FOLKS FORGET passwords every day, an inconvenience that can usually be quickly fixed—but not always.
In January, The New York Times wrote about a German programmer living in San Francisco. A decade ago, he had been paid 7,002 bitcoins for making a video explaining how cryptocurrencies work. He stored them in a digital wallet on a hard drive and wrote the password on a piece of paper, which he has since lost. After 10 failed attempts, the password will encrypt itself, making the wallet impossible to access. Eight attempts have failed so far. With bitcoin trading at some $57,000 each, his lost password could cost him $400 million.
We live in an increasingly digital world driven by electronic account access and necessitating a ballooning number of passwords. How should we manage our online life? We know about the danger of using weak passwords, or memorizing one random password and using it for everything, or not changing passwords often enough. Each of these approaches puts us at risk, financially and otherwise.
Enter the password manager. My wife used one at work. After learning one of our teenagers was using passwords that would make a cybersecurity expert shudder, she insisted the family adopt one, too. She chose LastPass, but there are also other good options. I went along half-heartedly, if only to set a good example for our kids.
But for a while, I also continued to store the same usernames and passwords in a password-protected Microsoft Word document. Twelve months later, it struck me: Using the password manager was far easier and more efficient.
How so? Password managers make it easy to generate a random password for each account. Utilizing this feature can prevent password-reuse attacks, where attackers steal user emails and passwords, and then use them to break into other accounts that use the same username and password. Password managers also track websites with which you have accounts, making it easy to identify and close unused accounts, thus reducing your online exposure.
When you sign up for a password manager, you’ll need to create a master password. Your master password encrypts the contents of your password vault, so you should use something complex. No, 12345678 need not apply. You can also set up two-factor authorization via text or email or, alternatively, by authenticating your fingerprints with your phone. Password managers aren’t immune to security bugs, but they represent a huge improvement.
A password manager effectively exchanges many passwords for one master password, which underscores the importance of that master password. It’s the key to your digital life. What if you lose or forget it? Each password manager will have its unique recovery process. But the best approach is to find a way to keep your master password secure and yet easily accessible to you.
A friend utilizes a password manager for his accounts, but he was uncomfortable documenting his master password in the file containing his estate planning documents. His solution: He noted half of his master password in the file and gave the other half to a trusted family member. When he dies, the law firm and the family member will come together, providing the executor with the master password needed to access his financial accounts.
Phil Kernen, CFA, is a portfolio manager and partner with Mitchell Capital, a financial planning and investment management firm in Leawood, Kansas. When he’s not working, Phil enjoys spending time with his family and friends, reading, hiking and riding his bike. You can connect with Phil via LinkedIn. His previous articles were We’re All Active and What? Spend It?