It’s past time to get serious about online security

I’ve been on a bit of a crusade lately, telling everyone I know about two-step authentication and pushing our agents to turn the feature on in their email accounts.  We’re past the point of “maybe I should think about doing this” and are well upon “get your head out of your…”  “do it NOW.

This week we had the third attempt at stealing money from one of our agents and the third time was successful to the tune of over $20,000.  I got to talk to the FBI and a bank president and several security experts brought in by the bank for an hour rather than being a real estate IT guy.  We weren’t at fault, I was just helping out, but thieves are finding that the back door to banks’ ever increasing security is your email account, personal or otherwise.   The person who had $20,000 hoovered from their savings account didn’t have that email address registered with their bank nor did they so much as use online banking.  So don’t think you’re safe just because you don’t use that email account often or because you don’t log into your accounts online.  You.  Are.  Vulnerable.

So what should you do?  The first step is to be on alert all the time.  Sounds trite but you can’t ever respond to unsolicited emails from your bank or mail provider to “update your security” or “we’ve detected fraudulent activity, click here to verify your account”.  If you see an email such as that, open your browser and type in the URL of your bank yourself or call them at the number listed on the back of your ATM or credit card.  Thieves get the same emails we do and they can copy the graphics from those emails and make their fraudulent emails fishing for info (thus the term “phishing”) from you.  They can send out millions of these emails and only need a very small percentage of suckers  victims to respond to make it a very profitable enterprise.

So that’s the easy, obvious thing to do (but I had to say it).  The next thing you need to do is to get serious about securing your accounts – all of them – with good, impossible to guess, complex passwords.  Yes, on ALL your accounts.  If you don’t take your Facebook or Twitter or Pinterest account seriously then you make it easy to hack into.  Or that old Yahoo account you never use, but that you forgot that you made your backup email account in case you get locked out of your real email account.  These are the little targets thieves will hack into and then gain a lot of personal information about you, information they can use to unlock the bigger targets such as the email address you have registered with your bank.  Then they’ve got access to your money or your identity.  So, yes, really, all of your accounts, trivial or not, seldom used or not, locked down with different passwords that aren’t your pets name, aren’t “1234567” and not “password”.

So that made it a little harder.  The next and most important step you can take that makes it exponentially harder to get into your accounts is to enable two-step authentication (sometimes called two-factor authentication).  In Gmail when you turn this feature on you will get a text sent to your phone when you try to log into your account from a computer you’ve not used before to access your email.  You have to enter the six digit code sent to your phone before Google will let you into your account.  That code changes every 30 seconds so for someone to be able to hack into your email account they have to both know your password and the six digit code that even you don’t know until you receive the text from Google.  Google also makes an app available for both Android and iPhone smartphones called Google Authenticator (search for it in the app store on your phone) which will generate the codes for you.  Gmail, Hotmail, Dropbox, Facebook and Yahoo all support two step authentication.  It’s free and you’re a fool if you don’t use it.  Maybe you’ll take umbrage at me calling you a fool for not using something that probably sounds a little scary and complicated to use.  It’s not that hard once you try it and I can’t emphasize enough that it’s not about “other people” anymore – you really, really need to do this.  It’s not about annoyance or spam.  It’s about your money, or lack thereof, if you don’t get serious about securing the back door into your accounts.

Links to setting up two step authentication for various accounts below.  Use something else?  Google is your friend.  Search for it on

Two step authentication in Gmail (personal or business)

Enable Two Step Authentication in Facebook

Enable Two Step Authentication in Hotmail or

Enable Two Step authentication in Dropbox

Enable Two Step Authentication in Yahoo


Comments are closed.


Equal Housing Opportunity. Equal Opportunity Employer.