It’s no secret that fraud through hacking is increasing. In addition to protecting your credit union data, you should also be educating your members on how to protect themselves and their passwords. Here are the four most common password hacker tactics and advice on how members can avoid them:
- The Phishing Trip. Hackers will send emails to your unsuspecting members and make them appear as if the email was sent by your credit union. The email will generally have a brief introduction informing your members that additional information is required to verify their accounts and/or personal information with an accompanying link…. WARNING! The link in the email will generally go to a form where your member will be asked to enter their account credentials such as account number, card number, login information and even their password. Hacker mission accomplished.
SOLUTION – Inform your members to be skeptical anytime they receive a login page that they didn’t expect. Additionally, it is rare that your credit union would ever solicit members for their account information.
- The Word List. Hackers will download every word in the dictionary and then try every single word to see if one will work – granting them access to a members account.
SOLUTION – don’t use a word that is in the dictionary as your password. Also, don’t make passwords your name, your birthdate, your pets name, your spouse’s name or anything else that a hacker could potentially find out by checking your Facebook feed or ‘Googling’ you.
- The Universal Password. Here’s some really bad news… do not use the same password on multiple services. That’s right. Use a different password for every single site. HERE IS WHY: Often a hacker will gain access to a poorly secured site and then have the list of user names and passwords from that site, and they will try those combinations against a more sturdily built site. If your members are reusing passwords, their overall security is only as good as the most poorly written site they have signed up to.
SOLUTION: Having individual passwords for every website account, acknowledging that it is a giant pain, is the most important measure your members can take to protect themselves. It’s important to remember that the websites your members have accounts with should be doing everything in their power to protect their users from hackers by employing security measures, such as cryptographic hashing and salting, that make it harder and harder for hackers to gain access to their systems.
- The Stolen Password. Let’s say a hacker is successful in gaining access to your member’s password. Believe it or not, there is still a way to completely protect your members. Enter MULTI-FACTOR AUTHENTICATION.
SOLUTION: There a few things that security officers qualify as different authentication factors. 1. Something you know – which is like a password. 2. Something you have – which is often access to your cell phone or an email address. 3. Something you are – when you ask for photo ID such as a driver’s license you are not just checking to see that your member has their driver’s license but the face in front of you corresponds to the face on the driver’s license. Multifactor authentication means that if a hacker has your password, the hacker would still need access to a second, different factor to be able to prove that he is your member. This could be something like having codes texted to you on your phone as a second form of digital identification. The hacker generally will not have this second form of identification, which will not grant them access to your account.
FLEX, the industry's most complete credit union core technology solution, is committed to working with our credit union clients on all aspects of their business to ensure success. Subscribe to our blog for more advice and expert tips for your credit union.