Tim Mabee

We frequently receive questions from clients about how to best protect their identity online. Prior data breaches have taught us some important lessons about what to do if we know, or if we fear, our personal information has been compromised.

1. CHANGE YOUR PASSWORDS to all online accounts if your assessment of impact indicates vulnerability. Make sure the new passwords are substantially different than those used previously.

2. USE UNIQUE PASSWORDS for each account or site. Reusing passwords makes all accounts that use that same password vulnerable, even if they were not directly compromised.

3. KEEP PASSWORDS SIMPLE, LONG, AND MEMORABLE are new recommendations from the NIST (National Institute of Standards and Technology). Think entire phrases; longer = stronger.

Examples of long passwords using phrases: Ilovetogofishingin55723! OR Thekidsputrednailpolishon50%ofthecouch

4. UTILIZE MULTI-FACTOR AUTHENTICATION (‘MFA’) or Two-Factor Authentication (‘2FA’) whenever possible. MFA combines two or more independent credentials: what the user knows (password) and what the user has (security token/text message/app approval/fingerprint). If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target.

5. USE A PASSWORD MANAGER (e.g., LastPass, 1Password, KeePass) to maintain multiple account passwords, but make sure to keep that account extremely safe; use a strong unique password, secure it with MFA, and backup the data.

6. USE A TYPE OF LOGON AUDITING offered by many services. This allows you to see recent security events and login location history. Keep an eye on this for suspicious activity.

The safety of your personal information is a top priority for us. If you would like to discuss additional steps you can take to protect your financial accounts, please don’t hesitate to contact your team.

PLEASE NOTE LIMITATIONS: Please see Important Disclosure Information and the limitations of any ranking/recognitions, at A copy of our current written disclosure statement as set forth on Part 2A of Form ADV is available at