What I’m about to tell you is a bit scary. But as you’ll see, it could easily happen to anyone. So please read this in full… and then go change your passwords.
We have a friend whose email was hacked some time ago. It happened because, as many people tend to do, she used a very simple password for her email and logged in over an unsecure network, allowing hackers to easily grab it.
What’s more, she used the SAME password for multiple other online accounts. So when the hackers obtained her email password, they could also access her bank account.
Should you invest in cryptocurrencies? As with all investments, it depends on many factors. At the Morningstar Investment Conference on Thursday, Matthew Hougan of Bitwise, Tyrone Ross, Jr. of Onramp Invest and Annemarie Tierney of Liquid Advisors joined Morningstar's Ben Johnson to talk about portfolio allocations to cryptocurrencies. Q2 2021 hedge fund letters, conferences and Read More
After obtaining access to her email account, the hackers combed through years and years of old files and emails until they found a document with her signature on it, along with other key personal information.
From there, they created a phony contract that made it appear she was buying a property for $500,000, and then they Photoshopped her signature at the bottom of it.
The contract looked completely legitimate. So when they faxed it over to the bank, along with wire instructions to please transfer $500,000 out of her bank account, the bank believed the scam.
The hackers were also able to log in to her bank account and send internal messages to the bank, ‘confirming’ the wire transfer.
On the bank’s end, everything appeared to be in order. So they transferred the money.
Poof. $500,000 was stolen.
Now, clearly the bank had some pretty weak internal controls in place. I’m astounded that a bank in 2017 would transfer half a million bucks to the other side of the planet based on a faxed signature that’s so easily reproduced by any teenager with Photoshop skills.
And more than likely the bank is going to have to pony up some cash.
But still… no sense in taking the risk.
I thought her story highlighted an interesting point with respect to Cryptocurrency.
One of the big reasons that more people DON’T own cryptocurrencies like Bitcoin or Ether is because of the cybersecurity risk.
There are plenty of Boogeyman stories floating around about major Bitcoin exchanges getting hacked.
Or perhaps my favorite instance of this was when Bloomberg’s Matt Miller inadvertently had his Bitcoin hacked on LIVE television back in 2013 because they gave the viewers a 10-second closeup of the private key.
It was basically the equivalent of flashing your bank password on live TV.
These fears about cryptocurrency security are not unfounded; there are a number of ways to be hacked.
But as this story shows, the same risks exist in conventional banking. There’s no shortage of scams– fraud, identity theft, etc. are all pervasive.
And if you’re not paying attention and/or aren’t properly educated, you can easily get robbed.
Cryptocurrency is the same. It’s not scary. It’s just different.
And frankly if you learn the tools and implement the right cryptocurrency security [like proper cold storage], Bitcoin is nearly impossible to steal and MUCH more secure than conventional banking.
It really is just a question of education.
Now, let’s briefly go back to good password security. Remember the golden rules of passwords:
1. Have a unique password for every website or account.
More bluntly, DO NOT USE THE SAME PASSWORD FOR MULTIPLE ACCOUNTS. As this story shows, if hackers obtain that single password, they’ll be able to access your entire life.
2. Use a long password, at least 14 characters with a random combination of letters, numbers, and special characters.
Avoid “dictionary words”, or anything that looks like a dictionary word. For example, “simon” is a terrible password. And “s!mon” isn’t much better.
Also avoid anything familiar. Your kid’s name. Your dog’s name. Your favorite movie. Your phone number.
Good passwords are things like:
It would take centuries for a supercomputer to crack that one.
Now, obviously we can’t possibly remember dozens of cryptic passwords.
That’s the biggest reason why people so frequently reuse the same password over and over again across multiple websites, or even their home’s Wifi router.
Fortunately there are several “password managers” that exist, like 1Password, which allow you to maintain an easy, secure, encrypted database of your passwords on your own computer.
The idea is that you only have to remember a single master password which allows you to decrypt the database and access the rest of your passwords.
[By the way, 1Password recently started offering a monthly subscription service to store your passwords on their servers. We definitely recommend NOT doing this. It’s much more secure to buy the software and maintain the database yourself.]
Password managers make password security much easier as long as your master password is highly secure.
One tool to create and remember a secure password is to think of a sentence or phrase that you can more easily remember.
For example, “Simon really loves Italian red wine in the summertime, because he goes to Italy every year!”
Then you could use that sentence as a code by inserting the first letter in each word as the password:
and then make it more secure by adding/substituting numbers and special characters for the letters.
That’s a very secure password, AND it’s a LOT easier to remember.
You can apply this same technique, by the way, when you set up a password-protected secret key for your cryptocurrency wallet.
As a final note, be VERY cautious with unsecure, public WiFi.
Surfing the Internet in those cases is like shouting your passwords across a crowded room. It makes it very easy for hackers to steal from you.
If you can’t avoid unsecure networks, then at least make sure you use a VPN (Virtual Private Network) to first establish a secure connection.
This is very difficult to hack and one of the best ways to ensure your data won’t be stolen over an unsecure network.
(I’m currently using a service called VyprVPN, but there are countless others available.)
Now– please go change your passwords ;)