Security

5 ways to better secure your bank password and account

1+

5 ways to better secure your bank password/account

Before I start on how I linked Paypal to my bank, I think saying something about security might be good. Ok, I put down 7 things for security but 5 are strictly password-related plus 2 more things you can do for good measure.

  1. Never share your bank password

No one needs your bank password to put money into your account — a password is only needed to take money out of your account. If a person or company is putting money into your account, they only need your routing number and account number. No passwords necessary.

While I have used Paypal for more than a decade, that history doesn’t matter. Paypal had a link to quicken the bank verification process by giving  my bank password — NO WAY!

People are always trying to hack big companies.  So you never give your bank password because if the company gets hacked, the hacker has your password (and everyone else’s) and there goes your money.  Never, never, never. No matter how secure a company says it is, it only means that someone has not figured a way around it …  yet.

2. Two bank accounts – one for frequently using your debit/credit card

Another security measure is that even though I don’t have much money, I have two bank accounts.  One is my main bank account with my savings and checkbook.  Another is a small bank account that I use for web purchases, my online payments and my debit/credit purchases around town. I don’t allow overdraft on this card.  Along with better security, it helps me to limit my everyday spending and save better when I have income.  I also plan to use my small bank account to deposit any money I receive online into.

I do this because if anyone hacks a company where I used my debit/credit card, the money they can take from me is limited to the smaller bank account.  And yes, I know my bank will cover me but you have to catch it and report it.  A few days delay in finding out can create a ripple effect. If money is unexpectedly going out of my account because someone stole it, I don’t want my rent or bill online payments or checks to bounce when that happens.  Too much hassle. Those bill payments are paid on the other bank.

I remember talking to a lady who used her credit card at Target and found someone had charged a hotel stay in Florida.  She was in New York at the time. She was one of many who shopped at Target in December 2013 who had their credit card number stolen out of Target’s database.

Hackers stole more than 40 million credit and debit cards numbers, plus more names and addresses. Banks nationwide sent letters asking customers to turn in their cards if they used them at Target that November/December. Target paid $29 million in lawsuits after losing more than $252 million from the fiasco.

There is even a problem with people stealing your credit card info when you swipe your card at a gas station or an ATM machine. The estimate is about $3 billion stolen nationwide through skimming. It’s safer to use a human teller to withdraw money and cash at the gas pump.

Luckily my bank for the small account does not require a minimum balance or automatic deposit. They now require automatic deposits for the free accounts but I opened it ages ago so am still grandfathered under the old rules.  When I was working, I had 80% of my paycheck automatically deposited to the main account and 20% deposited to the small one.  Most companies will allow you to split your pay that way which is helpful because most banks now require an automatic deposit to have a free checking account.

3.  Use your bank password only for your bank

Oh and since I am talking about passwords. Your bank password should only be used for your bank login — Not for Paypal, facebook, your email or anything else you have going. If you want to have the same password for different websites because you have a bad memory, that’s fine most of the time but never ever for your bank login. That password needs to be unique. And if you have two bank accounts, both should be different from each other. Treat online money services like Paypal as a bank and make the password unique. A random password generator is great for this.

4.  Don’t use a pet or name closely connected to you for a password

The unique password should not include the name of someone close to you like your husband, wife, bestfriend, kid, etc. Or your pet.

Once I bought a used computer off a guy who got it from another guy.  When I logged in, it showed the original guy’s name and asked for the password.  I never met the man. I was locked out of the computer I just bought since I didn’t have the password.  I was not computer savvy enough to know how to reset a computer to erase everything on it except the system and not need the password.

So at the library, I did a search on the guy’s name and a web page came up where he chatted about his dog.  At home, I put in the dog’s name as the password  and I was in.  I am honest, so I cleaned out all the guy’s files and pictures without looking at them.  I was happy to be able to use the computer so easily. So I repeat never use a name for a password of anything or anyone you might mention on Facebook, any social media, or to a friend (who might mention it on Twitter or other social media). Again a random sequence of letters, symbols, and numbers is best.

Also, fyi, totally clean off all your files and pictures before you give or throw away your computer including temp files, cookies and histories from the browser.  A boyfriend (at the time) gave me his old laptop and I found his old porn stash.  I mean really? So he took it back for a few days to clean things up. (I think he wanted to copy his stash!) Do you really want someone to look at your files and pics?

5.  Do not store a password online or near your computer

It is recommended not to use a name or a word but rather a random collection of letters.  I have a bad memory so that means writing it down and storing it somewhere in case I forget.  Do not store a password (or password book) near your computer. Do not store a password online.

6.  Code your password

If you are going to put the passwords near your computer or online (like in google docs), code the password — like I might have a password of “iexsk82”   and the code might be “dry scrambled ER …. ”  I = Dry reminds me of my garden’s iris  flowers always getting dried out.  E = I like scrambled eggs.  X = ER always require an x-ray.

Anyways you get the picture.  The weirder the connection the better.  If I read the code, I know which letter the word or phrase stands for but only a psychic would be able to figure it out. If you can draw your code, even better — sketching an 82-year-old old man eating scrambled eggs in the ER with dried flowers on the table.  (And no, that’s not my password for anything).

7.  Never bank on your cellphone

Never do any banking on your cellphone and that includes Paypal.  Do not download that oh-so-convenient bank app. If they get your physical cellphone, they get the app. Don’t make it easy for them to find your bank.

Also don’t put your cellphone number as your contact number for your bank. Hackers have stolen cellphone numbers while people were chatting on their cellphone (the line goes dead). Then the criminals used the cellphone to access the victim’s email and bank accounts — changing the passwords while they were at it. How do they steal the cellphone while you’re still holding it?

Criminals do it by pretending to be you, getting your birthday and other info from social media and calling your cellphone carrier. From there, they have the customer service move the “lost” cellphone’s number to another phone.  In one documented happening, one hacker called the phone company 6 times to steal a phone.  The first five refused him since he didn’t have the identity info necessary.  The sixth one moved the “lost” phone number to the requested phone and the victim lost that cell phone number.

It could be the sixth one was lax.  It could be the criminal found out what security questions were asked with each call and did quick searches to find the answers. One guy, Jered Kenna, called his cellphone company and was told he had moved his cellphone service to another company.  He was locked out of his email and his Windows account — the hackers had changed the passwords with the cellphone.  With his Windows account, they got all the information on his computer. He happened to have millions stashed in something called “bitcoin”.  They got it all.

Once they have your cellphone, criminals can change your email, bank password and whatever.  How many times have you clicked “forgot password” and the verification code was texted to your phone? What if someone else had your number moved to their phone?

When they have your email they can access the other services that send an email with the verification code to make changes.  So if that criminal has both, you are dead in the water. Once they change your bank accounts’ password, they can transfer money out of your bank to wherever they please. And if they change the password, you can’t access your account online. Think about that.

Take your cellphone out of your bank account settings so that the cellphone can not be used to verify you.  Also your email address for your bank should not be email you can access on your phone.  Use a different email account. If you’re using a gmail or yahoo email that links you across websites like Facebook, YouTube, Flickr, etc., put a different email on your bank account that is not linked across sites or socially.

What you are doing is separating your bank account from your cellphone, the email accessed on the cellphone and your linked email.  Basically you want your bank account to be an island, not connected to your cellphone or social network. You might open an email account (that doesn’t require a phone number) that you use only for banks. You can have gmail for your social network and a different gmail for your “island” email — just never link the two. I’d even open your “public” vs “island” email in different browsers like Firefox and Explorer as I expect your pubic one is set to automatic password. Your “island” email should have manual login, not automatic or saved.

On this special email account and for your bank account, on the security questions, lie like a dog (not the same lies, of course) — write down your lies in code if you need to remember them. For example, if you went to Palo Verde High School, type “St. Thomas High School”.  If your mother’s maiden name was Smith, put down “Glasgow”. If you lie, they can’t find the answer on social media or online records.

Do not use this “island” email address to email anyone or to sign up for anything else. For example, you sign up for a Sears credit card.  Don’t use your “island” email to sign up.  If Sears gets hacked, the thieves get your public email. The public email is not linked to your bank account (which was also conveniently on the credit application so the thieves have that info already). The thief clicks “forgot password” and the password is sent to the “island” email account which is not on the credit application. They watch the “public” email for a verification code that never arrives. This is why separation is helpful.

Put the “island” email password and the security question “lies” in code in a secure place as backup against forgetfulness.  Is this going to make you 100% safe? Nope.  Nothing is 100% safe.  Makes it harder, though, so hopefully they will move on.

So Never, never, never

  • Never give your bank password to anyone
  • Never make a password to anything important using the name of something or someone close to you
  • Never use your bank password as a password for anything else
  • Never store your passwords online or near your computer (unless they are creatively coded and even then I wouldn’t do it.  Well maybe if I sketched a picture of my code — my drawings are soooo bad, a hacker would have a hard time even figuring out what I drew which is a good thing. Stick figures R Us.)
  • Never bank on your cellphone to your bank, Paypal or any money services. Don’t use the same email address for your bank that you can access on your cellphone.

And no I don’t have money.  I am just paranoid (I love the movie Conspiracy Theory).  I don’t like people stealing my pennies.  There are hackers who do that — steal pennies out of millions of accounts figuring people won’t notice or report it.  That little 7cents missing from your checking account might not be your mistake.  Might be a hacker stealing from the bank — 7cents across millions of accounts adds up.  I want to keep my pennies and my dollars, thank you very much. I am assuming you do too.

 

References:

The Target Credit Card Breach: What You Should Know
by Jared Newman, Time Magazine, December 19, 2013

Target will pay hack victims $10 million
by Charles Riley and Jose Pagliery, CNNMoney

Target paying $19 million over credit card breach
by Ben Geier, Fortune Magazine, April 16, 2015

Hackers Have Stolen Millions Of Dollars In Bitcoin — Using Only Phone Numbers
by Laura Shin, Fortune Magazine, December 20, 2016
about 1/3 of the way down, tells how hackers stole access to his account by stealing his cellphone number without stealing the phone (right under the brown hooded picture and the heading “The Phone As Your Identity“)

Gas Pumps Targeted in Latest Card Skimming Scam
by Keith, Scambusters.org

Leave a Reply

Follow

Get the latest posts delivered to your mailbox:

%d bloggers like this: