Advertiser Disclosure: Many of the savings offers appearing on this site are from advertisers from which this website receives compensation for being listed here. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). These offers do not represent all deposit accounts available.

Today, scandalous celebrity photos. Tomorrow, your financial records?

By Justin Boyle

Today, scandalous celebrity photos. Tomorrow, your financial records?

Can you believe it? If Jennifer Lawrence, Rhianna and other A-listers are vulnerable to major thefts of information like the high-profile leak perpetrated in August, wouldn't it be just as easy to swipe personal data from all of us regular people?

For anyone who uses online savings accounts or personal finance apps, the news that's come out since the attack has a twofold upshot: The bad news is that your data might be insecure, but the good news is that you can take steps to guard your account info against would-be attackers.

How it happens

Authorities initially pointed to Apple's cloud hosting service, iCloud, as the source of the vulnerability, but those accusations have since been dismissed as simplistic. Apple, for one, has avowed that none of the cases of data breach they'd seen were the result of iCloud being compromised.

Apple spokespeople report that the victims' accounts were most likely accessed using their actual usernames and passwords, rather than through a "back door" into the iCloud backup server. If that's the case, then the stolen data was mainly vulnerable because of poor security on the user side.

In other words, you can likely protect yourself better than the victims here. Here's how to do it.

Stand up to to brute force

The phrase "brute force" has been a part of IT parlance for nearly as long as computer security has existed. Brute force describes the systematic guessing of character strings -- combinations of letters, numbers and other characters -- at a rate of millions of attempts per second, which computer scripts can be designed to perform without much trouble.

It's fairly common knowledge that you don't use obvious personal information as the password for anything you actually want secured. Brute force tools are getting more sophisticated though, and some can run through the whole dictionary in a matter of seconds, so using any recognizable word at all is also inadvisable.

A friend of mine working as an IT security consultant in the Bay Area recommends drawing shapes on the keyboard -- the inscrutable "ZSE$rfvgy7" is what you get when you draw an italic letter N on a U.S. keyboard, starting at the z-key and holding shift for the first four characters (see image at right). Simple shapes are hard to forget, and their resulting strings are highly resistant to brute force attacks.

Don't get phished

In 2013, threat detection and data security firm Webroot discovered a website that operated as a black market outlet for stolen PayPal accounts. Perhaps the most common way for hackers to compromise the security of your PayPal account is with an old-school data theft technique called phishing.

Phishing typically starts with an email alerting you to some emergency circumstance with one of your accounts. The message usually directs you to a false log-in page or other entry form that promises to correct the emergency if you enter your username and password. You should, naturally, not do this.

Here are a few telltale signs that you're being phished:

  • Uneven spacing or poor email formatting
  • Suspicious sender addresses, e.g. "paypal@no-spam.com" or "accounts@paiypal.com"
  • Threats of account suspension or termination
  • Odd greetings such as "Dear Sir" or "Dear Customer"

Some phishing attempts can be fairly deft forgeries, but you should be able to avoid them if you're vigilant. Taking the precaution of visiting the standard PayPal site before following any instructions in an urgent email ought to clear up any confusion.

Do the two-step

One security measure, two-factor authentication (TFA), could make security breaches of individual devices and accounts much more difficult to accomplish. Apple reports that its two-step verification process -- a cousin of TFA -- might have prevented every one of the data breaches that afflicted 2014's celebrity victims.

Your debit card and PIN are an easy example of TFA. The two factors, one you know and one you physically possess, are both required for access to your account. Two-step verification is similar, in that a randomly generated secret code sent to your mobile device must be submitted along with your password.

A handful of financial institutions have rolled out two-step or two-factor authentication methods for online customers, but don't worry too much if yours hasn't yet. In the meantime, strengthening your passwords and keeping an eye out for phishers in your inbox can go a long way toward keeping your financial information out of any hands but your own.

Keyboard image source: http://www.pd4pic.com/computer-keyboard-home-computer-hardware.html

Disclaimer: Discover is a paid advertiser of this site.
Reasonable efforts are made to maintain accurate information. See the Discover online credit card application for full terms and conditions on offers and rewards.

Feed for this Entry

Leave a Reply

If you liked this site, please Add To Bookmark and/or Subscribe To A FeedReader

Search this site