Why you should treat your passwords the same way you treat cash


February 9, 2017

We all get a ridiculous number of emails every day, most of which are spam. You’re probably sick and tired of reading clickbait-y, blaringly loud headlines (“THIS THING JUST DID THAT AND YOU WON’T BELIEVE WHAT NOUN VERB blah blah blah…”) that deceive you into clicking on generic blogspam or worse, downloading a malicious computer virus that can infect your machine or whole network, potentially causing disastrous consequences.

With specificity in mind, let’s take a look at what an email phishing scam looks like. Here’s an actual Gmail exploit actively circulating and duping IT professionals:


As our security gets more sophisticated, so do the viruses and email scams created to neutralize it. So, what can normal users hope to do to protect themselves from phishing schemes – especially those that are executed well enough to ensnare even top IT experts like Tom Scott? I firmly believe that keeping three basic things in mind is essential.

First, an analogy: Treat your passwords the same way you treat cash.

And next, two points:


Allow me to elaborate.

Imagine you’re making a withdrawal at an ATM. How do you feel? “Nervous” might not be quite the right word, as you’ve made plenty of routine withdrawals over the course of your life, but your senses are likely heightened and you’re probably keenly aware of your surroundings. That’s because you know you are handling something valuable (physical cash), and your instincts are telling you to keep your guard up to protect it. You should apply that same instinct to ALL of your usernames and passwords.

Watchers of the TV show “Mr. Robot” will know that brilliant computer hacking is not what makes most people vulnerable – it’s social engineering that allows people to get hacked. In short, hackers know that in many cases, your passwords and answers to your security questions are easily discoverable (from Facebook, Twitter, Instagram, that old Xanga or LiveJournal you kept back in middle school, archives of newspaper clippings from your hometown… the list is endless). Rather than running some complicated code, hackers simply track down that information and use it to make intelligent guesses.


Once they find out that you grew up in South Bend, Indiana, your dog’s name is Sadie and you love Tom Petty, they have everything they need to answer your security questions and reset your password.

Now, let’s circle back to those two points.

  • Just like when you withdraw money from an ATM, you should have your guard up whenever you enter your username and password. I mean that! Every. Single. Time. Your increased alertness will cause your brain to ask the right questions at the right times: Why do I have to type in my Facebook password again? I have it saved in my password manager, and besides, the site automatically signs me in anyway. Once you’re in the groove of being naturally suspicious, you’re more likely to recognize when something’s up.
  • If you get a fraud alert from your bank, do you log into Facebook to figure out what happened? NO. You go to your bank! If you have to reset your password, don’t do it from a link in an email, even if you get an email with a password reset link.
  • Speaking of resetting passwords, if you get that type of email from Twitter, you should open up a new tab, go to twitter.com, click “Forgot your password?” and follow the prompts from there.

Ultimately, you need to recognize that in this day and age, passwords are a valuable thing. With this in mind, be vigilant when working with them, and know that there are people out there waiting for you to make yourself vulnerable.

As the old idiom goes, “A fool and his money are soon parted.”

Don’t be a fool.

We're Integris. We're always working to empower people through technology.

Keep reading

4 Cybersecurity Takeaways from China’s Largest Data Breach

4 Cybersecurity Takeaways from China’s Largest Data Breach

Cybersecurity drama strikes again as human error leads to China's biggest data breach and perhaps the most significant hack of personal information in history. According to Threat Post, the incident was triggered after a Chinese government software developer wrote a...