On Insecurity

Social Media Pillows

“So someone got into my checking and savings account today and wiped me out. They left $300. I’m glad it isn’t the first of the month with rent and other bills due. They did this from the UK with a few phone calls. They drafted thousands of dollars out, changed the password to my account and all.” This was the call I got from a close friend. Thankfully his bank is making him whole again. It scared the hell out of me.

As financial institutions look for ways to make our money, which we entrust, safer, gaping holes remain. Think about the security questions you’re asked to set up.

– “What is your mother’s maiden name?”
– “What city were you born in?”
– “What was the name of your high school mascot?”

Are these questions as secure and as secretive as you once believed? What if your mother has passed away and there’s an obituary? Didn’t you join your high school’s facebook fan page based off the millionth request you got from friends you don’t really like to join the reunion you don’t want to attend?

I brought these issues up to @AmericanExpress today and they told me that they have extra questions if you don’t call from a phone number they recognize. What if the bad guys use one of the free apps or websites that can spoof the Caller ID?

If it’s digital, sooner or later it can get hacked. The good news is that you can do things to make your account more of a pain for thieves, in hopes that they’ll go find an easier target. Here are some ideas:

Instead of using one of the default security questions, ask your bank and credit card company if you can use either a password, instead of a simple security question or a PIN. Speaking of a PIN, don’t use the same one you always use. Try a random number generator to have it pick a number that’s typically not associated with you. While you’re at it, ask them for a new debit and credit card with a smart chip. They’re much more difficult to steal and you’re going to get one anyway between now and 2016, guaranteed.

For your logins, use multi-factor authentication when available. Some instances require you to enter your user name and password into the site you’re trying to log into, then the additional step happens when the site sends you a short code via text to enter as well. This additional step takes a few moments, is not a perfect fix, but makes it much more difficult for someone to compromise your account. Don’t just do this for your financial parts of your life, do it for everything that will allow. Especially your email and social media. If someone else attempts to gain access to your account and wants to send a password reset, it’s going to your email. Wouldn’t you like a jump on that with a quick text making sure it’s you? @Lifehacker has a nice list of places to enable multi-factor/two-factor authentication.

Make some changes to the way you secure your online data, it’s a small pain that will save you the nightmare of having to cancel everything and start over if your accounts get deeply compromised. Sadly, it can happen to any one of us.