As an application security engineer here at Simple, I spend quite a bit of my time thinking about all the different ways “fraudsters” could try to compromise our customers’ accounts. By understanding the different ways an account can be attacked, I am able to determine what strategies should be used to protect it. In this post, I’d like to help you think the same way so you can understand how to protect your online banking.
My favorite metaphor for thinking about how to protect yourself while banking online comes from the show Adam Ruins Everything. If you have a shed, you probably want a lock on the door, but you’re not likely to spring for a really expensive one, since the stuff in your shed isn’t all that important to you (unless you’re just really into rakes). But when you put a lock on your house, you’re going to want the biggest, baddest deadbolt you can find, and maybe also a security system!
It’s all about priorities: spend the most effort protecting things that have the highest value to you, because the consequences of someone getting into your house (or your bank account!) are a lot more dire than someone sneaking into your shed (or the Instagram account you made for your goldfish).
Before we get going, I want to point out that while educating yourself about how to protect your online account is smart, it’s easy to get anxious when reading about all kinds of ways you could get hacked. So a good mantra is “protect, don’t panic!” Even making small changes can make a huge difference in your online security.
Okay, let’s dive in. I’ve pulled together the most important areas to focus on to keep your bank account safe (and all your other important accounts too, for that matter).
Secure your password!
Your password is your primary “deadbolt,” and a crucial factor in how you protect yourself when banking online. Creating a strong password is important not just for your online bank account, but for every account you have online. Often financial information can be obtained through e-commerce websites (e.g., Amazon), payment apps (e.g., Paypal), or email, so it’s important to secure these accounts too.
Use a password manager
I thought about writing up a long explanation about how to pick a strong password and how to protect it, but I realized that all you really need to know is how to use a password manager. A password manager is an application that is designed to generate, store, and autofill your passwords. This removes all the headache of trying to pick out and remember strong passwords, and it really is the most effective way to keep your accounts safe.
The National Cyber Security Centre has some helpful information about how to use a password manager, but in general it’s quite simple. Instead of writing down your passwords on a post-it, in a note on your phone, or in a spreadsheet on your computer, you put them all into the password manager—which is protected by a single super-strong password. Now you just have one password to remember, and all your login info is locked up tight. Your password manager can even generate super-strong passwords for you! There are a variety of quality password managers to choose from; both Lastpass and 1Password have worked well for me.
A few tips to keep in mind when using a password manager:
- Make sure the password you choose for the password manager is very strong. If in doubt about what a strong password looks like, follow the Cybersecurity and Infrastructure Security Agency guidelines
- As you add the information for your accounts into the password manager, make sure to change the passwords for accounts that use the same password or a weak password
- If you don’t have time to change all your passwords right away, try to prioritize accounts that store your most sensitive information first (e.g., bank account, email, and any accounts with stored card information)
- Make sure to use the password generator feature when creating new passwords
- Most password managers also offer a feature that lets you securely share the credentials for an account without revealing the password. That way, if you want to share your Netflix account with someone, you can still do so securely
Keep passwords to yourself
Treat your passwords like your toothbrush: something you just don’t share, even with friends and family. Even if you trust someone completely, there’s always a chance they could accidentally expose your information to a scammer. And of course, never tell a stranger your password. It sounds like common sense, but it’s easy to be fooled if someone calls impersonating your bank or cell phone carrier and asks for your login info to help you with a problem on your account. Remember, no legitimate company will ever ask you to tell them your password.
Change passwords only when necessary
You might have heard that you should change your passwords regularly, but these days, security experts recommend the opposite. If you suspect your password may have been compromised, absolutely change it right away. But otherwise, just make it strong and keep it secret.
Check your password security
There are reliable websites that can tell you how strong your passwords are—and clue you in if they’ve been compromised. Here are two of my favorite trustworthy sites:
- Kaspersky.com tells you how strong your password is, plus shows how long it would take a scammer to brute-force crack it
- Haveibeenpwnd.com shows if your email address and password have been part of any data breaches
Use 2-factor authentication
If your password is like a strong deadbolt, 2-factor authentication (2FA) is like adding an extra padlock. The idea is that you have to provide two kinds of proof when logging into an account. Anytime a site offers 2FA, turn it on! Some really secure sites, like Simple’s, use it automatically.
The two factors required for 2FA could be any of the following kinds of information:
- What you know: That’s your password! This is usually the first of the two kinds of proof you’ll need to log in
- What you have: For instance, if you have your phone, you can get a text containing a code to enter on the website (this is what we do at Simple)
- Who you are: This might be a fingerprint or a retina scan
- Where you are: This is data such as GPS coordinates or the office you’re in
2FA not only helps keep your account safe, but can also alert you to when someone is trying to hack in. This actually happened to me a few years ago when I was sitting on the couch and started getting texts with a 2FA code for my Uber account. At first I was confused, but quickly realized that this indicated someone had discovered my password for the account and was trying to get in. Right away I logged into the app and changed my password to something much stronger, and since then I haven’t had any issues with it. So take a lesson from my life: use 2FA whenever you can, and if you get an alert when you weren’t trying to sign in, it’s time for a password change ASAP (here’s how to do it in your Simple Account).
Access your Simple Account safely
The convenience of banking from anywhere doesn’t have to come at the cost of security. Just be smart about how you’re logging into your account to protect yourself banking online—and that goes for your other online accounts too!
Avoid logging in using a public or unsecured network
As tempting as free wi-fi can be, when you’re out and about, try to use your cellular data plan instead. Simple has controls in place to make logging in on public wi-fi secure, but not all companies are as thorough—so use caution. Make sure your home wi-fi network is secured with a strong password. And if you really have to log in on a public device, triple-check that you have logged out when you’re finished.
Stick to your Simple app
On your phone, access your Simple Account only through our official app. Other financial apps have dubious levels of security and shouldn’t be trusted. Some may just have lower standards of security, but some are scams that use your data for fraudulent purposes.
This is what the official Simple app looks like in the app stores for iOS and Android:
Check that you’re on the right (secure) site
When you log in to an account from your computer, ensure the correct URL is displayed in the address bar. For your Simple account, it’s https://signin.simple.com/. Don’t forget that it’s https at the beginning, not http. Anything different is an imposter!
It’s also important to look for the little lock icon next to the address. This indicates that the certificate for the website has been validated, so the site is being run by us.
Install anti-virus software
Malware that sneaks onto your computer can do all kinds of damage, including stealing your login info. Make sure you use good anti-virus software. There are dozens of high quality anti-virus software providers, all with different pros and cons. This article can help you get started choosing the one that is right for you.
If you suspect you have malware on your computer, don’t log into your account, and don’t even change your password until you’ve gotten rid of the virus! If the malware has installed a keylogger—something that tracks every key you press—you will be spelling out your new password for a scammer.
Monitor your transactions
Personally, one of my favorite things about my Simple Account is the transaction notifications. Every time I spend money, I get an alert—and if I didn’t just swipe my card someplace, that alert tells me to pause and check that the transaction is legit.
For instance, I get an alert when my Netflix subscription goes through. That’s handy for budgeting and keeping track of where my money is going, and it’s also useful if I happen to cancel Netflix and get charged again—I know that either Netflix messed up and I need to call them, or someone has gotten ahold of my financial info and I need to take action.
Another reason transaction notifications are so helpful is that they give you a chance to stop and think if you don’t recognize a transaction. It’s easier to identify legitimate transactions that just look a little odd if you do it right away. For instance, if you get gas and pick up some snacks while you’re at it, you might see two separate transactions—one for your gas purchase at the pump and one for your convenience store purchase—and sometimes they have different merchant names. If you see those come through in real time, it’s easy to realize what they’re for and save yourself the stress of trying to figure out what’s what later.
Even if you don’t turn on real-time transaction notifications, you should look at your account activity regularly as a smart practice for how to protect your online banking. Keep in mind that sometimes the name of a merchant listed in a transaction can look a little weird, depending on how their payment processing system is set up. For instance, you might shop at a store that’s owned by a larger company, and the name of the parent company is what shows up in the transaction. Or sometimes company names have some numbers at the beginning or end. In your Simple Account, we try to adjust those names to make things more clear—like changing “AMZN Mktp US*UF96Y0723” to “Amazon.com”—whenever possible.
How to keep your bank account safe right now
You just read a lot about keeping scammers out of your account, so the first step is to take a deep breath! Freaking out about fraud won’t help you, but following smart precautions will keep you safer and less stressed.
All the info above can seem a bit overwhelming, so I want to reassure you that you don’t have to do everything at once. Just start by taking a few steps to improve your security habits, then work on adding in more over time. The three things I recommend you start with now are:
- Use a password manager and prioritize adding the accounts that have your financial and sensitive personal info: your Simple Account, your email, any credit cards, and any online stores that have your payment info stored
- Turn on 2FA for your high-priority accounts if it’s an option
- Install anti-virus software on your computer if you don’t have it
Finally, know that we’re here to help! We’ll email you if there’s any security-related info you need to know (so don’t send those emails to the spam folder; they’re important!), and those emails will always come from firstname.lastname@example.org—any other address means it’s a phishing attempt. Remember that we’ll never ask you to share personal information or your password in an email!
And here’s what to do if you think your account info is in danger:
- If you lose your card or it’s stolen, block it immediately
- If you don’t recognize a transaction, open a dispute
- If you’ve given your login info to someone or think you entered your information on an impostor website, change your password
- And of course, if you think someone is still able to access your account, send us a support message so we can help!
As someone who definitely did not follow many security practices before it was literally part of my job, I can tell you that learning how to protect your online banking accounts—and making it a habit—is achievable. Just remember to prioritize those strong locks on your most sensitive accounts, pay attention to your transaction activity, and please keep your password, and your toothbrush, out of other people’s mouths!
Great! We're happy to hear that!
Do you have any feedback to pass along?
We've saved your response. Thank you for your feedback.
Please let us know how we can do better next time.
Thank you! We appreciate the feedback!
Disclaimer: Hey! Welcome to our disclaimer. Here’s what you need to know to safely consume this blog post: We do our best to make sure information is accurate as of the date of publication, but things do change quickly sometimes. Any outbound links in this post will take you away from Simple.com, to external sites in the wilds of the internet; neither Simple nor our partner bank, BBVA USA, endorse any linked-to websites; and we didn’t pay/barter with/bribe anyone to appear in this post. Individual situations will differ; consult your favorite finance, tax or legal professional for specific advice. And as much as we wish we could control the cost of things, any prices in this article are just estimates. Actual prices are up to retailers, manufacturers, and other people who’ve been granted magical powers over digits and dollar signs.