Confessions from a Password Manager Convert
by Commonwealth Financial Network
Whether youâre looking to make a New Yearâs resolution or youâre simply trying to implement some information security best practices, you would be well served to start using a password manager. Why? I'm here to tell you!
In my role as director of editorial at Commonwealth, I work on a lot of content geared toward financial advisors and their clientsâfrom market and economic commentary, to retirement income planning strategies, to marketing and practice management best practices. Though Iâm no expert in any of these areas, I have absorbed many of the key ingredients that contribute to successful outcomes for business owners and clients. Nowhere have I put that learning by osmosis to use more than when it comes to protecting the security of my personal and financial information.
Whatâs the weak link for all of us? Passwords.
According to a survey by Digital Guardian, âpassword overloadâ is a real problem. Worse, despite known risks, at least half of us admit to reusing passwords.
How many online accounts do you have? Probably more than you think. Youâve likely got at least one social media profile. Then, thereâs your e-mail (which might include both personal and work accounts), your various banking accounts, streaming services like Netflix or Hulu, and your Amazon account (who doesnât have one of those?!). Thatâs not to mention all those apps on your smartphone.
Now think about the passwords you use for those accounts. Chances are, either you reuse passwords across multiple accounts or you have your passwords written down somewhereâboth of which are no-nos when it comes to information security best practices. If, as Commonwealthâs InfoSec team continually reinforces with our staff and advisors, you need a strong password for each account that is at least eight characters long (and preferably longer) and combines upper- and lowercase letters, numbers, and symbols, thereâs simply no way you can remember all the passwords to all your accounts.
Unless, that is, you start using a password manager.
A password managerâsome well-known versions include LastPass, Dashlane, RoboForm, and 1Passwordâis essentially a secure online storage vault for your passwords. Youâll find both desktop and smartphone app versions available. Load them on multiple devices and your information will be synced across them.
There are several features that make password managers extremely valuable from an information security standpoint:
- Remember one master password. Because the password manager stores all your credentials for you, the only password you need is the one that logs you in to the vault. So be sure to make it the most complex password you can think ofâand remember!
- Auto-generate passwords. Instead of trying to come up with a unique, complex password for each account on your own, the password manager will do it for youâand save it for future use.
- Automatically save and store new accounts. Adding a new streaming service? Opening a new credit card or bank account? Your password manager will recognize the new account and save your credentials for you, so your next login will be seamless.
- Easily fill web forms. By saving some of your personal information in the vault (e.g., address, phone number, and credit card number), the next time you have to fill out an online form, the password manager will auto-fill your information. Itâs safer than storing these details in your browser.
- Log in to sites automatically. Once your preferred sites and credentials are set up, you can access the sites directly from the password manager, which will log you in automatically. As an added bonus, with the browser extension enabled, you can navigate to the website you want to visit, and your password manager will log you inâagain, automatically.
By now, I hope youâre seeing how much easierâand more secureâyour online life will be. Imagine never having to remember multiple passwords or having to go through the hassle of resetting your password because you forgot it. Thatâs what a password manager can do for you.
First, find the one you want. PCMag has put together this side-by-side comparison of what it considers the best password managers of 2018. Ranging from the most expensive (Dashlane, at $40/year and climbing) to the least expensive (Zoho, at $12/year), youâll also see the various features each of these tools offers. You might consider one of the free password managers available, which PCMag also reviews.
Once you download the manager you want, you need to start adding your accounts. Iâm not going to lieâthis can be time consuming, depending on how many accounts you have. Donât worry if you miss a few on this first pass; you can always come back later to add more. This is where the password manager earns its keep. Youâll be able to see, at a glance, which existing passwords are considered weak, as well as which ones are repeated across accounts. From there, simply use the toolâs password generator to create and assign new, unique passwords to these accounts to shore up your online security.
Be sure to enable multifactor authentication (MFA). An extra layer of security, MFA will require you to provide two forms of identification to log in to your password managerâyour password and a second token, which is typically a passcode sent to your smartphone or an authenticator app. Considering how much sensitive information will be stored in the tool, this step is a must.
Now, all you have to do is monitor the passwords you have saved. Many password managers alert you when itâs time to refresh your passwords (which you should do periodically). Some, like Dashlane, even scan the dark web for risks to your personal information.
Full confessionâIâve had my personal e-mail account hacked, all because I used a weak password that was easy for some cybercriminal to guess. Plus, my credit card number was stolen from an online payment site due to weak credentials. You might argue that a company like Dashlane or LastPass can get hacked, too, so why bother going through this hassle. In fact, LastPass was hacked, back in 2015, but the exposed data was encrypted, so the hackers didnât really get away with anything.
The lesson? No account is completely hack-proof, but using a password manager can substantially reduce the risk that your passwordsâand the information secured behind themâwill be compromised. And thatâs an information security best practice you want to follow, in the New Year and beyond.
Have you made the switch to a password manager? How has it changed your life? If not, whatâs holding you back? Share your thoughts below!
 Commonwealth Financial Network is the nationâs largest privately held independent broker/dealer-RIA. This post originally appeared on Commonwealth Independent Advisor, the firmâs corporate blog.
Copyright Š Commonwealth Financial Network
