They’re coming for you: Passwords, Hacking, and more

June 30, 2021

Security is very important to us, and we think it should be equally important to you. That’s why we frequently include articles about what you need to do to help protect yourself against identity and other theft.

Unfortunately, you may be victimized as a result of shortcomings by others. If you have a credit card from a company whose servers get hacked, there’s little you can do to prevent your personal information from being stolen. On the other hand, we sometimes contribute to our own victimization, so let’s review a few steps you can implement with little or no cost.

First, a question: Do you know how long it would take a hacking program to figure out your 8-digit, all numbers password? The answer: Instantly. That’s right; no time at all. How about a 10-digit all numbers password? Instantly! How about a 13-digit, all numbers password? 4 minutes.

Clearly, the object of pointing out the lack of security in a pure numerical password is to demonstrate that passwords should be more than just numbers or letters. (By the way, it takes 2 minutes to hack a 9-digit all lower-case password.) As you can see by the chart below, using numbers AND lower-case letters AND upper-case letters AND symbols yields the best results. How can you go wrong with a 10-digit password that combines all the above and would take a hacking program 5 years to hack! (Tip: Kiplinger’s Personal Finance¹ recommends using a password manager, like Dashlane, Keeper or Lastpass, “to securely store login credentials and to generate strong, unique passwords for each account.”)

Source: Hive Systems

Here’s a tip that never gets old: never (NEVER!) open a link included in an email. If you get an email from “Social Security,” for example, that includes a link for you to use to read an important notice, go directly to the Social Security website and log in from there. (Always Google the website you are looking for, as opposed to using any link included in an email.)

To confirm that an email is suspicious, hover over the sender’s address. An email allegedly sent from Social Security may have a return address of SocialSecurityNotice.com. In fact, the real address of Social Security is SSA.gov, so seeing a potentially phony return address would be the first clue that the email was, in fact, a phishing scheme.

Another tip that you shouldn’t disregard involves those annoying notices you often see on your iPad, iPhone, and computer screens alerting you to update your software. Do it! Many software upgrades involve enhanced security because Apple, Microsoft, and others are trying to stay one step ahead of the hackers. And make sure your computer security is enhanced with an anti-virus program like McAfee or Norton. They’re the first line of defense in protecting your computer.

We get too many calls telling us that passwords had to be changed due to security breaches. We know it’s time-consuming, unsettling, and potentially costly. Often, these kinds of disruptions to your life can be avoided, but you have to initiate your own defenses for them to work.

¹ Gerstner, Lisa. “Protect Yourself Against New ID-Theft Schemes.” Kiplinger, 27 May 2021.

Please remember that past performance may not be indicative of future results.  Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by S.F. Ehrlich Associates, Inc. (“SFEA”), or any non-investment related content, made reference to directly or indirectly in this newsletter will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful.  Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this newsletter serves as the receipt of, or as a substitute for, personalized investment advice from SFEA.  To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing.  SFEA is neither a law firm nor a certified public accounting firm and no portion of the newsletter content should be construed as legal or accounting advice.  A copy of SFEA’s current written disclosure Brochure discussing our advisory services and fees is available upon request. If you are a SFEA client, please remember to contact SFEA, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing, evaluating, or revising our previous recommendations and/or services.