Stronger online security for normal people

It seems we hear stories every week about more data theft. As you can imagine we get asked just about every day, "What can I do about it?" I can tell you what we do about it and what bad habits you can break painlessly.

First off, you hear people talk about using a different password on every site. We are realistic enough to know that isn't practical. While there are apps like 1Password that will generate really strong passwords, which seems great, they are still putting all your passwords in one place with a single password protecting it. Sure it's on my phone and needs my fingerprint but last time I looked, my phone was covered with my fingerprints.

A better solution is something strong, easy to remember and can be changed while keeping the core easy to remember. Use the seed method.

You start with a seed and grow. In this example I will use "gecko". Most systems require 8 characters so I would pad it out with the year of the first car I ever owned, 1972. So our base password is "gecko1972", pretty standard stuff.

We change the base to match what the website requires. Some require capitals, some symbols, etc. From that we get a quick list of passwords to use that are slightly different, but easy to remember and not easy to guess.

gecko1972

gEcko1972

g3cko1972

g2cko!97@

etc...

For super secure things like your bank account, I'd use the same technique but a different password. If you want to add a level on top of that, add more characters to the end of your new password just for that website. However, pick the characters as something you can easily remember or find out. Like the website's zip code, street name, phone number or something else you could get from their front page. At this point your password has taken on the life of a formula that only you know. Suddenly your 5 character password can blossom to 20 characters and still be easy to remember. Using this method, even if your password is stolen, your other accounts are still secured. I use two password seeds. One if it a shopping site, the other if it is email or anything not connected to money.

The other concern, is protecting your money and personal information. We always build sites that do not store entire credit card numbers, transmit the numbers or reveal more than the last 4 digits of the number. If the numbers are in the systems, then nothing of value is on the servers. There are a lot of other rules we have to protect a customers personal information, but that is another more boring article. We can't tell you much about protecting your personal info that you don't already know but, there are ways to better protect your money.

So how do you protect your debit or credit card? Sure you can stop using your card online but, you still love the convenience of shopping online. Now obviously you can use PayPal to pay for purchases and it works great, however you still have to give PayPal your bank or card information. We suggest using reloadable credit cards. Yes, you will still expose your card to a web site, but it is just to one place that is meeting some pretty high standards. Visa.com has an area to get you started http://usa.visa.com/personal/personal-cards/prepaid-cards/index.jsp. By using prepaid cards you can put a wall between your online purchases and your bank accounts.

Some of these cards can be refilled with cash or check at an ATM, so you can have complete disconnection from your regular bank account.

In a worst case scenario you're only out the lost/stolen card fee and the time it takes you to get a new prepaid card. To be even more secure, use the card in your PayPal account. Then you have set up some serious protection for your money.

Follow these tips and it will help make the next story about a major data breach move from a tragedy to trivia.