Statement on the theft of 1.2 billion passwords and its effect on bank customers from Rose Oswald Poels, president/CEO of the Wisconsin Bankers Association
“Consumers who may have used the same username and password for their online financial accounts as they used for other online websites should consider changing those credentials. Although initial reports say that financial institutions were not the target of the hackers who stole 1.2 billion passwords from over 420,000 websites, consumers tend to use the same username and passwords for multiple accounts. This potentially leaves them vulnerable to unauthorized access to their funds.
We also encourage consumers to be vigilant and review their accounts. Any unusual activity should be reported to their bank as soon as possible.
Consumers need to be aware of phishing scams that may try to take advantage of the security concerns that usually occur with news of data breaches, especially breaches of this scale. Do not respond to emails with links claiming that your account is in jeopardy. If you do have concerns with any service provider due to the possibility of a compromised account, WBA encourages you to contact those businesses directly to avoid becoming a victim of a scam.
WBA offers the following five tips for proactively protecting your online accounts:
- Use a passphrase rather than a password. For example, you might create a passphrase such as "GroceryShoppingOnSaturdays".
- Consider using the first line of a song or rhyme such as "If you give a moose a muffin," which becomes "IUgaM00saMuf1n."
- Create strong passwords by substituting numbers for letters: for example, "1" for "L," "3" for "E," or "5" for "S." (0ct0b3r 13av35).
- Password complexity and length are important. Most websites require at least 8 characters, but 12 is now recommended.
Avoid using the same credentials for multiple systems or websites. If you must, periodically change your password for financial sites or those that store your credit card information.