Online and Mobile Banking makes accessing and utilizing your funds a lot more convenient. These services bring UKRFCU right to your home or even your pocket! If you are one of the members that utilized these services, it is also very important that you take all necessary steps to ensure that you are the only person who can access your accounts through Online and Mobile Banking. To make things easier for you, we have compiled 10 tips that we urge our members to exercise to keep their UKRFCU accounts secure! The following tips are:
Tip 1: Use secure usernames
For your Online/Mobile Banking, you don’t want to go with something as simple as a combination of your first and last name. The information that is listed within your Online Banking is too valuable and you wouldn’t want someone to have access to your money. For example, let’s say your name is Taras Shevchenko, stay away from usernames like ‘tshevchenko’, ‘tarass’, ‘tarasshevchenko’, etc. Having a simple username as such does half of the work for the attacker. Now all they need is your password! Instead, think of your username as a second password. Make it unique enough for where only you know it!
Tip 2: Use secure passwords
Having a secure password is even much more important than having a secure username. To create a secure password, try following these rules:
- At least 10 characters, but more won’t hurt.
- If the system allows, use at least 1 upper chase, 1 lower case, 1 number, and at least 1 special character.
Don’t use easily identifiable personal information about yourself in the password. For example, if your Facebook description says you love Pizza, don’t make your password ‘Pizza123!’.
An even better idea would be to use all the rules above and instead of using a password – use a passphrase.
- Ex: “iL0v3Kreditiv@:)”
Tip 3: Update passwords regularly
A good rule of thumb is to change all your passwords every 90 days or 3 months. This ensures that if you use the same password elsewhere and it was compromised, the time that a cybercriminal has to try to get into your other accounts with similar credentials is relatively short. This brings us to the next point…
Tip 4: Never recycle passwords
Using the same password for more than one account is like having one key to unlock every door you use. If a cybercriminal steals or copies the key, every door is vulnerable. Don’t make it easy to get to your information should one of your accounts becomes compromised. Create a unique password for every account you use and never reuse passwords!
Tip 5: Two Factor Authentication (2FA)
Also known as Multi-Factor Authentication (MFA) or One Time Password (OTP). This became very popular in the last few years as more and more credentials started to become compromised. 2FA authenticates that you are who you truly are by sending you a one-time code to your cell phone via text message or email. A six digital numerical code format will be sent in which you will enter after entering your username and password.
Having 2FA is almost crucial to have nowadays, so as annoying you may think it is, always enables these! You will be very happy that you did when you get a confirmation code when you are not trying to sign in, but instead, someone else compromised your credentials.
Tip 6: Storing your secure credentials
Your credentials are as secure as how you store them & remembering all of these strong, unique, passwords is impossible! Sticky notes on your monitor – no way! Password protected with multiple-step authentication password management tool with military-grade encryption – yes, please! Here are some great password manager applications:
- LastPass
- Keeper
- 1Password
- Dashlane
Tip 7: Avoid falling for social engineering
Social engineering is the art of manipulating people so they give up confidential information. The types of social engineering you should more particularly be aware of in regards to Online and Mobile Banking are:
- Email Phishing – If you’re getting an email from ‘UKRFCU’ always make sure that it comes from a trusted domain (_@ukrfcu.com) – if something is off to you about this email – contact us immediately – (215) 725-4430.
- Domain Spoofing – only trust ukrfcu.com and ukrfcuonline.com when interacting with UKRFCU’s Online Banking! If the domain is anything else – STAY AWAY and report to webmaster@ukrfcu.com.
- Vishing – Be aware that phone calls can be spoofed! Make sure that it’s really us before you give any information to the person on the other side of the phone. For more information on spoofing – click here. For our statement on being spoofed – click here to learn more.
- SMShing – If you get a text message from “UKRFCU” ensure that it’s actually us. If the phone number doesn’t look familiar, or you just want to be sure – give us a call at (215) 725-4430.
Tip 8: Don’t use public wi-fi/devices for accessing Online Banking
Almost half of Americans, 45%, have used public Wi-Fi to access sensitive information, according to a survey by payment compliance provider PCI Pal. When accessing your Online or Mobile Banking, make sure you’re using a private Wi-Fi connection or your smartphone’s cellular network. Public Wi-Fi networks are notoriously insecure. If you absolutely need to use public Wi-Fi, use a Virtual Private Network, or VPN, that will encrypt your browsing history and activity. Additionally, avoid using public devices to access your UKRFCU accounts. In the urgent situation that you have to, access through a private browser window, and make sure that you log out immediately after you finished. It would also be a good idea to update your credentials soon after that.
Tip 9: Turn on alerts
Know what is happening within your UKRFCU accounts as they happen without having to Log in to Online or Mobile banking with security alerts. Both in-app alerts and text message alerts available for our members to be notified about any activity on their accounts. To learn more about alerts – click here.
Tip 10: Don’t stress!
Our team of Cyber Security professionals monitor for bad behavior around the clock. We’re here to answer any of your security questions or concerns! If at any time, you feel like your accounts have been compromised, contact us for further assistance – (215) 725-4430.