Despite best efforts to avoid a cyber-attack or identity theft, it happens with increasing regularity. It is critically important to have safeguards in place that prevents a hacker who has compromised your identity from actually stealing your money. Once your money is stolen, it is nearly impossible to get it back. There are two simple preventative steps that you should take that will help to limit your exposure of financial loss to a cyber-criminal. The first is to use two-factor authentication, also known as two-step verification, for any on-line login you use to access banking or financial information. Two-factor authentication is a method of confirming a user’s claimed identity by utilizing a combination of two different components. Use of an ATM card is a good example of two-factor authentication. To withdrawal money from your account, you need both the ATM card (something you have) and your PIN number (something you know). In the on-line world, you are commonly asked for your password, which is something you know. Most financial web sites now can send a unique one-time code to your cell phone to be entered into their site when logging in. Thus, in order to login to the site, you would need both your password and possession of your cell phone (something you know and something you have). This significantly mitigates the risk that a bad actor can get into your financial accounts should they somehow otherwise obtain your login information. Login information, without also having possession of your cell phone, is worthless. Most bank and brokerages, including Fidelity and Charles Schwab, offer this security option to their customers without charge. We recommend that you enable this feature today.
The second simple preventative step you should take to limit cyber-attack damage is to implement the use of a password manager. Given the sheer number of passwords that most people are required to have, they commonly use the same password for multiple sites. If a cyber-criminal obtains this password, they have access to multiple sites, extending the scope of the damage that can be done to you. To manage this risk, you should use a unique password for every site that you access. The safest and most practical way to do this is by employing the use of a web-based password manager. These ingenious tools allow you to keep all of your user ids and passwords in one secure place. They will even suggest unique passwords for all of your web sites so you don’t have to constantly make up new ones. The best password managers require the use two-factor authentication to access your password data – you should insist on and use this feature. Not only does using a password manager improve your cyber-hygiene, it also is convenient. Once you log into your password manager, it will automatically log you into any stored web site that you wish to visit. For those sites requiring two-factor authentication, it brings you to that point in the login process. There are several vendors offering password managers. Two that we know of are www.lastpass.com and www.roboform.com .
Implementing the above two protocols now will not eliminate your risk of being the victim of a cyber-attack, but it will significantly lessen your exposure to financial loss.