Tracey A. Baker, CFP®
Tracey A. Baker, CFP®President, Financial Adviser, Principal

If you have a few extra minutes, take a moment and look through the apps on your cell phone.  You, like me, may be surprised at the number you have and may not recall what many of them are related to.  Many vendors and events have developed proprietary apps that you are driven to download in order to track a schedule, follow a map, get information or receive a discount.  Upon getting the app, you enter your basic information, establish your login, password and you’re all set!

Unfortunately, most of us forget to delete these old apps or accounts and many of them contain personal information including personal data and sometimes credit card information.  Called “Zombie” accounts, consumers forget they are even potentially exposed.  This is a bigger problem than most people recognize.

According to Keeper Security, a cybersecurity and password management provider,

“70% of consumers have over 10 password-protected online accounts, and 30% have too many to count.”

Keeper suggests the source of most consumer’s zombie accounts are from:

  • Free trials
  • Stores that you no longer shop
  • “One Time” accounts you set up to buy something
  • Gaming platforms
  • Apps that were used a few times and abandoned

If you, like most people, tend to reuse the same passwords across these apps you are even more vulnerable should they be compromised, first because you won’t likely even recognize that you could be impacted when hearing of it in the news and second, hackers can use a password through an old zombie account to break into an active account.

Here is what Keeper suggests you do:

  1. Track down old accounts: not everyone keeps a perfect record of old accounts. That said, if you use the Google Chrome browser (like many do), it will show all the accounts and passwords you’ve used under Chrome -> Settings -> Passwords. Other browsers such as Firefox and Safari have similar settings. Password managers also track your accounts.
  1. Close unused accounts: this is often easier said than done. As Wirecutter points out, closing an account can sometimes be frustrating as the website owner may make it difficult to close. If nothing else, remove all of your data from your “profile” on their site and then change your password.
  1. Don’t reuse passwords: this is repeated ad nauseam by all cybersecurity experts. Using a strong and unique password for each and every site, reduces the overall risk dramatically.
  1. Update passwords: big data breaches happen all of the time, so update your passwords on a regular basis. Sites like Have I Been Pwned: Check if your email has been compromised in a data breach show which of your accounts have been exposed in data breaches.
  1. Try a password manager: if you can’t, or don’t want to, keep track of a list of complex and unique passwords. Password managers such as 1Password, LastPass, Keeper, Apple’s new passwords app, etc. are the most effective solution. Password managers generate and autofill passwords for users when they create new accounts.

 

  1. Use Multi-factor authentication for accounts: if you change your password or login from a new device, you will get notified and asked to enter a pin number. This is added security.

At CJM we take security very seriously and we use all of the systems that are recommended above (password manager, multi factor authentication, systematic password updates).  As October approaches, let’s limit any zombies to those asking for treats on Halloween!

Source: Your Password Isn’t Safe: The Danger Of An Inactive ‘Zombie’ Account (forbes.com)