Managing your passwords to your online accounts
How can you keep your personal and financial information safe?
As we go online more often to do banking or shopping, we are at risk from cyber threats in the form of online scams and data theft. How can we keep our personal and financial information safe?
First, it is important that your passwords for your online accounts are strong. If they are easy passwords, the cyber-criminals can crack them in seconds. They may then use your accounts and pretend to be you so they can scam your family and friends. In other words, you wouldn’t use a weak door lock to keep your home safe so why would you use weak passwords for your online accounts?
So how can you create strong passwords that can be easily remembered?
- Remember to avoid information that cyber-criminals can easily obtain, guess or may already know such as your child’s name or your birthday. Have at least 12 characters and make sure your passwords are unique to you. You can use words that relate to a memory to you to form a phrase with five or more words – such as Ihadkayatoastateightam.
- Besides avoiding personal information like your name and NRIC, avoid common phrases such as maytheforcebewithyou or obvious patterns – capitalising first letter like Limfamily123.
- To make your password stronger, add uppercase and lowercase letters, numbers, and throw in a symbol or two. So for the above password, it could then be – IhadKAYAtoastATeightAM.
Second layer of protection
Next, protect your account further by adding another layer of security such as Two-Factor Authentication (2FA). With 2FA, there are two types of information required which helps to verify your identity. The first factor is your strong password and the second factor is a one-time password (OTP) you get through SMS or a physical token. It can also be biometric authentication such as a fingerprint, face and eyes to verify one’s identity. Besides using passwords, some smartphones/apps allow the use of biometrics to log in.
With 2FA, even if a cyber-criminal manages to crack your password, he still won’t be able to access your account as he won’t have your second factor. Besides Internet banking, 2FA is readily available for many of your online accounts including e-mail and social media. You can also have 2FA for your Whatsapp. Below are some links on how to set up 2FA to your accounts:
• WhatsApp – https://faq.whatsapp.com/general/verification/about-two-step-verification/?lang=fb
• Facebook – https://www.facebook.com/help/148233965247823
• Gmail – https://www.google.com/landing/2step/
• Yahoo mail – https://help.yahoo.com/kb/SLN5013.html
• Microsoft – https://support.microsoft.com/en-us/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4
So what else can you do to protect your online accounts?
- Use different passwords for each of your online accounts – if the password for one of your accounts gets compromised, the other accounts will remain unaffected.
- Don’t write your passwords down and leave it out where anyone can see it – if you find it difficult to create strong passwords and remembering all of them, an alternative would be to use a password manager with 2FA support. A password manager stores your login details and helps you fill in automatically without having to remember the passwords. You will only need to remember the master password. Some common password managers are Dashlane, LastPass, Keeper, 1Password and Roboform.
- Don’t share passwords and OTP with anyone including family and friends who asks for it as it could be a scam. Call the requestor directly to check. Set up bank transaction notification alerts so that you will be notified of any activity on your accounts.
If you want to check if your password is strong enough, you can test it at go.gov.sg/csa-password-checker. However, do not input your actual password.
If your account has been hacked, here are some tips on what you can do:
- If you still have access to your accounts, do log out of this account from all devices connected to this account.
- Change your password immediately and enable 2FA if available.
- If you do not have access to your account, do contact the platform such as the bank or social media platform to report the issue and request assistance to retrieve your account.
- Report any fraudulent credit/debit charges to your bank and cancel your card immediately. If monetary loss is involved, make a police report at the nearest Neighbourhood Police Centre or Neighbourhood Police Post or online at https://eservices.police.gov.sg.
- Should your account be compromised, your impersonator could reach out to your contacts. Do warn your family and friends to ignore any request and not to share their personal details.
Other important cyber tips:
- Always remember to log out of your accounts and clear the cache after every use on any public/shared computer to prevent usage by others using the same computer.
- Watch out for phishing by learning to spot the signs. For example, promises of attractive rewards, request for confidential information, use of urgent language, etc.
- Stay alert to online scams by learning about the different scams and tactics used by scammers.
** The information above was collated from a YouTube video called “How to create strong passwords and enable 2FA”, posted by the Cyber Security Agency of Singapore (CSA) and a recent talk by People’s Association on “Managing multiple passwords with ease and learn other ways to secure your account” by Sherwyn Koh, manager, International Cyber Policy Office, CSA.
(** PHOTO CREDIT: Unsplash/Fabian Irsara)