Head in the Cloud: What a Celebrity Photo Hack Can Teach Us About Online Safety  

Personal Finance
You can trust that we maintain strict editorial integrity in our writing and assessments; however, we receive compensation when you click on links to products from our partners and get approved. Here's how we make money.

By Jeffery Cortright, CFEd

Learn more about Jeffery on NerdWallet’s Ask an Advisor

The recent celebrity hack job — in which numerous cloud accounts were accessed and risqué photos made public — made me wonder: What other accounts might be so easily compromised?

Do you use the same password for all of your online accounts? Maybe you have a handful of passwords, but they’re all similar. Here’s the danger: If a hacker gets your password, every account using that password is compromised. Not just accounts with potentially embarrassing photos; accounts with your financial information.

If Kate Upton used the same password on her bank account as she did on her iCloud account, she could have woken up to a zero balance and bounced checks, which would have left her even more exposed than in the pictures that were made public.

So many logins

Before I became a certified identity theft risk management specialist, I was one of those people at risk. With more than 80 logins that I use regularly, having a common password was meant to make things easier for me. What I discovered was that it makes it easier for a thief as well.

So how to keep track of so many logins? There are password tracking programs like 1Password or KeePass that will help you generate strong passwords and store them securely for you. But if you don’t trust a technological solution to your technological problem, here are a few pointers:

  1. Never store a website address and/or company name on the same piece of paper as your username and password.
  2. Maximize the number of characters in the password you choose.
  3. Always make sure passwords are unique.
  4. Minimize “pronounceable” passwords or acronyms, since hackers might guess favorites from your social media posts.
  5. Change your passwords regularly, quarterly at minimum.
  6. Keep any password information written down under lock and key.
  7. Avoid storing your password in your browser’s memory.
  8. Use two-step authentication whenever possible.
  9. Advocate for better password security whenever you see a possible issue.

Become a password advocate

It’s No. 9 that is particularly important to me. Every school you attended, employer you worked for, doctor’s office you visited, bank or investment company you utilized, insurance policy you applied for or held — they all have your personal information. A weak password by any one of the employees, contractors or visitors could compromise your personal information.

So how can you advocate for better password security?

Whenever you walk into a facility — even the veterinary office with your pet — and you see a website or program name with the username and password on a sticky note, in plain view of people at the counter, tell them you are concerned about your personal information. Tell them you wish they were taking better care of securing passwords.

Password security is not difficult, but it does take some effort. When you use strong passwords, and you have taken the proper steps to secure all your passwords, you are helping to keep your photos and memories private, prevent your bank accounts from being liquidated, and protect yourself from the nightmare of identity theft.

Raising awareness about password security is a big first step in protecting personal information and reducing identity theft and financial fraud.