Norton LifeLock, a Tempe, Arizona, supplier of cybersecurity software and related services, makes the case in a compelling way.

"Imagine. You're out with friends enjoying a meal when the server comes back with a sorry look. Your card has been declined. Though you just got paid and know you have plenty of money to cover the food, the card still doesn't work on the second and third tries, and your friends have to pick up the bill. When you check your bank statement, your fears are confirmed. Your balance is negative. You've been hacked."

Robin Cole

Cybercriminals are hungry for passwords.

Michele Sloan, owner of St. Louis's 1st Choice Real Estate School, taught a three-hour continuing education class, "Scams, Fraud and Identity Theft," on April 4 in Jackson, sponsored by Southeast Missouri Realtors.

Whitney Quick

"Missouri ranks seventh in the nation when it comes to identity theft vulnerability," Sloan said, telling gathered Realtors about ways to protect themselves from aggressive tactics used by people engaged full-time in the business of "data mining."

"There are people who spend their entire days, all day, every day, trying to get your personal information in order to commit identity theft," said Whitney Quick, Cape Girardeau-based regional director of Better Business Bureau of Eastern and Southwest Missouri and Southern Illinois. "Make sure you make it as hard as possible for someone to obtain your information."

Local experts say there are two common-sense ways for consumers to protect themselves from being victims.

Two-factor authentication (2FA)

Norton LifeLock describes the security issue this way:

"You'll find plenty of websites where all you need is your username or email and your password. These sites use one-factor authentication, where the password is the only thing necessary for entry. As the name suggests, 2FA requires an extra step, a second factor, to log onto a site or access an online account."

Robin Cole, president and CEO of the Rite Group in Jackson, describes how 2FA works.

"A hacker steals your ID and password and uses the information to enter your bank account. If your bank has a requirement for a second factor to authenticate you as a user, they may send your cellphone a text message, requiring you — in addition to the password — to enter the number the bank sent, usually a six-character number. You enter that number in order to go ahead and log in. That's what two-factor authentication is," said Cole, who estimates he has made 50 local presentations on cybersecurity in addition to advising his clients on evading cybercriminals.

"(2FA is) very effective. Nothing is 100%, though. There are ways to defeat two-factor authentication but it is the most commonly used method for elevating the security of log-in credentials," he added.

Stronger passwords

Norton LifeLock suggests three things about passwords consumers most commonly use.

• They are historically weak.

"People are annoyed by the prospect of creating difficult passwords. Also, hacking has become quite advanced."

• Most people use the same password for everything.

"Seventy-eight percent of Generation Z (ages 13 to 27) uses an identical password or pass phrase across multiple accounts, increasing overall vulnerability if a criminal happens to figure out their login credentials," a Harris Poll reported.

• The most popular password is astonishingly simple.

"No less than 23 million accounts still use the password '123456.'"

Quick said if she had to give a single piece of advice to consumers to self-protect themselves it would be to establish multiple passwords.

"Do this immediately; make sure your passwords are all different," she said. "If you only have one and you use it for multiple accounts, you've left yourself open for everything to be hacked."

The National Institute of Standards and Technology, in a 79-page guide released in 2021, gave a series of password recommendations, including the following.

• Password length is more important than password complexity.
• Screen new passwords against lists of commonly used and compromised passwords.
• Enable "show password" while typing.
• Limit the number of failed password attempts before account lockout.
• Implement two-factor authentication (2FA).

Norton LifeLock said not all sites use 2FA but for those which do, consumers can find the toggle to turn 2FA on in the settings function, sometimes under the "Security" tab.

Websites offering 2FA include Amazon, Facebook, Instagram, Dropbox, LinkedIn, Intuit, TurboTax, PayPal and Yahoo.

Cole concedes people have busy lives and notes the understandable resistance to coming up with many passwords.

"When we ask people to use strong passwords, each with a minimum of 14 characters with a mixture of upper- and lower-case letters plus numbers and symbols, they're so complex that they can be hard to remember," he said.

Sloan, Quick and Cole agree the solution to potential consumer confusion is the use of a cloud-based password "manager."

Although she doesn't recommend it, Quick said a consumer may choose a low-tech route to managing multiple passwords, which is to list them all on a single piece of paper placed in a secret place in the home or office.

"If you write them down and hide them and you hire a new housekeeper, you might have some anxiety. Your children may have friends over, giving you a similar worry. You may have people you don't know in your home or office doing work from time to time — and you'll want your personal information as secure as possible," she said.

Cole said password managers may be purchased via an online app but notes others are open source and free.

Sloan offered Realtors a list of purchasable apps along with her evaluation with most of them.

• Lastpass: oldest password manager in existence with both pay and free options.
• Keeper: easiest to use, $27.99/year on unlimited devices, although it will give the user multiple popups with upgrade options.
• Dashlane: most secure app, $1.99/month to manage two devices; $3.33/month for unlimited devices.
• 1Password: great customer service, $36.00/yr.
• Bitwarden: inexpensive at $10/year but customers complain that "autofill" information is disabled on IOS and Android devices.

Last word

Quick noted the ingenuity and aggressiveness of cybercriminal tactics are astonishing.

"A couple of years ago, we had the FBI here and we came away saying to ourselves, 'I didn't think of that,'" she said.

Do you want more business news? Check out B Magazine, and the B Magazine email newsletter. Go to www.semissourian.com/newsletters to find out more.