finance services, it is imperative to secure it well.
Now, having one email address for each of your online personal finance accounts would be the best option. But it requires a lot of work. If you could still split your accounts with a few email addresses, it could already increase your security!
12. Use disposable credit cards
When you use a credit card online, you may want to use a disposable credit card that is only valid once.
If you use a credit card that is only valid once, there is no risk if the service is compromised or unsafe. Hackers will not be able to use the credit card again.
Unfortunately, not many services offer this feature. Revolut is one of the services that provide this feature. You can generate virtual credit cards from the app. And then, you can directly delete the credit card after you have used it. I have done that a few times for some websites that I did not trust entirely and that I did not plan on using again in the future.
I wish that more credit card companies and banks were offering this service. It is an excellent way to protect your credit card. If you can use such a feature, try to do it!
Protect your Online Personal Finance!
If you follow all these tips, your security will be much better than most people!
You should not take online security lightly. Your Online Personal Finances need to be safe! You do not want a hacker to get access to your bank or broker account!
The single most important thing you can do is to use different passwords for each service. First, never use the same password on two different websites! If you are not yet doing that, you should use a password manager. A password will remember all your passwords for you. Of course, then you need to make sure you use a solid master password. But using unique passwords is the most important thing you can do.
If you are not yet using a password manager, I recommend LastPass. But there are plenty of other options. Do yourself a favor and start using strong passwords!
Now, there is no perfect security. You need to be aware that online data will never be 100% safe. Even if your password is secure, some websites are not! There are new leaks every single week! You will need to update the passwords to breached services if you happen to use them!
How do you secure your Online Personal Finances? Have you ever been hacked?