Skip to content


  • Consider a "multitiered" approach to online security
  • Your e-mail password is the most important to protect
  • Password protect your smartphone


Please don't tell me that by using "password1234" you think you're keeping your data safe from crooks. According to Marian Merritt, the Norton Internet safety advocate at Symantec, many people still use simplistic strings for their passwords, making life very easy for the bad guys. And she says that if your password is a word that's found in the dictionary, it can be hacked. Online safety begins with strong passwords.

Pile of recycled mobile phones

RayArt Graphics/Alamy

Michael Barrett, the chief information security officer at PayPal, says that just like you protect your valuables with various levels of safety, you should think of your passwords the same way. So, for example, you might keep your most expensive jewelry in a bank safe deposit box and your important papers in a fireproof storage box.

Consider this multitiered approach for your passwords, as well. According to both Merritt and Barrett, the most important password you have is the one for your e-mail. That's the key to the kingdom. Hackers troll for email addresses they can steal. If they can grab your e-mail and crack the password, they may be able to go to sites you use for transactions. And you might not know until you get the bill for the Rolex that someone else is wearing.

Strength in numbers

The trick to setting a strong password is to think like a crook. What information might already be floating around out in the ether about you? Whatever it is, you probably shouldn't be using that as your password. Things like your address, your date of birth, your kids' birthdays and definitely not your Social Security number.

So what does work? Norton's Merritt suggests basing it on a phrase that only you will know. For example, "I went to Tucson and spent seven dollars for prickly pear jelly." Reduce that to letters, numbers and symbols using the first letter of each word in the phrase. That would result in the password "Iw2T&s7$4ppj." In one password, you now have uppercase and lowercase letters, numbers and symbols. Go hack that.

Another suggestion is to tweak your key phrase for different kinds of websites. You might add an "e" at the beginning or end for e-mail, or a "b" for banking, etc.

The security experts suggest a different password for your online banking and brokerage accounts. And while they'd also like to see different passwords for each of your online shopping accounts, that might be a bit over the top. Maybe just one password for all of those shopping sites would do the trick.

Simple steps

Besides password protection, make sure you have an up-to-date antivirus program. There are some free programs out there, but this is one of those times when you get what you pay for. Take the plunge and buy some serious software from a reputable company, such as Symantec/Norton or McAfee. And make sure you keep it up-to-date. The crooks are always updating their malware.

Don't click that link

If you get an e-mail from a financial institution where you don't have an account asking you to update your security, don't let curiosity get the better of you. It's not a mistake. It's an attack.

Even if you get an unusual communication from a company you do business with, contact them before you open it. For example, if you use PayPal and get a note saying your account is on hold, or a note from eBay saying your account is being suspended, don't click on the link. Contact the company directly to see if the note is legitimate. Many firms have their own security sites, such as Forward the suspicious e-mail to them, and they'll tell you if it's bogus.

Even though you'd think everyone knows about the Nigeria e-mail scam, there are still plenty of people falling for it. When the former head of the bank of Nigeria offers to send you money to invest for him and asks for your banking info, or for a small security fee, just ignore it. Sadly, one security expert I spoke with told me that every year one or two people actually go to Nigeria, and wind up dead.

And if you access the Internet from a library or other public computer, never type in personal information or account numbers. You never know who has been putting programs on it that could be recording your keystrokes.

Being smart about smartphones

How do you protect the data that's on your smartphone? You may leave it out on your desk, or on a train seat or in the bin at airport security. And, of course, sometimes you just don't know where you've left it. There are several solutions.

The first thing you can do is password protect your device. That way, if someone does pick it up they cannot access your data. If your phone is truly lost or stolen, there are programs for both the iPhone and Android phones that will help you find your phone. In a worst case situation, there are also programs that will let you remotely wipe all the data that's on the phone.

Boomers have been a little slower than millennials to do online transactions. But we're catching up now. Fifty-five percent of us are doing online banking. Keeping track of your money, your investments and shopping is a wonderful convenience. By exercising a little caution, it can be a safe one, too.