FOLKS FORGET passwords every day, an inconvenience that can usually be quickly fixed—but not always.
In January, The New York Times wrote about a German programmer living in San Francisco. A decade ago, he had been paid 7,002 bitcoins for making a video explaining how cryptocurrencies work. He stored them in a digital wallet on a hard drive and wrote the password on a piece of paper, which he has since lost. After 10 failed attempts, the password will encrypt itself, making the wallet impossible to access. Eight attempts have failed so far. With bitcoin trading at some $57,000 each, his lost password could cost him $400 million.
We live in an increasingly digital world driven by electronic account access and necessitating a ballooning number of passwords. How should we manage our online life? We know about the danger of using weak passwords, or memorizing one random password and using it for everything, or not changing passwords often enough. Each of these approaches puts us at risk, financially and otherwise.
Enter the password manager. My wife used one at work. After learning one of our teenagers was using passwords that would make a cybersecurity expert shudder, she insisted the family adopt one, too. She chose LastPass, but there are also other good options. I went along half-heartedly, if only to set a good example for our kids.
But for a while, I also continued to store the same usernames and passwords in a password-protected Microsoft Word document. Twelve months later, it struck me: Using the password manager was far easier and more efficient.
How so? Password managers make it easy to generate a random password for each account. Utilizing this feature can prevent password-reuse attacks, where attackers steal user emails and passwords, and then use them to break into other accounts that use the same username and password. Password managers also track websites with which you have accounts, making it easy to identify and close unused accounts, thus reducing your online exposure.
When you sign up for a password manager, you’ll need to create a master password. Your master password encrypts the contents of your password vault, so you should use something complex. No, 12345678 need not apply. You can also set up two-factor authorization via text or email or, alternatively, by authenticating your fingerprints with your phone. Password managers aren’t immune to security bugs, but they represent a huge improvement.
A password manager effectively exchanges many passwords for one master password, which underscores the importance of that master password. It’s the key to your digital life. What if you lose or forget it? Each password manager will have its unique recovery process. But the best approach is to find a way to keep your master password secure and yet easily accessible to you.
A friend utilizes a password manager for his accounts, but he was uncomfortable documenting his master password in the file containing his estate planning documents. His solution: He noted half of his master password in the file and gave the other half to a trusted family member. When he dies, the law firm and the family member will come together, providing the executor with the master password needed to access his financial accounts.
Phil Kernen, CFA, is a portfolio manager and partner with Mitchell Capital, a financial planning and investment management firm in Leawood, Kansas. When he’s not working, Phil enjoys spending time with his family and friends, reading, hiking and riding his bike. You can connect with Phil via LinkedIn. His previous articles were We’re All Active and What? Spend It?
Want to receive our weekly newsletter? Sign up now. How about our daily alert about the site's latest posts? Join the list.
Password manager made my life a lot easier.
Anyone have any experience with the password manager included with Norton 360? It comes included in the overall software but I am curious if it compares to the others, especially with the two step process.
I used Lastpass for many years but recently switched to Dashlane. It works well for me and has significantly better ratings than Lastpass or 1Password on the Mac App Store. I don’t think you can go wrong with any of these three password managers.
Yes the proliferation of passwords is overwhelming. Great for daily use and for estate planning.
Two-factor authentication is much more important than the passwords you use. A complex password is no better than a simple one if a database that has your password is compromised.
I’m in total agreement. I use a password manager and it has made my life so much easier. The one I use synchs between my desktop and phone, so everything is there!