I’m not kidding. This is the email I received from Walmart the other morning:
At Walmart we take your security and privacy very seriously. We use a variety of services and tools to help protect you, and our monitoring suggests someone might be trying to take advantage of your account. As a precaution we are resetting your Walmart.com password. We apologize for any inconvenience this has caused, but we are always focused on protecting you and your account.”
If ten minutes before I received that email you had asked me whether I had a Walmart.com account, I’m sure I would have said “no.” So this was a head-scratcher for maybe a minute-and-a-half until I remembered that I had purchased a car seat online for my grandson during the summer at Walmart.com because, I guess, the store was offering the best price for the model.
My friends, I’m baring all here. Just copying and pasting that email makes me nervous. Either someone was trying to fraudulently use my account or Walmart.com is soft pedaling a security breach. After all, Yahoo just announced that 500 million (yeah, that’s a lot) accounts were hacked back in 2014. Two years is kind of a long time to discover and then wait to reveal that that email addresses and other possible items that could be used in identity fraud have been floating around. This revelation came at a bad time for Yahoo because the tech-company-that-can’t-die is trying to be bought by Verizon. I can imagine the “theft” might affect how much Verizon is willing to pay for it.
The revelation also came at a bad time for me because I always ask my students to open certain social media accounts, including Flickr, for which you need a Yahoo address.
I say to them (because Yahoo does have a bad reputation), “c’mon. Just pick a good password.” So, for me? Gulp.
But online safety does go back to passwords, and “pick a good password” remains about the best advice anyone can give or take. Identity theft has hidden costs you might not even imagine and that I certainly don’t like to dwell upon. I’d bet that most of us have found fraudulent charges on our credit cards, called the bank, and one-two-three the charge is removed. It isn’t always that easy, though. Sometimes you need a lawyer, and cha-ching, you’re looking at a $2,000+ bill that comes out of your pocket. When things are so bad that you need to hire a consultant to restore your credit score, expect even more bills. (Review this piece on recovering from identity theft for more details.)
Think for a second about how many online accounts you have. And not just at stores, but for special access to certain websites, our cable/satellite accounts, our phone accounts, our bank accounts.
Remember the days when so many of us said we’d never buy anything online because it wasn’t safe? Yeah, I remember words like that coming out my mouth about 5,000 online purchases ago.
I’ve written about passwords and online safety before, and I can’t guarantee that everything I say will protect you. I can’t even swear that I completely follow my own advice all the time. (Like my kids and all their friends know my home’s wireless network password, which kind of takes the punch out of having a locked home network.) But here goes.
7 Tips You Need To Help You Protect Your Online Accounts
- Don’t use the same password for more than one account. This is a biggie. Because we all reuse passwords. I had one that I would use for any shopping network my daughter asked me to sign up for so she could get 10% off her purchase. Many people I know, though, use the same password for their bank and Netflix accounts. Netflix has been hacked, and could be again. Heck, banks have been hacked. Hackers rely on the fact that people use the same passwords for minor accounts as they do for major ones.
- Change your passwords frequently. Many companies force employees to change email passwords every three months or so. It’s a pain, but it’s also a good thing. This past summer I kind of spaced out and didn’t change my university email password on time. And the department secretary was on vacation, as were the people in the faculty tech help. Luckily, it was summer and I knew nothing important was going to happen in my academic email. However, I did use that as a reminder to change other major passwords. Of course, it’s the minor ones, like the ones you have for accounts you don’t even know you have (like me and Walmart.com) that can cause problems. All means all.
- Keep your password record in a safe place. That does not mean tape it to the back of your computer. I know people who have a password-protected “vault” they can access online and they only have to remember that master password to check the others.
- Know that your computer may be keeping track of your passwords. Yup, that’s what your “keychain” is all about. So don’t save your passwords to your keychain, and every now and then clear your browser “cache.” Yeah, you’ll have to resign into Facebook, Pinterest, and all the other accounts you access all the time. It’s convenient to have your browser remember your history. It’s also dangerous if someone steals your devices. If you use Apple products, here is some important information for you.
- Consider a password manager. I can’t quite get myself to use one even though some of the most tech savvy people I know swear by them. Read up about the best password managers, including OnePass, Dashlane, and 1Password.
- Create complicated passwords that you can remember. There can be logic to your passwords: Choose a phrase that reminds you of whatever it is you’re protecting and switch out the vowels for numbers and symbols. Whatever your method, a strong password is at least 12 characters long, contains a combination of numbers, capital and lower-case letters, and symbols, and isn’t an obvious word or phrase.
- Close online accounts you don’t use. The more places out there that have your information, the more places hackers have to find your information. Do I really need accounts at all those shopping sites my daughter dragged me to years ago? Nope. So I’m slowly shutting them down whenever I discover I’m still subscribed. And as for my Walmart.com account, I won’t bother creating a new password until I decide I need to use it.
I’d love to hear from you: What are your strong password tricks?