Posts

Gear up for your next vacation with advice on how to travel safe when it comes to technology and cybersecurity.

Be honest, show of hands who is ready to put this winter weather behind them and take a nice vacation? No matter if it is a glowing sandy beach escape or a picturesque mountain retreat, a vacation can be an instant pick me up after the winter blues.

Unfortunately, as too many travelers already know heading out of town can be filled with pitfalls. Lost luggage, sudden cancellations, unexpected illnesses are just the tip of the iceberg when it comes to potential problems. However, there is a far more serious danger lurking for the would-be traveler with consequences that take years to recover from – identity theft.

Cybercriminals do not take vacations, so you cannot let your guard down where your identity, your financial data, even your gadgets are concerned. In fact, in many ways, traveling brings a whole new kind of cybersecurity threat, one that specifically targets people when they are away from home.

Once you have planned your getaway, there are a number of steps you must take to travel safe. Whether you are traveling within the country or abroad you should consider taking the below actions to protect your information.

Update and Backup all of Your Technology

If you are bringing any devices with you, now is the time to make sure they are updated to the most recent operating system. The same is true of your apps. When you continue to use an outdated piece of software or an old app, you are leaving yourself wide open to a data breach; developers often issue updates specifically because they have uncovered a security hole. While you are at it, make sure you save all of your important files, documents, or photos to a secure source at home, just in case someone does attack your device.

Disable your Wi-Fi

A simple slide with your fingertip is all it takes to prevent your mobile device from automatically connecting to unknown networks. These are the kinds of free Wi-Fi connections found in coffee shops, hotels, restaurants, airports, and more. Turning off the Wi-Fi will not only save your battery, it will stop lurkers from infiltrating your device over unsecured networks. Do not worry, you can turn it right back on whenever you are in range of a safe connection.

Power Up with Confidence

Avoid public charging stations if you can help it. Whether you use your own cord or use one that is provided, you cannot know where the cord’s connection will lead. In a scheme called “juicejacking,” criminals lure travelers into plugging in their devices for a quick charge, but the cord is actually connected to a hidden computer. The computer is downloading all of the files and information off the devices while you charge up, including usernames, passwords, account numbers, and more. If you can carry your own external charger battery or a “block” to plug into a regular power outlet, that would be much safer.

Passcodes, Passwords, and Pass it On

You might want to update your passcode lock on your mobile devices and your account passwords on sensitive accounts before you leave. That way, you are not enjoying a day out on the waves—and away from a phone or computer—when a hacker steals a database of old usernames and passwords, or steals access to your online bank account and credit card. If you can leave these passwords with a trusted family member, they can help you out if something goes wrong while you are out of pocket.

The Trip is Only Part of the Equation

Remember, your vacation basically starts (at least from a cybercriminal’s perspective) from the day you book the trip through the weeks after you have returned. Make sure you are booking your travels through a reputable company over a safe online connection, and that you are monitoring your accounts before, during, and long after your trip in order to watch out for suspicious activity.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Better than any Oscar nominations or National Basketball Association (NBA) rankings, there’s a different kind list that keeps cybersecurity experts and consumer advocates on the edge of their seats each year. This list, compiled from actual, intentional user mistakes, ranks the worst—make that “least secure”—passwords by how frequently they’re used.

Note: Why do far too many consumers continue to use ridiculously weak passwords? Because of a misunderstanding of how passwords are “guessed” by hackers. Despite what people might think, no one sits at a computer and types in one attempt after another. Instead, they deploy software that is capable of “guessing” random words, phrases and character combinations at literally billions of guesses per second.

(As one tech user said to the Identity Theft Resource Center when justifying the use of “password” as his online banking password, “It’s so easy no one would think to guess that one.” Unfortunately, that’s not how this works.)

This year’s list of worst passwords not only includes some that have been haunting the security industry for years, it also includes a few newcomers.

Taking the number one spot once again was “123456.” Interestingly, after the #2 spot went to “password,” the remaining top seven most commonly used passwords were the number variations “1234566789,” “12345678,” “12345,” “111111,” and “1234567.”

There were some odd choices this year, as the #8 spot went to “sunshine” and #10 was “iloveyou.” Number 9 was no surprise, unfortunately, as the ever-popular “qwerty” landed there.

“Admin” and “football” made the list again this year, as did “123123.” A shockingly high number of tech users thought they could beat the bots by holding down the shift key while hitting those number keys, which means “!@#$%^&*” was the 20th most commonly used password this year. Not to be outdone by the qwerty fans, a few more people tried to outwit the hackers by running their passwords straight up the bottom row of keys: “zxcvbnm” took spot #26.

People’s first names were surprisingly common passwords. Jordan, Joshua, George, Harley, Summer, Thomas, Buster, Hannah, Daniel and more were all in the top fifty.

The complete list of 100 most commonly used passwords is available by clicking here, but remember—it’s a guide of what not to do, not a list of passwords that are so simple no one would think you’d ever use them. So what kind of password should you use?

A strong, unique password is one that you only use on one account (not repeating it on multiple accounts), and that contains a long, virtually unguessable combination of letters, numbers, and symbols. Eight characters is typically considered the bare minimum for security but the longer the password, the harder it is for hacking software to guess it. While you’re creating this hopefully-foolproof password, remember to avoid common words, phrases, variations on your name, or the name of the website where the account was created.

So how are you supposed to remember a really long, secure password and make a separate one for each account? You could use a widely-respected password manager software, but there’s always a risk of those companies’ servers being hacked. If you’re really struggling to protect yourself, you can come up with your own cheat.

For example, pick a song or a book title that you will always remember, such as, “These Boots Were Made for Walking.” Now, pick a long number combination, like your childhood phone number. You can weave together the first letter of each word in the title (alternating uppercase and lowercase) and each digit in the phone number so that you end up with something that looks like “?T2b5W6m1F9w67!” Note the extra symbols at the beginning and end.

This fairly strong password is only good for one of your accounts, though. So here are a couple of things to try:

1. You can also weave in the name of the website, like PayPal or Amazon, by putting one of the letters at the beginning and one of the letters at the end. That way, you only have to remember two letters for each account and your strong password in the middle. This is NOT ideal from a security standpoint, but it’s far better than reusing your dog’s name on every account you own.

2. Use your very strong password for your email and simply click “forgot my password” every time you log into a different sensitive account. You’ll get an email to change your password on that site, and you can change it to anything you like—even just mashing keys on your keyboard—since you’re going to change it again the next time you log in.

There’s something else to consider about password security. Changing your passwords from time to time is important for keeping hackers out of your accounts. The ability to steal or purchase databases of old login credentials means someone could get your current password by stealing information that’s several years old. Protect yourself with regular updates to your password.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

If you pulled up in your driveway and saw an orange extension cord running from your exterior outlet to your neighbor’s house, you might have something to say about it. If your neighbors ran a long wire to your cable box to steal your cable, you would probably do something about that as well.

But your neighbors could be stealing your internet connection without your knowledge. Without the need for wires or cords, they could have gained access and your signal strength could be suffering. Worse, you don’t know what kind of activity they’re engaging in over your connection, or what else they may be able to infiltrate over your wifi.

There are a few ways you can tell if someone—a neighbor or even someone paused nearby in a vehicle—is using your internet connection:

1. Internet Slowdown – if your internet connection is suddenly slower, meaning web pages don’t load like they once did or your favorite videos just display an icon circling around instead of playing, you might be running too many devices on your connection. If you know that you haven’t increased the number of computers, phones, tablets, laptops, or IoT devices, someone else may have joined.

2. Check Your Connection Settings – if you can access the app for your router (the box that turns your modem into a signal broadcaster so wireless devices can reach it) or visit the manufacturer’s website to see your account, you should be able to see how many devices are connected to your network. Their customer service department can help you with this step.

Once you find out if someone else has jumped on your connection, it’s actually a pretty easy fix. First, password protect your wifi network, which is a good idea even if no one has been using your connection; however, if you already had a password in place, then the outsider has gained access to it somehow, so simply change it. Also, be sure to check for any available updates to your router’s software since outdated software could have vulnerabilities that outsiders can exploit.

Unfortunately, if someone has been using your wifi, there’s a chance they also accessed sensitive information about you and your family. Change the passwords on all of your sensitive accounts like email, banking, and retail shopping sites, and monitor your accounts for any suspicious activity.


Read next: “Don’t Get Scrooged by a Holiday Scam”