Are Your Passwords Putting You at Financial Risk?

by Kevin on May 25, 2010

My PayPal account was hacked last week. Thankfully PayPal’s customer service stepped up to the plate and handled everything for me. In my last post I mentioned four steps to take if your PayPal account is hacked.

I walked through the first three steps: first panic because it is natural, then dispute the charge online, then call customer service directly.

What about that fourth step? I felt it was too important and probably too long to fit into the same post. So we’ll talk about it today: improving your online passwords.

How Strong Are Your Financial Passwords?

The websites that hold your financial information are like vaults. They are designed to prevent someone from walking up, opening the door, and leaving with all of your cash.

But a good vault is easily opened if the thief has a copy of the key or knows the combination.

The passwords you create for these vaults are those combinations. If you’re using something like 1 – 1 – 1, well, don’t be surprised when someone walks out with all the goods inside the vault.

Creating strong passwords is a critical element in keeping your financial information secure.

Never Use the Same Password Twice

Now imagine you have six vaults holding the following information:

  • your e-mail inbox and contact list (remember you may have secure information in insecure emails as well)
  • your checking account at your local brick and mortar bank
  • your online savings account
  • your PayPal account, which is linked to your credit card
  • a credit card with American Express
  • a credit card with Visa

If you’ve got one key or combination for all the vaults you’re in trouble. The thief can go to the first vault, take everything they want, then move on to the next vault and use the same key without having to worry about whether or not they need to crack the next vault.

In essence using one password for all of your online vaults is like cracking the vaults open for the thief ahead of time.

Contrast that scenario with one where you have six unique and difficult to crack passcodes. One unique key for each vault. If the thief steals one key you only have to worry about one account being compromised. The thief can’t go from one account to the next cleaning you out.

How to Create a Strong and Unique Password

You want the combination to your vault to be as complex and secure as possible while also being something you can remember.

(There’s nothing like having to jump through multiple stages of a website’s password recovery tool only to then have to reset your password to something new that you will never remember.)

Different websites have different requirements for what your password can be composed of.

The strongest requirements are:

  • at least one upper case letter
  • at least one lower case letter
  • at least one number
  • at least one special character (such as %, &, #, @, !, ?, *)
  • a minimum of 8 characters

But remember you do not want one password to cover all of your websites. No matter how many special characters you throw in — if your one and only password is compromised, you’re toast.

To combat this you can use a unique password scheme based on the website. One of my favorite websites, Lifehacker, has a fantastic article about how to chose and remember strong passwords. I highly recommend looking over that.

You can also check out Microsoft’s password strength tool. Just type in a password to test and see how strong of a password it really is.

Other Password Tips:

  • You might want to consider rotating passwords every 3 or 6 months.
  • Avoid using words in the dictionary in your password.
  • Never use things like “password” for your password.
  • Avoid using one of the Top 500 Worst Passwords.

Comments on this entry are closed.