Equifax Hack Proves Strong Passwords Aren’t Enough
Plain and simple: The days of a single “strong” password being enough security to access and manipulate your bank and brokerage account(s) are over. You need something you know, and something you have to properly protect your most valuable data: Your money.
We recently discovered a cybersecurity incident involving consumer information. Once discovered, we acted immediately to stop the intrusion.— Equifax Inc. (@Equifax) September 7, 2017
Today’s Equifax hack (referenced in the above Tweet) supposedly exposed credit histories of up to 143 million Americans (with a 50 percent chance that you are going to be affected). According to the New York Times, if you have a credit report, you may be affected. Well, that covers all the adults I know.
I would say one of the most important things you could do in the next 15 minutes is to add two-factor authentication to all your banking and brokerage accounts.
Your actual passwords are encrypted, but that’s not what’s dangerous here. It’s your social security numbers, drivers license numbers, and previous addresses that can be used to RESET your password that makes this an urgent issue. It’s the best way we, as consumers and users of the credit system, can protect ourselves from these kinds of security breaches.
Here’s what to do to increase your protection from today’s (and future) online account identity theft and fraud, in three quick steps:
1. Call your brokerage firm: and ask them to “Enable 2 Factor Authentication” for all your accounts. Make sure to ask if there are other ways to access your account that doesn’t need the two-factor method, such as automated phone systems, and consider disabling access to your accounts there unless they upgrade those systems to offer two factor as well.
2. Download: a two-factor app that your firm will name. Typical examples of these apps are Symantec VIP, or Authy. After you launch and install the app, they will ask you for a token code displayed on the screen.
(If your bank or brokerage doesn’t offer this service, consider moving to a firm that does, like Fidelity Investments, or Charles Schwab. It’s not worth brand loyalty to not have proper security. At least tell them that you are leaving unless they do. If enough customers do that, they will add it.)
3. Log In: you will be required to open the mobile app and enter a dynamic code that appears.
If you dont have a smartphone, or, you just want access to this code without needing your phone, you can usually order a credit card sized token card that will do the same thing as the app. This is what I do, as I like having this in my wallet in case my phone is dead, or left at home. For example, Symantec VIP offers one for $35 on Amazon.
Don’t worry, if you misplace your phone or your card, you will re-authenticate and repeat the process above through an extensive list of personal questions that hopefully would outreach the data that has been reported stolen.
Good luck, and here’s to securing that hard earned savings or retirement account from those who would wish to wire it out of your account without your blessing.
Disclaimer: Let it be known, I am not a financial advisor and am necessarily not authorized to recommend how you should manage your financial accounts, or their general security. But, if you check with your trusted advisors and they recommend against doing this, I recommend against them, which I’m quite sure I’m allowed to do. :-)