Best practices for personal web security
1 Web security starts with strong passwords
Passwords are used to protect your private information and are required for almost every online activity—whether you’re banking, shopping, gaming, or on social media. But think of how many of your online accounts include public profiles and shared personal information. Then think about whether any of that public information could help a hacker access your private information. Hackers decode passwords using computer programs, which look for full words and commonly used passwords. They also look for clues on social media.
Many sites have specific web security requirements for the length and combination of passwords. But even if you’re on a site that doesn’t have strict password rules, make sure you follow these tips for strong passwords to make it harder for hackers to break your code.
- Passwords should be at least eight characters long—but the longer, the better.
- Use a mix of characters, including:
- Both capital and lowercase letters
- At least one number
- A special character, such as %, $, !, or *
- Avoid full words in passwords, especially if using only letters.
- Use different passwords for different sites. Once a password is compromised on one site, it’s easy for someone to try that same password for other sites.
Having a strong password is a good start, but it’s not enough. Protecting yourself online requires constant attention.
2 Understand that public WiFi comes with risks
Public, unsecured WiFi is convenient, but it’s unreliable. Anything you do on public WiFi may be seen by others, so stop and think before you put personal information online while you’re on a public, unsecured network.
3 Be mindful of phishing
Scammers try to hook you into phony sites with innocent-looking emails. Be wary of emails you weren’t expecting or that otherwise just look suspicious. Pay attention to where they’re coming from, what information you’re being asked to provide, and if the email or website has grammatical or spelling errors—those are big red flags.
4 Be aware of what you share
The social aspect of social media means that we’ve become increasingly ok with posting personal information publicly. Your answers to security questions on financial account sites—names of your best friends, pets, and street addresses—could be easily found in your status, location, and photos. Be aware of what you’re posting publicly.
5 Control your apps
Don’t forget about all your apps! Some of your apps may have consent of use with other apps. For example, think about which apps actually need access to your contacts, photos, or location, and disable the ones that make you uncomfortable. Also, keep updating the apps and operating systems on your smartphones as new versions become available, as they usually contain security updates.
6 Shop smart
If you’re shopping or doing financial transactions online, look for signals that the website is secure. Look for a URL that begins with https (“s” stands for secure). Secure sites also display a padlock on the address bar, which means the site is scrambling your data to stop unauthorized access.
7 Understand multifactor authentication
Many companies, especially financial institutions, try to prevent unauthorized access to your account by asking you to authenticate your identity using more than one method. For example, even though you’ve already entered your password, they might send you a code by text or email, when you want to make a transaction or make changes to your account.
8 Investigate how companies protect you
Some companies have guarantees to protect your account. For example, some companies will reimburse any savings lost if someone hacks your account and takes your money. Beware that, often, they’ll only reimburse you if you can show that you follow prudent web security practices (like these!).
Good online habits start with you
Fraudsters are always on the lookout for new ways to get to your data. Following these guidelines is a good start, but you’ll also need to stay up to date on the latest scams to stay ahead of the scammers. You can usually find trustworthy and current information on the websites of virus protection companies and technology magazines.
At John Hancock, we follow strict standards to protect our customers’ personal information. Read about the privacy and security safeguards we have in place.
The content of this document is for general information only and is believed to be accurate and reliable as of the posting date, but may be subject to change.
John Hancock Retirement Plan Services, LLC • 200 Berkeley Street • Boston, MA 02116
NOT FDIC INSURED. MAY LOSE VALUE. NOT BANK GUARANTEED.
© 2020 John Hancock. All rights reserved.
MGTS P 41724 GE 03/20-41724 MGR031120511173