Top 5 ways to pick a secure password

Oh, passwords. Someday the FIDO alliance or somebody will save us from them. Until that heady day, we still need them and we need to choose ones that are really hard to guess. Even if you have two-factor authentication turned on—which you should—secure passwords are still a good idea. Fire up your Horse Battery Staple, here are five things to know to pick a good password.

Never reuse one. Ever. Data breaches are very common. When your password is breached at a service, that service will usually make you change it. But the service where you re-used it doesn't know that, so you just made that password very insecure.

  1. Choose a long and strong passphrase. Yes, it is possible to remember your password and make it secure. Don't choose dictionary words. Security researcher Bruce Schneier suggests taking a sentence like: "When I was seven, my sister threw my stuffed rabbit in the toilet." And using the first letters numbers and punctuation to make "WIw7,mstmsritt."

  2. Let a password manager do it for you. Yes, password managers are a single-point of failure, so be honest with yourself. Are your passwords more secure if you let a manager that is 2FA-protected pick really good ones for you? Or do you want to manage all that yourself? And is the way you manage it, more secure than a password manager? Be honest—nobody else needs to know.

  3. Don't update it regularly unless you're forced to. It used to be that it took 90 days to crack a password, so if you changed it every 90 days, you could stay ahead. Now it takes seconds, unless you've picked a strong one.

  4. Skip the secret question. If that's not an option, answer it like you're making a second password. There's no point in having a really secure password only to have it backed up by a dictionary word in your secret question that's easily guessable.

The fact of the matter is that you should really turn on two-factor authentication and hope that better methods will make the password obsolete. But, until then, I hope these tips help, friend.

Weekly Security Tip

This week's topic: Tech Support Scams

Our computers and devices store much of our sensitive work and personal information. When a “virus alert” appears, it’s human nature to want to resolve the issue quickly before we lose our precious data. Scammers are using their tricks in convincing ways to steal our PII and sensitive data.

In this week’s security tip video, learn about how these tech support scams work and some tips that you can master to keep your information safe.

Watch this week's Security Tip by

Advisor Armor


Quick Tips

  • Scammers can often spoof official looking phone numbers so don’t always trust your Caller ID.

  • If you are a victim, change any passwords to bank accounts or other sensitive websites.

Weekly Security Tip

This week's topic: Apple iTunes Gift Card Scam

New scams have emerged targeting Apple users. By claiming to be members of Apple Support, scammers are tricking individuals out of their hard-earned money!

In this week’s security tip, learn more about this latest scam and how you can avoid becoming the next victim.

Watch this week's Security Tip by

Advisor Armor

or paste this URL into your browser –

Quick Tips

  • Be persistent with your device updates.

  • If you are targeted or fall victim to one of these scams, immediately report it to your local police department.

Monthly Newsletter

This month's topic:  Incident Response … It’s About Time

Reporting security incidents is a critical aspect of a security-focused culture. All workforce members play an integral part in this concept so it’s important to know what to report, when to report and why it should be reported.

In this month’s Security Newsletter, learn more about the importance of reporting security incidents and which types of incidents to report.

Read this month's Security Newsletter by

Advisor Armor

or paste this URL into your browser –

Quick Tips

  • If you see an unfamiliar person in the office, be sure to verify that they have authorized access to be there.

  • Incidents can happen in three domains: the cyber domain, the physical domain, and the people domain.

Weekly Security Tip

This week's topic: Threatening Voicemail Scams

Threatening voicemails are becoming a viral trend among cybercriminals. By preying on vulnerable targets, these threatening voicemails may sound convincing, but don’t fall for their tricks.

In this week’s security tip video, learn how these scams work and the steps you can take to avoid becoming the next victim.

Watch this week's Security Tip by

Advisor Armor

Quick Tips

  • If you receive a threatening voicemail, don’t call the number back and never give out any personal information.

  • Beware of fake emails with a similar threatening message.

Advisor Armor 4th Quarter Training

Q4 2018 Training kicks off Monday the 15th and runs for 60 days with reminders every 10 days. This session includes videos and interactive questions along with a quiz. The subject is mobile security.

As usual the invitations will come directly to learners in this format:

Invitations to training will always take the format below:


Note: This email is authentic and part of Advisor Armor's ongoing data security training.  Please do not disregard.

It’s time to start your interactive Security Awareness Training from Advisor Armor!

To begin your training, follow this link:

Note that NO username and password are required. The course you are taking is called “AA Q3 2018 Data Security Awareness Training” and includes 3 interactive training modules.

You have 41 days to complete your training and you will be reminded to complete it every few days. For the best possible experience, you should plan on taking your training at a computer with audio, but closed captions are also provided if audio is not an option.

Thank you!

Some additional reminders.

  • Reports are available should you want them emailed each week. Please send us a note to Results will also be published inside the account dashboard at the end of each quarter.

  • You can manage your Learner Roster inside your dashboard under Training.

  • Email Enticements are randomized and can also be reported weekly.

  • Our weekly news and tips is sent only to the account administrators but you are free to share as you so choose.

Thank you.

Weekly Security Tip

This week's topic: Malvertising

We may think of ourselves as experts when it comes to spotting a fake website or phishing email, but new tricks are being used to sneak viruses into ads even on trusted websites.

In this week’s security tip video, learn more about how malvertising works and how you can protect your systems.

Watch this week's Security Tip by

Advisor Armor

or paste this URL into your browser – Training Video

Quick Tips

  • Make sure your web browsers and plugins are up to date.

  • Set your web browsers to flag malicious content.

Update on Overview of Coverage including the new $25,000 reimbursement guarantee for fines and pend


Advisor Armor delivers comprehensive interpretation, guidance, and the tools and processes to meet and exceed federal and state cyber security requirements.  All processes are accessed through a proprietary online dashboard.


Risk Assessments

Annual Risk Assessments to identify risks and vulnerabilities as well as profile operating processes for deficiencies. 


Security Awareness Education and Training

Advisor Armor uses interactive computer-based training modules that allow people to learn and then practice the latest cyber security threats and defenses in hands-on simulations.  We develop the modules specifically to address current issues for financial professionals and their firms.  Sessions are provided quarterly with automated delivery, access, reminders and reporting.

Additional flash member news includes weekly security tips, monthly newsletters, and member security alerts.


Policies and Procedure Development, Maintenance and Testing

Advisor Armor establishes and maintains customized policies and procedures reflecting the operational handling of critical data and information.  These documents are consistent with NIST standards and update in accordance with those changes and the compliance calendar.  Testing on comprehension and device behavior is included to evidence practical application.


Email Enticement Phishing Testing

Advisor Armor incorporates recognition and awareness training on phishing and other email enticements.  This training is then tested randomly using fictitious efforts to elicit improper user behavior.  Fully evidencing and reporting is included.


Infrastructure Testing and Diagnostics

Advisor Armor coverage includes annual Penetration Testing, Vulnerability Scanning and device Endpoint Audits.  These diagnostics produce the evidence needed for actionable security improvements and  proof of the successful implementation of policies and procedures


Customized Dashboard Experience

Advisor Armor provides an online dashboard to evidence and maintain compliance and improve operating security.  Unlimited support is available by phone, email or chat bot.


Incident Response Management

Advisor Armor coverage includes the identification and actions needed in the event of a security incident.  Response plans are developed and included within Policies and Procedures.  Advisor Armor leads the response and recovery efforts that may include containment, investigation, determination, notifications and many other potentially related actions.  Records are also stored inside the client dashboard.


Regulatory Examination Review

Advisor Armor conducts annual cyber security examination audits to ensure the proper elements are updated and available on demand.


Compliance Certification and Assurance

Advisor Armor provides cyber security certification that is designed to audit and endorse the functional comprehensive plan, the application of such, and management support and endorsement.  Attestation efforts are included.


$25,000 Exam Guarantee

Upon certification Advisor Armor coverage includes up to $25,000 in reimbursement for fines and penalties associated with state or federal examinations.  Terms and conditions apply.


Cyber Liability Insurance

Advisor Armor coverage includes the assessment and potential provision of practical cyber insurance requirements.  Contact us to discuss.

New NASAA president Michael Pieciak puts cybersecurity at top of agenda

It's often the smallest investment advisory firms that are the most vulnerable to online threats, and that's why it's natural for rule-making to start at the state level, according to a top state regulator.

The North American Securities Administrators Association last week released for public comment a proposed cybersecurity rule. It would require advisers to adopt policies and procedures to safeguard information physically and online and to inform clients about their privacy policies annually.

The potential model rule is a top priority of new NASAA president Michael Pieciak. The Vermont commissioner of financial regulation was inaugurated for a one-year term on Sept. 25 at the organization's annual conference in Anchorage, Alaska.

State regulators are responsible for overseeing approximately 18,000 investment advisers with less than $100 million in assets under management. Many of them are one- and two-person operations, which can be juicy targets for online predators. But they also lack the cyber defense resources of major financial firms, Mr. Pieciak said.

"I'd like to see a model rule in place that does a good job of right-sizing the need to secure firms' important data," he said. "I don't see this as an issue where it's regulators versus industry. I see it as an issue where it's regulators and industry versus the cybercriminal."

The comment period lasts until Nov. 26. After digesting the feedback, NASAA could propose a model cyber rule for state legislatures to consider. There are cyber regulations in New York, but a model rule could expand the number of states with cyber oversight.

If NASAA proceeds, it could launch a cyber rule before the Securities and Exchange Commission and the Financial Regulatory Authority do. The SEC and Finra examine for cyber deficiencies.

"Maybe it makes sense that we're first," Mr. Pieciak said. Small advisers regulated by states "are some of the most vulnerable shops. The SEC and Finra have a different contingency they're trying to protect."

NASAA will host a cybersecurity roundtable in Washington on Oct. 15.

First millennial to lead NASAA

Mr. Pieciak, 35, is the first millennial president of NASAA, giving him a perspective that will influence both his leadership style and his regulatory agenda.

He said that his generation is often mislabeled. He has found his cohorts to be independent, detail-oriented and collaborative. That last trait will be helpful as the head of NASAA, a group in which the president is just "first among equals."

"That collaborative decision-making style is something I think is a hallmark of the millennial generation and something I hope to bring to this position," Mr. Pieciak said.

Millennial investors also pose a regulatory challenge given that they are often saddled with big student loans, put off buying homes and saving for retirement, and are attracted to online investments that may pose threats, such as cryptocurrencies.

"We see a lack of financial literacy and basic financial skills among the younger generation, particularly when it comes to thinking about some of the big life decisions like buying a home, which is usually someone's most important asset," Mr. Pieciak said. "We're going to have a specific millennial focus on our investor education and outreach initiative to educate and also protect millennial investors."

Other items on Mr. Pieciak's agenda include working on programs related to financial technology and cryptocurrency, leading a NASAA strategic planning process and fighting to preserve state regulatory authority.

Monthly Newsletter

This month's topic:  Identification & Authentication

The concept of a using a strong password has long been a critical step throughout our daily lives. However, as technology has continuously changed, passwords and the authentication process have struggled to keep up.

In this month’s Security Newsletter, learn more about the importance of passwords and some new tips on creating a stronger password.

Read this month's Security Newsletter by

Advisor Armor

or paste this URL into your browser –

Quick Tips

  • New guidelines suggest a passphrase is more secure than a complex password.

  • Screen your passwords against a list of commonly used or compromised passwords to make them harder to crack.