All of us increasingly live in the digital and online world. The risk of bad actors and criminals stealing our personal identity and financial information continues to increase. Local law enforcement, the FBI, and Secret Service seem ineffective in preventing or prosecuting acts of cyber fraud. Unfortunately, we are responsible to make sure that our risk exposure is minimized as much as possible.

Theft of personal logins and passwords remains the most common way that cybercriminals access our personal and financial information.

Hackers steal passwords in the following ways:

1. Phishing attacks: Bogus emails, texts, or phone calls trick us into sharing confidential information.
2. Password reuse: It is estimated that over half of passwords are reused, putting multiple accounts at risk with a breach.
3. Malware: adware and viruses can reside on your computer and steal passwords and other persona information
4. Brute-force attacks: Trial and error to guess passwords.
5. Dictionary attacks: A type of brute-force attack using a dictionary of common phrases and passwords.
6. Unsafe sharing
7. Shoulder surfing

Two-factor authentication had the promise of making logins to trusted sites safer, but there are increasing reports of failure of this method of security. Requiring the user to enter a code that has been emailed or texted does improve security, but any break in the two-factor chain can allow the hacker to break into the systems. (This can be by simple phishing attacks, fake emails, or websites.)

Safer Credentials: Passkeys

Passkeys are a much more secure method of managing login access than passwords. Created by Apple, Google, and Microsoft in partnership with the FIDO Alliance and the World Wide Web Consortium, a Passkey is a unique credential that’s not visible to you, is stored natively on your computer, iPhone and iPad. Passkeys use public key cryptography to make logins much more secure. They aren’t created insecurely by humans and solve the human pain point of having to remember long, complicated passwords. The passkey resides on your device and can be shared to your other devices.

Recently many of the most-used websites and services have implemented passkeys as a more secure way to login than passwords. Here is a partial list of sites using passkeys:

Google, Amazon, PayPal, Adobe, Microsoft, X (Twitter), Apple iCloud, Uber, LinkedIn, BestBuy, eBay, Safari

Many experts believe that Passkeys will completely replace passwords in the next few years.

Here are some links to help you set up Passkeys:

Google
Amazon
PayPal
Windows
X
Apple iCloud
Safari
Android

Implementing passkeys can improve your cross-device experience, particularly when integrated with synchronized passkeys from cloud accounts like Google Password Manager, Apple iCloud Keychain, and contemporary password managers like 1Password and Dashlane. Passkeys have the advantage of being backed up to the cloud, so if you lose your device or buy a new one, all you must do is sign into your iCloud or Google Play account to recover your passkeys.

I hope you will implement passkeys where available to reduce your risk of cyber fraud. 

I have had several clients and friends who have had significant identity theft events. I have interviewed each of them to learn about these experiences and the lessons learned. In my next few blog posts, I plan to share their experiences and recommendations to help you make your digital life safer. 

Ralph Broadwater, M.D., CFP®

© 2023 The Arkansas Financial Group, Inc., All rights reserved.

The Arkansas Financial Group, Inc. is a Fee-Only Financial Planning Firm located in Little Rock, AR serving clients in Arkansas and throughout the country.

Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by The Arkansas Financial Group, Inc. [“AFG]), or any non-investment related content, made reference to directly or indirectly in this commentary will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this commentary serves as the receipt of, or as a substitute for, personalized investment advice from AFG. AFG is neither a law firm, nor a certified public accounting firm, and no portion of the commentary content should be construed as legal or accounting advice. A copy of the AFG’s current written disclosure Brochure discussing our advisory services and fees continues to remain available upon request or at www.arfinancial.com.

Please Remember: If you are a AFG client, please contact AFG, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. Unless, and until, you notify us, in writing, to the contrary, we shall continue to provide services as we do currently. Please Also Remember to advise us if you have not been receiving account statements (at least quarterly) from the account custodian.