Here at U S Federal Credit Union we care about our member’s safety and security not only in our branches but also on the web! We will be regularly updating this Security Center with the latest information on identity theft, online security, and the latest scams to be aware of. We will also be posting information regarding your accounts, such as passcode updates and new policies.
Use Passphrases for Safer Logins
Cybercriminals continue to get more sophisticated in their attacks, using increasingly advanced technologies such as bot nets, automation, and even artificial intelligence (AI) to assist in making their attacks more effective. Gone are the days where it was considered secure to use a six- or eight-character password to keep your personal information safe and unfortunately today’s Internet-connected world requires stronger password protection than ever. While cybersecurity standards are continuing to evolve, one thing has continued to remain constant: the longer and more complex a password is, the more time that is required to crack the password. While many people believe that creating a long and complex password is too difficult and time consuming, the reality is there are very simple tricks that can actually change the amount of time that it takes to crack a password from mere seconds, to thousands of years. In this article, we are going to cover some of the simple tricks you can use help you achieve better password practices to help keep you safe in the continually evolving cyber world.
PASSWORDS VS PASSPHRASES
While passwords are typically a short set of letters and numbers, a passphrase is much longer (at least 12 characters long) and comprised of a mix of upper and lowercase letters, numbers, and special characters. While this may sound intimidating, a simple way to create a passphrase would be to put random words together (can be a book quote, song lyrics, movie line, etc.) then add in different letter cases, and change out some letters with special characters.
For example, let’s say your favorite movie is Star Wars and you’re your favorite Star Wars character is Darth Vader. You can take one of Vader’s famous quotes “No, I am your father” and change it up by changing casing and replacing letters with numbers and symbols and end up with: n0,iAmY0urF4th3r!
While this approach can be used with anything you like, don’t use something that you have a strong love for and others know you do. So, if you run a Darth Vader fan page, using the password above for your fan page would be a bad idea.
DIFFERENT PASSPHRASES FOR DIFFERENT LOGINS
Did you know that in a study conducted in 2021, 70% of people admitted to using the same password for more than one account? While you may feel that using a unique passphrase for each account is too difficult or isn’t really necessary, after all I came up with a tough passphrase so I’m good, right? WRONG. Using unique passphrases are just as important as using strong ones. As an example, say your email account was breached by a cybercriminal. The cybercriminal logs into your email and sees you have emailed receipts from stores you’ve shopped at; you have emails from banks you bank with, etc., the cybercriminal now knows where else you have online accounts. If you’re using the same password for everything, the cybercriminal can now take the information they learned from your emails and your passphrase they already know, and breach other accounts you have.
CHECKLIST FOR MORE SECURE PASSPHRASES
While creating a passphrase ask yourself:
- Is it at least 12 characters?
- Does it avoid using dictionary words?
- Does it have a mix of upper- and lower-case letters, numbers, and symbols?
- Does it avoid using personal identifying information?
- Is this password unique where I am not using it anywhere else?
- Would anyone who knows me not be able to guess it?
While this list is not all-encompassing, being able to say yes to all of these is a great step in the right direction to protecting yourself online.
In summary, cybercriminals are continuing to enhance their attacks every day and it’s important that we all enhance our defenses against them. Strengthening our logins and all the valuable information they contain is the first step in thwarting cybercriminals. Hopefully this article has shed a bit of light on the importance of maintaining strong and unique passphrases and has helped show how a few simple tricks can make a large difference in maintaining control of your online accounts and most importantly, preventing someone else from obtaining your valuable information.
Beware of Scams!
Did you know that in 2021 alone, 2.8 million consumers lost an estimated $5.8 billion to fraud? That’s the highest ever recorded going all the way back to 2001! Fraud and scams have been around forever, but with how connected we all are in the modern age, it’s been getting consistently worse. While we can’t provide an all-encompassing list of what to do and what not to do to protect yourself, below are two common scams we’ve seen an increase in. By recognizing these and keeping them in mind, hopefully it will help protect you from being a part of the increasing statistic.
- If you receive a call from someone claiming to be us and they are asking for things such as your username, password, debit card number, bank account number, etc. Just hang up, DO NOT give them any information, even if the number they are calling from is one of ours! It’s very easy for fraudsters to spoof a call and make it appear like they are calling you from the correct phone number when in reality you’re being called from a fake number. If you are ever in doubt, hang up and call us directly at 219-769-1700. If you have fallen victim to this scam and have given your information out before realizing it’s a scam, hang up and contact us immediately. The faster you contact us, the higher the chance we can help prevent the scammers from taking your money, and the higher the chance we have of recovering any money they might have already taken from you.
- If you are online and you see a pop up claiming your computer has a virus and to click to fix or to call a phone number to get it fixed, ignore it or close your browser. Alternatively, if you receive a phone call from “Microsoft” claiming your computer has a virus, HANG UP. These are very common scams we’ve seen an uptick in members falling victim to. What happens when you click/call the “tech” in the pop-up window, or if you follow the steps of the “Microsoft rep” that called you, they will take remote control of your computer, take a copy of all the data on it (which can include your username and password for your online banking, email, and any other personal information you have on the computer) and in some instances they will encrypt all the data on your computer, completely locking you out of it. The fraudsters will then use the data they stole to break into your online banking or in some instances, steal your identity. If you ever receive a notice claiming your computer has a virus and you are in doubt, contact a licensed IT professional and get your computer professionally looked at. NEVER follow the steps presented online or from anyone that calls you.