In our January, 2013 quarterly issue of The Woodward Advisor, we listed a number of possible financial planning related New Year’s resolutions, one of which was to change your online passwords, including your email, for better online security. How many of you actually did that?
I’m guessing the answer is not too many, mainly because the thought of changing and recording the seemingly hundreds of passwords we use is just too daunting. Even in the face of persistent expert recommendations to frequently change passwords – and to use complicated passwords that are difficult to crack – most folks find themselves using the same, easy to remember password that they had when they first signed up for an account.
To make things worse, because we have so many online accounts, more and more people are “storing” their passwords in pretty unsecure ways. Let’s assume you have too many passwords to remember them all…where do you keep them? Some folks have them written down right next to their computer…probably not the safest way. And while it might be convenient to have your computer memorize your password for a particular website, it’s not the best way to handle things. Not only do you have to make sure that you completely wipe out a hard drive before getting rid of your old computer, but you have to remember all of your passwords to reenter them into your new computer!
Some have their passwords entered on a spreadsheet, which itself might be password protected. That’s not bad, although it can get a little cumbersome to have to look up a password each time you visit a particular site. It also doesn’t do you much good if you’re visiting a site away from your primary computer, though cloud-based storage sites like Dropbox, Box.com and even Google Docs make this a little less challenging than a few years ago.
But there’s another challenge in having all of your passwords locked away – what if a family member really needed them? For example, what if you became incapacitated (or worse) and needed to have someone make sure your online bill pay went as scheduled, as happened recently to a client of ours…how could they access your accounts?
In theory, you could provide someone the password to your Master Password document. But that might involve not just the password to the document itself, but possibly another password to access your computer or cloud-based storage site. (Again, the sharing features of Dropbox or Google Docs make this somewhat less cumbersome.)
Luckily, there are affordable programs that deal with all of these issues (and more) with greater security than most of us can create. One of the leading programs in this space is LastPass, which is available as a free program (though for just $12/year, the premium version offers additional features). With LastPass, you enter your various logins and passwords for all of your sites into your Vault, which itself can only be accessed using your Master Password. If your website passwords are weak, LastPass will tell you. It can also suggest much stronger passwords, most of which you probably won’t be able to remember. But that’s ok, because you can simply log onto all of your sites using LastPass, since it remembers your passwords.
You can access your LastPass vault using their desktop icon, or you can install a plugin for your web browser that will bring up the LastPass sign-in screen whenever you wish to log into a site where you’ve saved your password. For added security, you can add something called 2-Factor Authentication to your plan, which basically amounts to a second login step involving entering a random six digit number that’s been sent to your smartphone.
You can also use the program to pre-populate the many form filling websites you encounter on a regular basis, to save you the time of re-typing the same information over and over again. With the premium version, you can share selected passwords with specific people. This way, you don’t have to share all of your passwords – just those critically important ones.
There are other options as well, including Dashlane, RoboForm, and PassPack. All of them can do the basic job of securely storing your passwords. I lean towards LastPass because it’s pretty easy to use and works across multiple web browsers (Internet Explorer, Google Chrome, Firefox). Additionally, the $12/year premium version allows for access on your smartphone.
It’s really never been safe to just use your anniversary, your kids’ names, or your first pet as safe passwords. Woodward Financial Advisors takes serious steps to do our best to protect the data of our clients…shouldn’t you do the same with your own online information?