We hear about it all too often — another data breach at another major bank or retailer. It’s gotten so bad that Americans say they are more worried about identity theft than terrorism. There’s not much you can do to thwart hackers trying to steal data from your bank or favorite store. But you can help safeguard your identity by taking this simple fraud deterrence measure: secure your passwords.
“We all should know by now that having secure passwords is one of the most effective ways to protect your information and your identity,” said David Anderson, principal of David Anderson & Associates, a Philadelphia forensic accounting firm that provides a full range of fraud investigation and fraud deterrence programs in the Delaware Valley. “Yet the most common passwords people use are still ‘password,’ ‘123456’ and, courtesy of the Jackson Five, ‘abc123.’ These people are incredibly vulnerable to identity theft.”
Anderson, a Certified Fraud Examiner, said another common problem is that people use same password for everything – their home and work computers, personal and business emails, bank accounts, online purchases, etc. As a result, if just one password is stolen, the hacker can access all their accounts.
At the other end of the password security spectrum, he said, some companies and individuals create very complex and hard-to-guess passwords (for example, a$4QX3d%bGh87i9M).
“These passwords are obviously difficult to remember, especially if there is a requirement that they be changed every 60 to 120 days,” Anderson said. “So what do people do? They write the password on a piece of paper and attach it to their monitor or desk where everyone can see it.”
What can you do to make sure your passwords are secure? Anderson, who recommends that every organization enact a comprehensive fraud deterrence program created by an experienced firm that provides forensic accounting services in Philadelphia and the Delaware Valley, suggests the following fraud deterrence measures to help protect your identity.
- Don’t use easily identifiable passwords such as those above, your birthday, your anniversary, your spouse’s name, etc. And don’t use the same password for everything.
- Make sure that your passwords are at least 8 characters long (unless the system requires fewer).
- Include a mixture of capital and lowercase letters, numbers, and special symbols ($, %, &, etc., if permitted).
- Try to have some level of familiarity with the basis for each password so that it’s not too difficult to remember. For example, you could take the city of your birth (say, Chicago) and the year you started your business (say, 2007) to come up with the following password:
Oga20Cih07C
This looks complicated, but it’s actually not. It’s Chicago spelled backwards in a group of three letters with the first letter capitalized, then the first two digits of the year, then repeat the pattern. After using this password a few times, it is easily memorized.
- For systems that require four-digit pins, select a four-letter word that you will remember and convert it to numbers using the telephone keypad. For example, you might use your father-in-law’s first name (Alex) to come up with 2539, or if you hail from Utah, you might want to use 8824. As long as you don’t use birthdays, anniversaries, street numbers or the last four digits of your phone number, it would be hard for someone to guess these converted numbers.
- Consider using a password manager. Your antivirus software may already contain a password manager, or there are a number of online password managers. You create a single strong password to log into the password manager, and it stores all of your other passwords. As a result, you need to memorize only one strong password.
- Keep the written record of your password in a secure location. Don’t tape your password to your computer or your desk. And never share your passwords with other people.
Anderson recalled one fraud investigation he conducted that traced a data breach back to a busy company president who gave his email password to his executive assistant so that she could screen his email. When she was out sick, the company hired a temporary employee to take her place and gave her the password. The temporary employee shared the password and login information with her boyfriend, who stole confidential company information directly from the president’s emails.
If you aren’t sure that your passwords are strong enough to protect you and your company or if you aren’t confident that your employees are using secure passwords and keeping them in a safe place, it’s time to contact a Certified Fraud Examiner from an experienced firm that provides forensic accounting services in Philadelphia and the Delaware Valley to conduct a computer security analysis and recommend a comprehensive fraud deterrence program
If you require the services of a Certified Fraud Examiner or any other forensic accounting services in Philadelphia and the Delaware Valley, please contact the Philadelphia forensic accounting firm of David Anderson & Associates by calling David Anderson at 267-207-3597 or emailing him at david@davidandersonassociates.com.
About David Anderson & Associates
David Anderson & Associates is a Philadelphia forensic accounting firm that provides a full range of forensic accounting services in Philadelphia and the Delaware Valley. The experienced professionals at David Anderson & Associates provide forensic accounting, business valuation, fraud investigation, fraud deterrence, litigation support, economic damage analysis, business consulting and outsourced CFO services. Company principal David Anderson has more than 30 years of experience in financial and operational leadership positions and is a Certified Public Accountant, a Certified Fraud Examiner and a Certified Valuation Analyst.