Online Account Security: A COMPLETE GUIDE FOR PRIVATE FAMILIES

 

How do I prevent being hacked? What is the right way to approach password creation? Should I use a separate email account for all of my online activity?

The questions which arise when you think about the risks of the world wide web are near infinite. Though today, internet access is considered a basic necessity and we rely heavily on the web for our shopping, banking, researching, and conversing. With a few simple steps, we can avoid making ourselves easy targets for bad actors and cybercriminals.

This article is a primer for families and individuals which will provide a foundation of knowledge and best practices so you can be better protected while conducting yourself online.

The Basics of Online Account Security

Being smart about your personal cybersecurity is a key part of protecting your identity. However, each year about 19 million passwords are compromised.

In our complete guide to password management, we will cover a few key areas including:

So, with everyone urging us to be smarter about our security, like former President Obama, yet everyone still falling victim to hacking, like Facebook Founder & CEO Mark Zuckerberg, we authored this guide to show you how to easily be smarter and better protected online.

 

Password Basics

We all know that passwords were created to safeguard your data and identity. However, with the advent of the digital era, managing these has become more of a nuisance than a boon. In this section, we look at how to best create and manage your passwords to assure minimal disruption to your life.

Do’s & Don’ts

Many of these may seem like common sense but remember, even the best of us fall victim to taking the easy road sometimes. Be thoughtful when conducting yourself in cyberspace. Remember, it is not just online shopping that can make you a target.

Password DO’s:
  • Be complex when creating your password. Use multiple special characters as well as upper and lower case letters.
  • Be wordy. The longer the better.
  • Use a password generator, like the ones built into many password managers.
  • Generate a different password for each online account.
  • For added security, consider using a new email address for each account, particularly for accounts such as social media, gaming, or news.
  • When available, enable two-factor or multi-factor authorization
Password DON’TS:
  • DO NOT share your passwords with anyone. Remember, even tech support will not ask for your password!
  • DO NOT send passwords via email, text, chat (Skype, Slack, etc)
  • DO NOT use information which is easily guessed. (birthdates, names of children, even SSNs)
  • DO NOT use generic passwords such as 12345, admin, password, your last name, or phone number

Password Theory

In recent years, the thoughts on password strength and complexity have changed. The founder of our current password theory, Bill Burr, originally counseled that coming up with a complex string of random numbers, letters, and special characters was the most secure way to protect your accounts. This information was distributed by the U.S. Department of Standards and Technology.

Now, Mr. Burr advises that creating a random string of words is actually more difficult for a machine or AI to decode. He divulged his new line of thinking to the Wall Street Journal.

Security Fatigue

Having strong passwords (and more importantly, discipline in maintaining them) is all well and good. Yet, the fact that we all have to manage multiple accounts and multiple passwords every day of our lives has created a phenomenon know as security fatigue. This was well analyzed in a 2016 report from the National Institute of Standards and Technology.

A big danger of security fatigue is that even the messaging of how to protect yourself (ie: don’t click links you receive in email, avoid websites without a security cert, etc) all amplify the issue. To combat security fatigue, we suggest using a password manager for added security and simplified administration.

Password Manager Mini-Guide

What is a password manager? A password manager is exactly what it sounds like- a piece of software which will curate, collate, catalog, and otherwise be your complete resource for all password management. You can read our full guide to password managers here.

Beyond passwords, they can also store any data you need for use online. This includes credit card numbers, PINs, CVV/CID codes, account numbers, routing numbers, answers to security questions, or anything else you wish to put into a secure note.

All legitimate password managers include encryption that is so strong it is near impossible for a hacker to compromise it. In fact, LastPass was “breached” in 2015 but the hackers were unable to crack the master password for its encryption so consumer data remained unscathed.

Why Use a Password Manager

The benefits of using a password manager are quite simple:

  1. Secure passwords which can be auto-filled as needed
  2. Only need a master password and no longer need to remember all of your log-in details for all accounts
  3. Can save credit card numbers, PINs, and CVV codes
  4. Can save answers to challenge/security questions
  5. Can save secure notes and form-fills for other data you wish to secure
  6. Automatic changing of your passwords with a single click
  7. Military grade encryption protects all of your data
  8. Sharing passwords and log-in IDs across family members
What is the Best Password Manager

Best is a subjective term so we leave some of the decision making up to your personal preference for the user interface, features, and ease of integration into your life. However, we recommend sticking with the name brands. Due to their larger operations, staff, and budget, they have the best defense against bad actors. Here is a list of the ones we feel most confident in include, Last Pass, 1Password, Dashlane, & Sticky Pass.

Each of these brands offers syncing across devices/platforms/operating systems and are well integrated into smartphones. You can read more about each in our definitive guide to password managers.

Last Pass

Last Pass is a premium service provided by LogMeIn, a leader in enterprise security service. It has a robust suite of password and secure data management and offers a 2FA authenticator which can be used for added security of your accounts and credentials.

  • Encryption AES-256 bit with PBKDF2 SHA-256
  • Free Option: Yes
  • Premium: Starting at $2/mo
  • Team/Sharing: Yes
  • Lifetime License: No
  • Browser Extensions:  Chrome, FireFox, Safari, Edge, Opera
  • Native Apps: iOS, Android
  • Automated Password Reset: Yes

Dash Lane

Dash Lane is a full-service security suite which incorporates password management, secure notes, a VPN service, and identity theft management. It is a robust solution for those who are looking for an all-in-one product.

  • Encryption AES-256 bit with PBKDF2 SHA-256
  • Free Option: Yes
  • Premium: Starting at $5/mo ($10 for premium plus)
  • Team/Sharing: Yes
  • Lifetime License: No
  • Browser Extensions: Chrome
  • Native Apps: iOS, Android
  • Automated Password Reset: Yes

1Password

One of the original password managers, 1Password received early adoption from iOS users and continues to have a strong offering in the space. Though this is the only one of the big 4 which does not offer a freemium version.

  • Encryption AES-256 bit with a 128-bit identifier
  • Free Option: No, 30-days
  • Premium: Starting at $3/mo
  • Team/Sharing: Yes
  • Lifetime License: No
  • Browser Extensions: Chrome, FireFox, Edge, Safari
  • Native Apps: iOS, Android
  • Automated Password Reset: No

Sticky Pass

Founded by the team which created AVG Antivirus, Sticky Password rounds out the “big 4” of password managers. It is supported by a large team of tech savants who consistently assure that its encryption and its user experience are cutting edge.

  • Encryption AES-256 bit with PBKDF2 SHA-256
  • Free Option: Yes
  • Premium: Starting at $2.5/mo
  • Team/Sharing: Yes
  • Lifetime License: $150
  • Browser Extensions: Chrome
  • Native Apps: iOS, Android
  • Automated Password Reset: No

What Is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) is an added layer of protection which secures your account beyond just a password. The most common MFA is two-factor authentication (2FA). It sounds complex but it simply refers to providing two types of validation in order to access an account.

A common example is your ATM card. You insert the card to access the account and your PIN to authorize the transaction.

In cyberspace, this is usually a combination of a password and either a text code or biometric verification, like your thumbprint.

How Does Multi-Factor Authentication Work?

In the easiest of terms it combines-

  • something you know (like a password)
  • something you have (like your phone)
  • something you are (like your thumbprint)

Why Use Multi-Factor Authentication?

By utilizing even a basic two-factor authorization (2FA) process the security of your accounts is greatly improved. In fact, it is the top thing which security experts recommend for improving your cybersecurity, according to a Google Security survey.

What If A Website Does Not Have MFA?

Most websites, particularly financial institutions, have enabled 2FA or MFA protocol. Even larger, slow to change corporate institutions have been rolling out MFA options for account security.

If your institution does not offer 2FA or MFA, be sure to specifically ask for it. They may surprise you and implement it. Of course, you can always check the registry of MFA enabled websites to find an alternative platform.

What Is An Authenticator?

An authenticator is an application or device which provides a code which can be used in the multi-factor account access process.

Originally, authenticators were relegated to the corporate world in the form of a hard token. It was a keychain device which scrolled a random code which was entered when logging into a PC.

Now, authenticators come in the form of phone applications which adds convenience and reduces the administrative costs of deploying an MFA protocol.

How Do You Use An Authenticator App?

The process for using an authenticator is easy. It is installed on a smartphone, websites are added, and you’re done!

Here is a quick overview of the entire process:

  • Download the application
  • Connect it to a website or software which supports MFA or 2FA
  • Use the app each time you need to log-in

Top Authenticator Applications For Download

 There is no shortage of authenticator options. However, we prefer to keep things simple and recommend the larger and best-maintained tokens. These include: Google, Last Pass, Microsoft, and YubiKey.

Last Pass

If you already use Last Pass for password management, implementing its authenticator is an easy decision. It is also one of the only authenticators to support one-tap login.

Last Pass Authenticator

  • Cost: Free
  • One Tap / Push: Yes
  • QR Supported: Yes
  • Native Apps: iOS, Android
  • Browser Extension: Chrome
  • Hardware Accessory: No

Google

There is no surprise that Google would have a topnotch app which is easy to use and works on multiple platforms. Nothing fancy here. Just a stable application which 

Google Authenticator

  • Cost: Free
  • One Tap / Push: No
  • QR Supported: Yes
  • Native Apps: iOS, Android
  • Browser Extension: No
  • Hardware Accessory: No
  •  

Microsoft

Microsoft has a great app which is also the standard at the enterprise level. If you have are used to using this for your work functions, it will do a similarly fine job for your private life.

Microsoft Authenticator

  • Cost: Free
  • One Tap / Push: Yes
  • QR Supported: Yes
  • Native Apps: iOS, Android, Windows 10 mobile
  • Browser Extension: No
  • Hardware Accessory: No
  •  
  •  

Yubico

in 2011 Yubico moved its HQ to Silicon Valley and the rest is history. They offer the best device-based security system for consumers and enterprise alike. What we love even more is that the price point remains low.

YubiKey

  • Cost: $45
  • One Tap / Push: Yes
  • QR Supported: Yes
  • Native Apps: iOS, Android
  • Browser Extension: No
  • Hardware Accessory: Yes
  •  

The Future of Online Account Security

While surely an obvious statement, advances in online account security can only pace our active consumer technology. While some government organization or large enterprise may be the first to experiment with some of these, when we speak of advancements, we mean those that are available to private families with stable functionality.

So where is online account security heading? Here are privateRISK‘s predictions:

Biometric Scanning

Assuredly, advances in biometrics will likely be one of the easiest integrations into our daily lives. We currently utilize thumbprint scanners on all of our smartphones and tablets. In fact, fingerprint scanners are fairly old technology that many research and government facilities have been utilizing to secure their data since the days of desktop PCs.

We predict that true retina scanning will soon be available on devices as a primary  way to authenticate your identity.

Future of Biometric Scanning

Looking further to the future, you will likely see advances made in DNA scanning which allow for immediate validation of your person. Imagine a world where just grasping your phone assures the world that “you are you” and allows purchases, validates medical records, or even confirms you are the parent to your child.

Bloomberg Video on Biometric Scanning

Brain-Computer Interface

Currently more sci-fi than practical use, brain-computer interfaces are making strides and we finally have options which do not include sub-dermal installation. Currently, some of the best consumer devices, such as NeuroSky  allow you to type without hands but only at around 10 words per minute.

BCI Devices

Brain-Computer Interfaces, or BCI, utilize EEG and ECG biosensors to read brainwaves and extrapolate them into data. The data is processed by a computer which fulfills the task. Typing, moving servo motors, or even just turning things on/off are all tasks well within reach of current technology.

Future of BCI

Changing the world with just the power of your mind is a thought as old as time. Though think of how easy it would be to validate a funds transfer, order your groceries, or simply unlock your phone by thinking it. If BCI can be made to interface with our mobile devices, the future of securing your accounts will change forever.

 

Additional Learning

As you continue learning about managing property risk, the additional chapters in our guide will prove to be invaluable resources.

 

Check back for our PROPERTY RISK analyzer

Check back for the release of our property risk analysis tool.

privateRisk.org is a leading think tank for managing the personal risk, family governance, estate planning, and insurance strategies of family offices and enterprising individuals within the United States.

Be the first to KNOW

Get Breaking News, Trends, and Advice

privateRISK.org

[/db_pb_signup]