Disclaimer: The information contained in this website is general in nature and should not be considered to be fit for all circumstances. It is the reader’s responsibility to consider their particular situation, consider if information contained within this website is applicable to them, and work with a professional consultant if the reader requires additional expertise or assistance. Accomplitech LLC assumes no responsibility or liability for any errors or omissions in the content of this site. The information contained within this website is provided on an “as is” basis with no guarantees of completeness, accuracy, usefulness, timelines or longevity.
It’s a great time for password management and online account maintenance!
Protect your online accounts by using common best practices to ensure your online accounts are more secure. Common best practices include using a strong account password and leveraging ‘dual-factor authentication’ on every online account wherever DFA is available.
Why Spend the Time with Online Account Maintenance?
Your personal and business information is available online via many different accounts. Losing control of your primary email address is a form of identity theft and may result in loss of other accounts, loss of data, and perhaps loss of assets. Regaining control of a stolen account is very time consuming and not always possible.
What is Dual Factor Authentication?
After reviewing your online account passwords, it’s a great time to check if you can enable ‘Dual Factor Authentication’ for your online account. A good example of two-factor authentication is withdrawing money from an ATM; only the correct combination of a bank card (something the user possesses) and a PIN (something the user knows) allows the transaction to be carried out. This is also known as 2FA, DFA or MFA. See Google’s explanation here: https://www.google.com/landing/2step/#tab=how-it-works
How to get Started with Online Account Maintenance
- Take an inventory of your online accounts (I.e. – financial, email, social media, shopping, websites, etc).
- Rank the accounts by importance for which financial and email accounts are typically the higher priority.
- Pick an account to start with and change the password using industry standard complexity guidelines to generate your password or use a random password generator.
- While logged on to that account, check to see if Dual Factor Authentication is an available option. This is typically under the account profile or security settings. Take a quick look at Google’s page which provides a quick overview and tutorial for Google accounts: https://www.google.com/landing/2step/
- Move down the list of accounts, try not to reuse the passwords across your accounts, certainly do not use the same password for a bank account as you would for an account of lesser rank (I.e. – a social media account).
What Makes a Password Strong?
It’s simple. A secure password is long and not easy to guess; special characters and numbers are important and highly recommended. A short phrase unique to your life is far more secure than any version of P@s$W0r|D and it’ll be a lot easier to remember! Try something that is at least 12 characters long, add some numbers, lower & upper case, and include some special characters. See the following URL for some additional guidance from
Any Other Password Suggestions?
• Do not store your passwords in a file that is not password protected.
• If you must record your passwords, keep the passwords and/or recovery codes in a safe location like a lockbox or safe.
• Consider using a password manager: https://www.pcmag.com/article2/0,2817,2407168,00.asp
• Do not reuse your password for all your different accounts. Keep passwords for assets, email and social media separate.
• Use ‘throw-away’ passwords for sites that you visit infrequently; just use the password reset feature when you need access to the account.
• Always use Dual Factor Authentication (DFA) to ensure that logins to your accounts are authorized by something additional than just your password.
What Can I Do to Protect my Devices?
• PIN Protect all mobile devices; do not allow your device to be accessed by others. Think about what data or information could be viewed by others if you lost your primary device and it was not PIN protected.
• All modern computers can be ENCRYPTED to ensure that the data on the storage drive (I.e. – Hard Drive) is inaccessible by a 3rd party.
• Download less apps and software on to your devices; software provides more attack area and opens potential vulnerabilities & risks for your computer/device.
• Ensure that all recycled computer or phone hardware, especially hard drives, are shredded at a NIST compliant facility. Be wary of sending devices out for repair with business or personal data.
Is there More to Protecting my Identity?
Yes, there is much more to protecting your online accounts and your identity. However, start with the basics by changing the weakest point which is typically the account password. You should be targeting any account with a weak, reused, or stale password which has been ignored in 2018 or longer. After the weak password has been changed then visit the account options to strengthen the security by turning on ‘Dual Factor Authentication’ if available.
Freeze Your Credit with each credit bureau (Experian, Equifax, TransUnion) and unlock when you need to apply for a loan.
https://www.transunion.com/credit-freeze
https://www.experian.com/blogs/ask-experian/credit-education/preventing-fraud/security-freeze/
https://help.equifax.com/s/article/How-do-I-place-temporarily-lift-or-permanently-remove-a-security-freeze
Monitor Your Credit reports at regularly for irregularities or incorrect information. If you notice something out of the ordinary that be sure that you freeze your credit and contact the credit bureau.
Limit Social Media Sharing because sharing the wrong information on social media may put your personal information in the wrong hands. Pay attention to not only the pictures and posts you share, but also review your privacy settings at least annually.
Close Unused Accounts which you may you will never use again. If there’s a breach involving one of those entities, hackers may have access to whatever personal information is tied to that account. If possible, delete the information in the account prior to abandoning. Don’t forget to update that password!
It’s up to you to know and manage your online accounts according to your personal and business needs.
References and Additional Information:
• Google 2-Step Authentication: https://www.google.com/landing/2step/#tab=why-you-need-it
• PC Mag Password Manager Reviews: https://www.pcmag.com/article2/0,2817,2407168,00.asp
• NIST Computer Security Resource Center: https://csrc.nist.gov/projects/security-content-automation-protocol
• Wikipedia Password Strength: https://en.wikipedia.org/wiki/Password_strength
• Microsoft Office 365 Password Policy Recommendations: https://docs.microsoft.com/en-us/office365/admin/misc/password-policy-recommendations?view=o365-worldwide