Strong PasswordsCybercriminals are sophisticated in research methods, deception and tax law and filing practices.  By gathering your information publicly available and disclosed by you, their crimes put you at risk.  Be smart, protect yourself and secure access to your personal and business data. Use strong passwords.

A commonly overlooked step to protecting your tax and financial data is using strong passwords to protect online accounts and digital devices from data theft.

The Internal Revenue Service, state tax agencies and tax professionals remind taxpayers that using strong passwords and keeping them secure are critical steps to prevent thieves from stealing identities or money.

The IRS will never ask for passwords.  And watch out for phishing emails posing as trusted companies seeking passwords.

Recommendations for Strong Passwords

In recent years, cybersecurity experts’ recommendations on what constitutes a strong password has been changed. They now suggest that people use word phrases that are easy to remember rather than random letters, characters and numbers that cannot be easily recalled. A new example: SomethingYouCanRemember@30.

Protecting access to digital devices is so critical that some are now using fingerprint or facial recognition technology. But if you are still using password protection, consider these tips to protect devices or online accounts.

  • Use a minimum of eight characters; longer is better.
  • Use a combination of letters, numbers and symbols, i.e., XYZ, 567, !@#.
  • Avoid personal information or common passwords; opt for phrases.
  • Change default/temporary passwords that come with accounts or devices.
  • Do not reuse passwords, e.g., changing Bgood!17 to Bgood!18 is not good enough; use unique usernames and passwords for accounts and devices.
  • Do not use the same password for your accounts.
  • Do not use email addresses as usernames, if that is an option.
  • Store any password list in a secure location, such as a safe or locked file cabinet.
  • Do not disclose passwords to anyone for any reason.
  • Schedule password changes.  Change passwords with third party or staff/contractor turnover.
  • Use a password manager program to track passwords if you have numerous accounts.

Whenever it is an option for a password-protected account, users also should opt for a multi-factor authentication process. Many email providers, financial institutions and social media sites now offer customers two-factor authentication protections, which adds an extra layer of protection for your accounts.  You need to identify a password selection method that you can utilize and maintain consistently.

Learn how to recognize phishing scams.