Asset Protection: Password Manager

Crime Scene Tape

Asset Protection: Password Manager

In my office’s slack channel this week:

My credit card is hacked. Have to spend some time with [bank] to straighten it out.  $999 on Apple store purchase and a bunch of other sh*t.

And my netflix account has been hacked.

I consider Bernard to be both the smartest and most careful coworker in our group of pretty accomplished professionals.  What happened to him, and could it happen to you?

Recycling Passwords

Maybe this is just Bernard, and has nothing to do with you:

  1. Has one super strong password for his primary email address.
  2. Has another pretty strong password that he uses on “important” websites.  This might be all his bank accounts and his work email.  But it also included his netflix account and his amazon account.
  3. Has a generic password (think “password123”) for throwaway accounts, like when he wants to anonymously post incendiary comments to financial blogs.

The problem with recycling your password across multiple accounts is that if one account becomes compromised, they’re all compromised.

If for example, I found out your netflix email and password, I might try the same combination on amazon, or bank of america, or chase, or ally.  Did you use the same credentials at your bank? Bingo.  If I get in, I can see your credit card statements.  And with that, I’m getting pretty close to a shopping spree.

Data Breach

This whole issue blipped on my radar a few years ago when I, along with 150 million compatriots, had my email address and an associated password stolen during a data breach at Adobe.  You can test if your email address was compromised, too.  Here’s what happens when I put my information in:

You’re feeling safe though, because you didn’t have an account at Adobe.

But maybe…

  1. You were one of the 3 billion user accounts compromised at Yahoo in 2013.
  2. Or one of the 500 million yahoo lost the next year (they took two years to let the public know).
  3. 350 million MySpace accounts were stolen God-Knows-When, only to be revealed when the kompromat had lost most of its value in 2016.
  4. LinkedIn gave up the goods of 165 million users in 2016, followed by
  5. the great Equifax loss of 145 million names, Social Security numbers, birth dates, and street addresses.
  6. More than 100 million credit and debit cards were lost in a much publicized scandal at Target.

The list goes on and on.  You might have forgotten about some of these because this story repeats itself so often.  It’s 2018 and you’re reading a financial blog, I’m guessing your information is out there somewhere.  Mine certainly is.

So what can you do?

Password Manager

I used 1Password, but I know a few people who use  LastPass.  My experience was similar to setting up my will for the first time.  I spent a lot of time hemming and hawing and thinking “I really ought to take care of this soon.”  And then I just did it, and it was simple and straightforward in retrospect.

There’s a desktop app, and a phone app, but 90% of the time I just click this extension on my browser:

Password Manager

Master Password

Your Master Password should be a strong password that you never use anywhere else and never tell to anyone.  Need help figuring out a good and memorable password?

Password Strength from the terrific and inimitable xkcd.com

Enter your master password, and you’ll get a menu like this:

Password Manager

If I click on Amazon Affiliate, my stored name and password are entered and I’m logged on to my affiliate account.

If I go to a new site and enter a name and password, the app asks if it should store the information in my vault for future use.

Password Generator

Registration on a new website is easy, too.  Click Password Generator and get as silly as you like:

I have 264 Logins stored, all with different (and ridiculous) passwords.  Other than my master password, I don’t type anything in and don’t have to remember a different combination for each.  I spend no time trying to remember my passwords for the myriad websites I log on to each day.

Conclusion

I set this up to protect myself from identity theft and expected I would just tolerate it as a necessary hassle — like a bike lock is a burden to carry around.  Instead, I find myself less frustrated because I only ever have to remember one password, and I never have to get too stressed about the many and increasingly scary data breaches we hear about.

I don’t have an affiliate link for this, and I’m not trying to sell you anything.  I see a lot of people planning on what they should do with their bond allocation if the big earthquake strikes, or other black swan events.  But so many people leave themselves exposed to the obvious risk inherent to reusing passwords across the web.

You can fix that today.  And you’ll make your life easier.  It’s a win-win.

Let me know what you think, and if you need help or have any questions, feel free to contact me.

Share Your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.