Having secure passwords could help eliminate enormous risks for Los Angeles investment advisors. If a password is not secure, a single flimsy word or phrase is all that stands between a hacker and your client’s data.
Secure passwords are complex. You may even have minor difficulty remembering them at first. That will make them a lot harder for hackers to crack using password-generating programs.
Overall, passwords are an essential part of our life. We use them to access email accounts, banking information, social networking sites, and the files we need to do our work.
Because keeping track of multiple logins can be difficult, many people use the same two or three passwords. These logins also happen to be notoriously easy to guess: names, dates of birth, mother’s maiden name, and other predictable details.
What Passwords Should NEVER Include
Your password should never include or consist of the following:
- The actual word “password”
- Sequential numbers or letters such as “123456789” or “abcdefg”
- Easily guessed combinations such as “yourname123” or “abc123”
- A single word that appears in any dictionary
Methods of Password Hacking
When a password is not secure, there are multiple ways to crack it and steal the information that it is supposed to safeguard. Here are some of the most commonly used ones.
- Prying Eyes: If you work in a cubicle, or anywhere that is semi-public, be careful when logging into your accounts. Disgruntled employees have been known to shoulder surf, or watch a co-worker enter their username and password so that the information can be used to access and damage company resources if they are terminated.
- Guesswork: Certain programs are engineered to guess your password based on information discovered about you online, such as names, dates of birth, license plate numbers, and more.
- Dictionary-Based Hacks: These programs will run every word in a dictionary in an attempt to find a password.
- “Brute Force”: This method is exactly what its name implies. Special programs or software will run every conceivable keystroke combination at an alarmingly high rate of speed. The best defense against these attacks is to have a lengthy and detailed password that includes special characters, numbers, punctuation marks, and both upper and lower case letters.
Additional Password Security Measures
Whenever possible, investment advisors should implement two-factor authentication protection to their accounts. This means that after inputting a password, a secondary verification system kicks in. Examples include a code sent to the RIA’s smartphone or RSA SecurID, which generates an authentication code at predetermined intervals.
Two-factor authentication ensures that a compromised password will not leave the account exposed. Hackers will have no easy way of bypassing the secondary authentication, making a two-factor system highly recommended in financial services environments.
Los Angeles investment advisors need to remember that protecting their accounts with strong, secure passwords and two-factor authentication is not optional. FINRA, the SEC, and other regulatory bodies require investment firms to impose stringent levels of data protection.
By educating themselves on the dangers of loose password security, investment advisors will do a better job of fulfilling their obligations to the firm and their clients.
Is your investment advisor firm using secure passwords? Let us know your thoughts in the Comments box below.