It goes without saying, but once your standard username (often your email address) and commonly-used password(s) have been hacked, the security with which you can operate online is diminished significantly.
For further evidence, just check out the numbers – in 2021 alone, fraud report shows nearly 450,000 individual cases which were reported to the authorities in the UK… resulting in a staggering £2.4 billion being stolen. These numbers aren’t republished here to scare you, but just to serve as a reminder not to get complacent about your login credentials.
Despite the Business Secretary saying online fraud "isn't an everyday worry", I know we've seen a rise in people affected by scams during the pandemic, with vulnerable people being targeted.
If you need help with online fraud, contact Citizens Advice: https://t.co/aeochztEV4
— Taiwo Owatemi MP (@TaiwoOwatemi) February 10, 2022
The good news is that there are a number of different ways in which you can bolster your security online, and these are neither invasive nor time-consuming to set up – more on those later in this article. But first, here’s a quick reminder of how to improve your password strength so that it becomes so much harder to hack.
Password Security – Think Outside the Box
One of the difficulties of coming up with a password for our various logins is that it is human nature to pick something that is personal and is easily recalled when needed.
So, we come up with things like pet names, dates of birth, and favourite holiday destinations. The issue with that is that hackers thrive on logic and order – they use brute force attacks, courtesy of sophisticated, high-frequency software, that can enter millions of password guesses in a short space of time. If your common phrase is on the list, you may find yourself in hot water at some point.
As such, there are two golden rules to implement as you think up a new password – randomness and complexity. By picking random sequences of letters and numbers, you make it so much more difficult for a hacker to ‘guess’ your password – and you can easily save this in your keychain to prevent you from having to remember it, and type it, over and over again.
Most sites now require you to up the complexity of your passwords anyway – think about those that ask you for an upper-case letter, special character, and at least one number. Again, this is to basically dazzle the software used by fraudsters.
Some online brands now allow you to create a passcode to sit alongside your standard username and password credentials, and that’s another weapon in your armoury that comes highly recommended.
Barclays Bank is just one of a number of financial institutions that let you protect your online banking with a passcode. This 5-digit code can be anything that is unique to you – but remember that a code being memorable is bad, so 12345 is not recommended! You can use the randomly generated passcode that Barclays or your own bank send you.
A number of online retailers are also starting to introduce passcodes as part of their login infrastructure, and Amazon has even gone the extra mile – for some deliveries, they will send a passcode via email or text message, and you will have to recite this to the delivery driver before they hand over your parcel.
Because people leave money sitting in their accounts, betting accounts can also be a target. Happily, the best betting websites, such as bet365 and 888sport, allow you to use a passcode to double up on the security afforded by your username and password. They also only allow you to make a deposit or withdrawal using the most trusted payment merchants too, be it Visa, Mastercard, PayPal and so on. This demonstrates the fact that high security has become an industry-wide expectation.
The next tier of online security has an interesting premise – they make it incredibly difficult for your account to be hacked even after your username and password have been compromised.
Online payment fraud will exceed $206 billion cumulatively between 2021-2025. Fraudster DNA is evolving: our CEO @MTuchen explains how via @ForbesTech #AML #kyc #Identitytheft #Fraudprevention #Identityverification https://t.co/lRnkpq46Sh
— Onfido (@Onfido) April 20, 2022
That’s what Two-Factor Authentication (2FA) achieves because it requires a second stage of security to be satisfied. Usually, you will be sent a random string of code by email or text message, and this acts as the second ‘factor’ in your login attempt. There are even apps dedicated to 2FA – these give you passcodes that are reset every 60 seconds or so, ensuring a unique login every time.
So, a fraudster would also need to have access to your mobile device or have hacked your emails to get the code, which is much more unlikely.
The takeaway message is to simply not get blasé about your online security – that’s exactly what hackers want. Instead, make sure you add randomness and complexity to your passwords, and implement a passcode or 2FA where possible.