Elliott Greenblott: Fraud Watch: Focusing on cyber security

Posted
Whether on a computer, tablet or smartphone, 2018 cyber fraud will continue to be the leader in terms of the volume of frauds attempted! The convenience and need of being a "more connected" carries as many dangers as it does benefits to society. This multi-part series begins with safety steps and concludes by identifying a number of specific scam activities and how to guard against them.

The most important piece of online protection involves passwords. Whether you check financial statements, shop, or access social media online, passwords have become a necessity as well as a source of irritation to most users. Some have chosen to solve this problem through simplicity -the same password for everything or passwords that are easy to remember (the most frequently used password is "PASSWORD").

So, what rules should apply? Unique passwords for each account. Using the same password everywhere means that a single password theft allows access to your entire cyber life. While some websites have their own rules for passwords, the best passwords are 8-15 characters long and use a mix or upper and lower case letters, numbers, and symbols. For example - 9Axy$496.

Another approach is commonly called character replacement - begin with a word, combination, or phrase such as "baseball game" and convert it to a series of letters, numbers and symbols - B@536a11_G@m3. Of course, the fewer the number of accounts, the easier to remember.

What can you do if you have a mind as porous as mine, or you have 40 accounts? Two possible solutions: a record book or a password manager. (There is a third, less attractive option. Practically all web sites have a "back door" to accounts. For passwords the back door is resetting the password online or by a telephone call. This approach works, but is a major pain if you have more than one device and need to enter the new password on all of them.)

The record book is simple, inexpensive, and low-tech. Purchase a pocket address book (there actually are ones for password management) and write down all of your passwords. While needed, have the book at the computer. Otherwise, store it in a safe, hidden space. This solution works best if your online access is confined to a single computer. If you use multiple devices, as I do, there are complications, biggest of which involves travel. You would need to carry the "address book" and be faced with possibly losing it.

The second solution is the use of a password manager. Managers are usually cloud-based storage systems that allow you to access your data from each of your devices. One such application, iCloud Keychain, is familiar to many Apple device users. This is a free Apple device feature where passwords are stored and access made available by user ID and system password. It is effective but relies on the vulnerability of the general user account for devices.

A preferred solution is commercial password management software. Numerous computer security services offer controlled access to your list of passwords. The process has you purchase the software, create a single encrypted confidential password, enter account information with the password in a file, and lock the file. This approach is extremely safe and the data can be accessed only by you from multiple devices.

But there are two negatives.

The lesser negative concerns password loss. Most commercial services do not maintain a copy of the master password to your account. If lost, the only option may be to delete the account data and reenter everything.

The second possible negative is cost. These are services with fees typically from $20 to $50 per month. The cost of the service varies according to the features of the service. Before purchasing a manager, check out the ratings. Many reliable resources provide reviews; my feeling is that the best ratings come from neutral or highly reputable reviewers such as Consumer Reports, Consumers Advocate, CNet, and PC Magazine. You can "Google" password management ratings for a list of reviewers.

Now that you have secured your browsing with a safe password for your online accounts, devices and home network, we'll move on to safe computing practices next time. Questions? Contact egreenblott@aarp.org.

Elliott Greenblott is a retired educator serving as the Vermont AARP Fraud Watch Network Coordinator.

TALK TO US

If you'd like to leave a comment (or a tip or a question) about this story with the editors, please email us. We also welcome letters to the editor for publication; you can do that by filling out our letters form and submitting it to the newsroom.



Powered by Creative Circle Media Solutions