What’s in Your Password?

1/2/2019 | Written by: Selena Quintanilla, CRTP
At TaxAudit, we take cybersecurity very seriously. Our Software Engineering department works around the clock to safeguard our network, and each team member has an individual responsibility to protect sensitive information. In addition, team members company-wide participate in regular trainings to guarantee that we have the most up-to-date information on the latest social engineering and phishing schemes.  
  
When sitting down to prepare taxes, whether for ourselves or a client, password security may be the last thing on our minds. But realistically, it should be one of the first.  
  
With cybercriminals becoming savvier by the day, the IRS urges taxpayers to review online accounts for updated, more effective standards put in place to protect passwords. Doing so will help guard against attempts to access accounts and steal identities or personal information. 
  
Here are some things to keep in mind when reviewing, creating, or updating passwords: 

Formulate unique connections
Passphrases should be concepts that make sense to you, but something that strangers could not easily guess. You should avoid easily discoverable passwords that contain personal information – and while special characters and numbers should be utilized, it’s best to refrain from including them in sequential or repetitive order.  
 
  • Good example: Brav3LittleT0aster0ven!. 
  • Bad example: KittyCat123 

Many cybercriminals do extensive research before attempting to infiltrate a system. If you regularly boast about your children, pets, etc., on social media, it's safe to assume that these will be among the first phrases hackers try as your passwords. 
 
Use a different password or passphrase for each account
This step is simple but highly effective. The last thing you want to do is help a cybercriminal gain access to your most personal data by using the same password for multiple sites.  
  
Consider using a password manager
Keeping up with the latest security standards while trying to memorize passwords for multiple sites can be overwhelming, and if you're anything like me you'll end up locking yourself out of accounts more times than you can count. For this reason, I use a password manager. The software I use stores my login credentials for multiple accounts in a secure portal, and I only need to memorize one master password to access it. The software also alerts me if I am using the same password for more than one site and generates secure passwords upon my request. 
  
Use multi-factor authentication whenever possible
Passphrase alone should not be trusted to protect sensitive data. The use of multi-factor authentication forces account holders to enter more than just their username and password to access an account. In most cases, a time-sensitive code will be sent to the account holder’s mobile device and will need to be entered in addition to login credentials.   
  
Change all factory-set passwords
Many wireless devices, such as printers and routers, come with preprogrammed passwords. When you purchase new equipment, be sure to update this information as soon as possible. 
 
Limit the use of free Wi-Fi networks
Most of us have been to a local coffee shop to wrap up a last-minute school report or work assignment and have hooked up to the free Wi-Fi network for a faster and stronger internet connection. Sometimes this cannot be avoided, but the data that we access while linked to these networks should be limited, as security settings are often lax or nonexistent. Never access personal identifiable information while working on a free Wi-Fi network.