Raise your hand if you manage your finances online. Most of us stopped going to the bank during the pandemic, and once you realize how easy it is to get things done from your phone or computer, why go back?
But some of the biggest cyber threats we face today are banking Trojans — malicious programs that hunt for bank information while disguising themselves as harmless documents. They can scan what you type, steal your money and compromise all of your most sensitive passwords. These often come loaded in malicious apps. Tap or click for more info on apps recently caught stealing bank credentials.
Your bank account is one of the most important things in your life to protect from hackers. Without strong cybersecurity, you could end up losing money and critical personal data. If you haven’t given your online bank accounts a security checkup, now’s the time. Here are the steps you need to take.
1. Create strong passwords
Creating strong passwords is the most fundamental step in securing your accounts. Weak options like 12345678 or Password can be easily guessed or cracked with software that hackers can download for free. And if you share a weak password across multiple accounts or profiles, you’ll have a domino effect on your hands if one of them gets compromised.
To protect your accounts, here are some good rules for making better passwords:
- Always use a random (or non-sequential) set of upper and lowercase letters, numbers and symbols.
- Always make your passwords eight characters or longer.
- Use unique passwords for every single account, every single time.
If you’re having trouble figuring out strong passwords, here’s an example we use here at Komando.com: T/V\ho2nnL. It comes from a random sentence — a Metallica lyric. “Take my hand, off to never-never land.”
Use the first character from each word to get “tmhotnnl.” Then, replace some words and letters with symbols and numbers. “M” becomes /V\ and “to” becomes 2. Finally, capitalize a few of the letters to make a tough password that’s easy to remember: “T/V\ho2nnL”.
2. Set up two-factor authentication
Activating two-factor authentication (2FA) for your bank accounts is a great way to keep hackers out. When it’s set up, you can’t log in without a code that your bank sends to your phone via text message. Hackers won’t have access to your phone, which means it’s unlikely they’ll be able to get in. Plus, you’ll know any time someone tries to log in without your permission.
Here’s how you can set up 2FA for some of the nation’s biggest banks.
Chase: Chase automatically sets customers up with 2FA from the get-go. The first time you sign in to your account from a new device, you’ll be asked to verify your identity with a text code. Your phone number and email address will need to be current on your account, so if either is out of date, call the support number on the back of your card.
Wells Fargo: Open the tab labeled Your Security Center from the Wells Fargo app or website, or tap or click here to activate 2FA for your account. You’ll be asked to enter a phone number where you can receive your security code. Once you type in the code, 2FA will be active the next time you log in.
Bank of America: Choose Profile & Settings in the upper left-hand corner of BoA’s website and click Manage SafePass. From here, you can add any phone numbers you want your security code sent to. When you’re finished, you’ll be asked to verify your debit or credit card details to complete the setup.
Citibank: Citibank customers already have 2FA active by default. The first time you sign in to your account from a new device, you’ll be asked to verify your identity with a text code. Your phone number and email address will need to be current on your account, so call the number on the back of your card if either is out of date.
If you don’t see your bank listed here, you can usually find the option under the account settings or security settings for your bank’s website or app where you have the option to change your password.
In addition to 2FA, some banks offer encrypted security tokens. These small, handheld devices generate one-time passcodes you can use to log into your account. Because they’re physical devices owned by your bank and kept safe by you, there isn’t a way for a hacker to gain access without physically handling one. Ask your banker for more information.
3. Stick to secure devices
Some devices are much better for checking your accounts than others. If your PC gets a virus, for example, you might have a hacker watching you type in your password without even realizing it.
One smart step you can take is securing every device you bank on with a strong antivirus and antimalware solution. Kim’s pick is TotalAV. Tap or click for more info and a link to get 85% off your first year.
To protect your accounts, you can pick and choose a device that you only use for finances. For this, we recommend a lightweight Chromebook computer. These affordable laptops run ChromeOS, which means they aren’t vulnerable to the same kinds of malware as a full-fledged Windows PC.
This ASUS Chromebook retails for less than $200 and is secure enough to check your most sensitive bank accounts. It can also browse the web, play videos on YouTube and stream music from your favorite services like Spotify.
If you’d rather not spend money on a new Chromebook, you can protect your account using biometric security settings like your fingerprint or face. If your phone has a face scanner (like Apple’s FaceID) or a fingerprint reader, you can use these to verify your logins. Check the Settings area of your bank’s app to see if biometric authentication is offered.
4. A little dishonesty won’t hurt
Most banks will have you set up security questions when you create your account. These questions are used to verify your identity in the event you get logged out or make a major change to your settings.
But what if a hacker or stalker knows more about your life than you expect? If you post details about your life on social media, it can be easy to crack security questions without ever breaking into your account. Tap or click here to see if you’re oversharing on social media.
That’s why it’s important to remember that you don’t have to answer every security question accurately. In fact, it’s better for your security to give fake answers and write them down rather than connect the answers to your real life.
The next time you have to set up an account and answer security questions, pick answers that are easy enough to remember but aren’t necessarily true. Then, take a piece of paper or a cheap journal and write down your answers. You’ll be glad you did.
5. Freeze your credit – It’s FREE!
All of us will eventually fall victim to a data breach at some point. But just because your data is compromised doesn’t mean you’re in danger just yet. If you take proactive steps like freezing your credit, you can prevent the problem from getting much worse.
Here’s why: If your credit is frozen, hackers won’t be able to open any new accounts in your name. It’s one of the most effective ways to curb identity theft, and all it takes to set up a credit freeze is a quick phone call to one of the three national credit bureaus.
Best of all, it’s free to request a freeze as of 2018. It’s security that you don’t even have to pay for!
6. Set up alerts and stay in the know
Every week, Kim gets a message from her bank that shows her account balances. If anything seems unusual, she can immediately contact her bank to find out what happened.
If you’re not checking your account regularly, you could end up missing something major like a hack or password breach. Activating notifications through your bank’s website or official app is an easy way to stay in the know.
You can also set up alerts if you hit a low balance or if your bank detects fraudulent activity on your account. You can receive these in the form of text messages, app notifications or emails — or even a combination of the three.
Here’s how to set up alerts for some of the biggest national banks. If your bank isn’t on this list, download its official app and look for Alerts on the main menu. You can also search your bank’s website for instructions or chat with a bank representative to get help. You can easily reach one by calling the number on the back of your card.
- Sign in to Chase from your browser.
- Choose Profile & settings > Alerts > Choose alerts in the left-hand menu under the Alerts section.
- Follow the instructions to set up alerts and choose your preferred delivery.
- Sign in to the Wells Fargo website, and choose the account you want to add or edit alerts to.
- Choose the alerts you want to receive and customize them. Save your edits.
- To get text alerts, add your mobile number to receive text messages. You can do this by signing into your account and adding your phone number to your profile.
- Check the box labeled Allow Mobile Texts and accept the Consent to Receive Text Messages.
- Reply YES ENROLL to the text message you receive.
Bank of America
- Download the Bank of American mobile app. Then, use this link to pick your device. BoA will send a download link to your smartphone or tablet.
- You can also sign in to your account from a browser to set up online banking alerts.
- To set up email or text alerts for your Citibank savings or checking accounts, use this link to sign in.
Your bank account is precious. If you take the time to protect it, you can trust that your money is safe.
But having a secure bank account is only the first step to hacker-proofing your money. If you love shopping online, try out these secure payment methods to prevent your transactions from being scanned or hijacked. Tap or click here to see the safest ways to pay online.
By clicking our links, you’re supporting our research. As an Amazon Associate, we earn a small commission from qualifying purchases. Recommendations are not part of any business incentives.