New Year’s resolutions are probably a tired cliché at this point. A lot of people resolve to join a gym or give up smoking (or both), but—in addition to all the things that can improve your physical health—we’d like to spotlight something the IRS says could help your digital health: start using secure passwords.
Now, we’re not saying that you, dear reader, are someone who has been protecting their online accounts with “Password” or “1234,” but the IRS published a series of password tips that could help you better secure your digital life.
Why should I improve my passwords?
Entertainment platforms are usually the first things that come to mind when people start thinking about their online accounts: Netflix, Hulu, Steam, and PSN, to name a few.
While you might not care if someone uses your Netflix account to watch a few movies, consider what else they get access to when they gain access. After all, many entertainment accounts store payment information.
Even if the associated payment card is obscured, the last three or four numbers might still be visible. They may also be able to see all or part of your full name, home address, email address, and any other personally identifiable information (PII) associated with the account.
In short, online accounts are a gold mine for identity thieves.
Making matters even worse, if you use the same password for all of your accounts, identity thieves can try to get information from other platforms that might not hide PII behind asterisks. Identity thieves work hard to build a profile of their targets (you, in this case) that’s accurate enough to convince financial services that “you”—not some bottom-feeding cybercriminal—are actually applying for a bank loan or credit card. (We haven’t even touched on the horror of using stolen information to directly log in to your online bank account. That’s a thing, and it should scare you.)
What can I do to improve my passwords?
It goes without saying that you shouldn’t make “Password” or “1234” your password. That means we should jump straight into the advice provided by the IRS.
We touched on it in the previous section, and the IRS agrees that one of the first things you need to do to secure your data is use a unique password and username for every online account. If you have the same login information for all of your accounts, an identity thief only needs to breach one account to access the rest.
Before we more on to the next point, defaults like “username” and “admin” aren’t appropriate usernames—ever. As for actually improving the passwords you choose, that advice has shifted a bit from what security specialists were recommending a few years ago.
Rather than using a random collection of letters (both upper- and lower-case), numbers, and punctuation that can be difficult to remember, the IRS now says you should choose a passphrase that’s at least eight characters long.
A passphrase is a password comprised of a series of words that you can easily remember but are hard to guess. That last bit—“hard to guess”—is why you should never choose a famous quote, favorite movie title, or common phrase (“GoClemson!”).
Remember, social media is filled user information about users’ favorite sports teams, video games, movies, and books, and identity thieves are more than happy to use that information to try to break into your accounts.
Related to the advice about not using the same password for all online accounts, the IRS says that you should never reuse passwords. What they mean is that handy little trick where you simply add or change the number on the end of a favorite password when you’re prompted to update—going from “MyFavoritePassword1” to “MyFavoritePassword2” isn’t a good idea.
The IRS also says you should not use your email account as a username when you can avoid it. If they already have the email associated with the account and it is your username, that’s one less hurdle identity thieves have to jump to get their hands on your PII.
Finally, if you’re going to record and store your passwords, you need to make sure you put them somewhere that other people cannot access them. They recommend traditional options, like locked cabinets or safety deposit boxes, as well as password manager software.
Password managers can offer a pretty wide range of options, depending on the one you choose. The common thread is that they securely store your passwords. Some applications will let users autofill passwords into online account login fields. Another common feature will automatically generate account passwords, saving you from having to do the hard work of coming up with something that’s considered secure.
Before choosing a password manager (or any security software, really), be sure to research all the available options and pick the one that best suits your office.
To read more about improving your passwords, check out the IRS press release on the topic listed at the bottom of the page.
Happy New Year!
Source: Tax Tip 2019-172