Cybersecurity – How Hackable is Your Password?

If you’re like most people, you have a certain set of characters, passphrases, or memorable information that you use to cobble together a password (and most of the time this is the same password you “use for everything”). Your dog’s name, your wife’s birthday, your oldest child’s middle name, or some combination therein. This has worked for you for years, there’s no reason to change it, right?


According to a 2017 Identity Fraud Study conducted by Javelin Strategy & Research<, more than 15.4 million U.S. Consumers have had their identity and personal information stolen, including social security numbers and bank accounts, as well as credit cards being opened in their names causing well over $16 billion in stolen assets.

Criminals have shifted their focus from counterfeiting and directly manufacturing bank cards and credit cards to compromising online bank accounts. The first line of defense is, unfortunately, the weakest – the password.  Even with a universal shift to chip-based cards and POS terminals being implemented at most retailers across the country, criminals are finding it easier to create new accounts in a victim’s name and divert the physical card to an address of their choosing (and/or use the card number online to create thousands in fraudulent debt).

So what do I do? How do I protect myself?

  • Create a strong password and never distribute it to anyone
    • The most secure password is the one only you know.
  • A strong password is a complex one
    • Make the password at least 8-12 characters long, use a mix of special characters, uppercase/lowercase, and numbers wherever possible.
    • Examples: [email protected]!onGpa$$w0rd10, ls71p20i#@jjal2210
    • Note that most password utilities hackers will employ dictionary-based attacks, meaning they will attempt to guess passwords based on words utilized in the dictionary.
  • Don’t use just one password
    • Websites are compromised all the time, and even one data breach can cause your password and sensitive information to be exposed. If that information is the same for all of your online accounts, you’ve got a much bigger problem to deal with.
  • Don’t write down your password in plain sight
    • Better yet, don’t write it down at all if you can avoid it.
  • Consider using a password management tool
    • Web services and applications like Lastpass, KeePass, and other credential managers can provide you a password repository to keep your hard-to-remember information at your fingertips while remaining safe and secure. Generally, you only have to remember one master password to the repository (don’t lose that!)
  • Consider multi-factor authentication
    • Most services these days utilize some form of notification process and authorization methodology to confirm your identity. This can be in the form of a text message to a cell phone, verification e-mail, or a PIN number in addition to a password. While these can be annoyances, it can really add value as an extra security measure.
  • Don’t bite on the phishing bait
    • Be extremely careful when clicking on links, even if they appear to be valid and from legitimate sites. There are rarely if ever any instances where a company will demand that you login unsolicited. Be smart, hover over a link and see where it goes instead of clicking on it blindly.
    • Example: com (but when you hover over the link with your mouse it says
  • Lockdown your devices
    • Your information is only as safe as the least secure device you use. Make sure you are using the most up-to-date security patches and updates, and check to make sure there are no known vulnerabilities a hacker can use to compromise your equipment.

Unfortunately, there’s no magic bullet when it comes to cyber security, and it requires a fair amount of diligence, active knowledge, and sometimes just plain common sense. Consider a multi-ringed security approach (like a castle with a moat and a drawbridge) to overcome many of today’s technology concerns. Contact Heffler claims for all settlement administration needs.

Gregory Skoufalos
Gregory T. Skoufalos (Greg) is the Chief Information Officer and leader of our Technology Services Group for Heffler Claims Group. With over 15 years of experience, Greg provides leadership for the continued development of an innovative, responsive and secure information technology environment throughout the organization. He recently restructured the application development team and brought about the creation of a new class action securities litigation application.

Back to Blog


Subscribe to our blog

[eBook]: Tools for Navigating the Class Action Settlement Process

Find Out More

[On-Demand Webinar] Navigating the Settlement Administration Process from Start to Finish

Find Out More

New to Class Action Litigation? Start With Our Free Resources

Find Out More