Key Takeaways
Once hackers obtain the login to your account, they can wire money to themselves in a matter of seconds -- without having to speak to anybody or confirm the transfer.
If your passwords are not at least 12 characters with a mix of cases and symbols, AI can crack your login in seconds.
Deposit insurance limits and other protections at your financial institutions don’t necessarily help you if you’ve been hacked.
When it comes to passwords, too many people choose convenience over security, believing “It’s not going to happen to me.” If nothing else invest in a password manager.
AI is much more powerful than ever before. There are many positive uses of AI to make us more productive. But it’s also made hackers and fraudsters increasingly dangerous. You need to secure your financial accounts, data, and personal information today. Don’t keep kicking the can down the road.
AI can analyze patterns and guess sequences better than previous attacks that were based on specific instructions, like an index of commonly used passwords. Armed with AI algorithms, fraudsters can go through millions of possibilities in just a few seconds. A recent study of adult web users found that AI could crack 51% of their passwords in under a minute. That’s pretty scary when you consider that half of U.S. adults have poor passwords or are using ones that aren’t complex enough. Fortunately, as the chart below shows, once you get to passwords of 12 characters or more (uppercase, lowercase, and symbols), it can take years for AI and other hackers to crack them. So, isn’t it worth spending a little time to protect yourself better?
Sure, it can be an inconvenience trying to remember all your passwords. Unfortunately, too many people choose convenience over security, telling themselves “It’s not going to happen to me.” It’s amazing how many people have super-simple passwords like 123 or birthdays or basic family names. Again, those are the kinds of passwords that will be cracked in seconds with AI being able to access larger and larger data sets every day. AI knows human behavior so well. Even if you think you're choosing an uncommon password, it's probably not. Protecting Yourself
As an RIA, our firm has access to clients' Social Security numbers and a vast amount of personal information. It’s not just a technical concern, it’s our responsibility as fiduciaries not to have weak passwords that can leave client accounts vulnerable and erode their trust in us. That would also lead to legal consequences for our firm. As a safeguard, we implemented a password manager. We strongly recommend that all our clients use a password manager too, we’re always available to help set that up.
Finances and financial institution websites are huge vulnerabilities. When evaluating the financial plans of our clients, it is not uncommon to identify deficiencies, for example, potential gaps in their insurance coverage. We make sure those gaps are addressed promptly because if something happens and they’re not covered properly it could have a huge financial impact. The same goes for their cybersecurity.
If clients don’t have strong passwords in place to safeguard their investments and personal data, that’s a huge vulnerability that needs to be pre-empted. Otherwise, once hackers gain access to those accounts, they can steal the data and/or money in a matter of seconds without having to speak to anyone or confirm the transaction. While Charles Schwab, Fidelity, and other financial institutions have fraud protection, they often have limits on what they can recover. Once that money has been wired out of your account, getting it back can be close to impossible, especially since it is often sent out of the country. Again, if you don't have a secure password and dual-factor authentication (2FA) for your financial institution logins, you can be wiped out and there’s not a whole lot you can do. Furthermore, for financial advisors, banks, and brokerage firms, AI has gotten so good at mimicking client voices that they're not always sure if they’re talking to their clients. Again, as fiduciaries, cybersecurity on behalf of our clients is something we have to incorporate into our daily routine. We use LastPass. We have semi-annual meetings. We check on our security scores. Now every time I log into my computer and open up a browser, I have to log in using 2FA. But that extra 10 to 15 seconds out of my day is worth it to make sure my client’s information is secure.
Next Steps
Don’t store passwords in your web browser and don’t write them down on a sheet of paper. A password manager like LastPass or One Pass (with a strong master password that incorporates a unique phrase that only your family would know) can take the burden out of needing a different password for every site. The password manager is a browser plug-in that shows up on the upper right side and when you enter your complex master password it automatically fills in your correct login information for you.
Again, don’t use basic passwords, because they can end up on the dark web and be sold to hackers who will try to use your email and password on all kinds of websites. Every single website you use should have a unique password, so a random password generator can help you make it complex. That way, if AI does a brute force attack on your passwords it can take years for AI to crack the code. Conclusion The first time you use a password manager like LastPass you have to enter your login information manually for each website you use. Sure, that takes time, but the security and peace of mind it provides is worth the effort. If you have concerns about the security of your online information reach out any time. We’re happy to assist.
DAN SATZ MS, CFP® is a Wealth Manager at Novi Wealth