Beefing Up Security

David Powell

MANY OF US HAVE little more than a weak, reused password standing between our financial assets and a remote attacker—one armed with powerful tools and a database of passwords from security breaches. This is a losing battle. It’s the most likely way for weak computer security to put our finances at risk.

Think this can’t happen to you? I’ll bet you have at least one password taken in a big security breach. A quick way to find out is entering your email address at Troy Hunt’s HaveIBeenPwned site. My address turns up in almost a dozen big cyberattacks.

We are notoriously bad at creating strong passwords and remembering them. When you decide to create stronger, unique passwords for each site, you quickly discover that managing dozens of randomly generated, site-specific passwords by hand is a headache.

Don’t fret. Password managers like LastPass, Dashlane and 1Password make short work of it. A password manager puts all your passwords in an encrypted vault, leaving you with just one password to remember. You want to make this password really strong and unforgettable. The password manager then fills in the right password for mobile apps and websites whenever you use them.

What can you expect from a good manager?

  • Up-to-date access to your password vault on all devices, regardless of the device’s operating system.
  • Updates to your vault as you create new accounts or update existing passwords.
  • A random password generator that creates really strong, unique passwords. Those passwords will meet each site’s requirements for length and allowed characters.
  • A security challenge which guides you through the work of replacing existing poor passwords—those which are known to be compromised, weak or easily guessed, or which you’ve used more than once.
  • Emergency access to your vault by someone you choose, as well as password sharing with, say, family members for your Amazon Prime or Netflix account.
  • Two-factor authentication for extra vault security.

Some of these are only available in paid versions of the service.

Despite knowing better, I procrastinated in evaluating password managers. That changed the day I tried to picture life for my spouse after I leave this vale of tears. I visualized the chores I handle: Banking, bill paying and investment management all involve online accounts. That brought my password problem into focus. A list of passwords in a binder, next to our wills, isn’t secure and it’s a pain to keep up.

After experimenting with a free trial, I bought a family subscription. Moving my password vault from low-ranked to the top 1% took a couple of weekends. Each weekend, I’d spend an hour or two changing passwords, guided by the security challenge and with help from the password generator. Do this on your home PC or Mac, not an office computer.

I started with high-value accounts: email, cellular carrier, and then banks and brokerages. Why email? Most web sites let you reset a password by emailing a link to the address on file. If hackers have access to your inbox, they’ll use it to access every online account. The cellular account is also important if you’ve enabled two-factor authentication that triggers text messages with secure codes.

What if someone hacks into your password manager’s vault? If you pick a great vault password, the odds of this are low. But when you have all your eggs in one basket, you want to ensure that basket stays safe. That’s what led me to the YubiKey 5 series hardware keys.

When you use a YubiKey with a password manager, the manager encrypts your vault twice, once with your vault password and again with a secret it gets from the YubiKey. For convenience, I’m using two models of YubiKey. I use YubiKey 5 Nano with my PC and Mac. Meanwhile, YubiKey 5 NFC stays on my keyring for use with my phone. The latter should work with an iPhone 7 or newer, as well as an Android phone with NFC (near field communication).

David Powell has written software or led engineering teams for 35 years. He enjoys work, vegan fine dining, cycling and travel with his spouse. His previous article was Playing Defense.

Want to receive our twice-weekly newsletter? Sign up now.

Browse Articles

Notify of
Oldest Most Voted
Inline Feedbacks
View all comments

Free Newsletter