At least six million passwords for business networking site LinkedIn have been leaked or compromised, according to news reports published on 7 June LinkedIn confirmed the same. That bit is worrisome. That you could be one of them would be an even more unsettling thought. And the thought that this could even happen with one of your online financial accounts can be scary to say the least.
There is ease of transaction online, which you wouldn’t want to forego, yet Internet frauds are a big threat. So what is your way out? Partly to depend on the security mechanism that institutions and regulators put in place and mostly by taking certain measures yourself.
Regulators, including Reserve Bank of India, have done their bit by putting in place necessary security measures, such as a two-step authentications process and one-time password (OTP) for card-not -present transactions. Many financial institutions such as banks and brokerages keep your login and transaction ID separate.
But it may be wiser to do a few things on your own. One is to have a secure password, which you can remember.
Never repeat passwords
The first rule to ensure that you have a secured password is to never have the same password for all your financial accounts. The simple financial planning principle of diversifications works here too. Like you wouldn’t invest all your money in a single financial instrument, don’t have the same password for all your financial accounts. That way you can ensure that if one account gets compromised, you have another to fall back on.
Usually, hackers have easy access to all your accounts once they break into one.
Avoid the obvious
Don’t use obvious personal words as passwords. Says Mayur Joshi, CEO, Indiaforensic.com, a financial fraud investigation company, “In a social engineering type of hacking attack, if the site asks you to put your pet’s name as password. don’t put the real name. Anyone who knows you will know the answer to that question.”
So your kids’ name, your city name, your favourite actor’s name are all a big no.
Combination is king
Ensure that your password is alphanumeric; in other words, it has a combination of alphabets and numbers. You can also throw in a few special characters to make the password stronger. Then use uppercase for a few alphabets. For example, instead of having the word “ambition” as your password, you can use “Amb1ti@n”. You could also use the first letter of a phrase or poem as your password. So “never spur a willing horse” can be made into “Nsawh@123”.
Keep it long
Avoid shorter than eight characters as password, the longer it is, the better. Shorter passwords can be easily cracked with special hacking software.
Joshi says, “In a dictionary type of hacking attack, every word present in the English dictionary along with permutation and combinations of numbers can be hacked. So, instead of having animal123 as your password, mix it with alphabets, numbers and special characters, like An#m0l*12.”
Use secure systems
Avoid transacting through you financial accounts from a cyber cafe. Joshi says, “It’s best to use virtual keyboards provided on your bank’s website to type in the password. Ghost-keyloggers can read the strokes on physical keyboards, and hence virtual keyboards work well.”
Remembering multiple passwords isn’t easy. Writing them down, or storing them in your laptop or mobile comes with its own set of risks. One way to do so could be using the same password in different languages for various websites and change a few numbers for additional security. For instance, if your password is Books@1991, you could use it as Kitabey@1992 (Hindi) or Pustake@1993 (Marathi) or Pustakangal@1994 (Malayalam).
Keep in mind that these are mere guidelines. Your ideas may be completely different and secure. Be creative and you will be able to figure out different passwords for different financial accounts and yet remember them easily.