Staying Safe on the Internet: How to Manage Your Passwords
First in a series of articles on ‘Staying Safe on the Internet’
“How do I keep track of all of my passwords?”
“What do I do if I think I’ve been hacked?”
These are two of the most commonly asked questions Altair receives in the course of our daily business providing investment advice and financial planning for high-net-worth clients. Both queries are understandable, and the answers essential, in an increasingly digital world.
Most websites now require more secure passwords – longer and containing more symbols – that need to be changed more often. Many are shifting to double-factor authentication, which requires not only a password and username but a piece of information that only the user should know or have access to, such as a code sent via text message. Using one basic password or keeping them all in your head is less feasible than ever, and not a good idea in any case.
In this article we focus on passwords only; we will address hacking more directly in an upcoming blog post as we look more broadly at online security.
Altair takes online safety very seriously. Managing Director Rebekah L. Kohmescher, CFP®, CPA, one of Altair’s founding partners, answers questions on this topic:
Q: What are some basic security precautions to take with passwords?
A: Use complicated, long passwords that are unique for different sites. And always go directly to the site you’re trying to access; do not access it from a link in an email, which can be unreliable. If you are determined to come up with all your own passwords, at least pick complex combinations of letters – perhaps the first letter of every word in a favorite movie line – and add numerals and special characters. But it is much safer to use a password vault or storage site and follow the guidelines there. Instead of trying to think of unique passwords that are difficult to guess, let the computer do it.
Q: Why are password storage sites better? How do they work?
A: Password storage sites, also known as password managers, are hard to beat for strong security and even ease of use once you set up an account. These sites will retain all your logon details and are able to automatically log you in.
There are a few leading web-based password storage sites. One that is easy to use is LastPass. (There is lots of helpful information about it here.) Basically, when you want to log in somewhere, you log into LastPass and then open the site from there and it logs you in. Besides passwords, you can keep all sorts of notes in LastPass such as numbers for credit cards, frequent flier accounts, passports and hotel loyalty cards.
Q: How important is it to use randomly generated passwords?
A: Choosing randomly generated sequences of numbers, letters and symbols is considered best practice for password security. Such passwords are much harder to hack. They also make it easier for you to avoid using similar or duplicate passwords for different sites, so that getting hacked at one site doesn’t put you at greater risk elsewhere too.
Q: How do you create and use them?
A: Many password-generating sites exist online, such as PasswordsGenerator.net. Once you are up and running in a program like LastPass, change your account passwords to random ones that you can create with a click at one of these generator sites (or at LastPass itself). Then copy and paste each new password into the appropriate location for the site in your password storage vault.
Q: Is it necessary to use specially generated passwords for every site?
A: I draw a line between sites I care and don’t really care about. For email accounts or sites with financial information, I use randomly generated passwords. But for sites that are only informational where I log on just occasionally, like Fandango, it is less important if I get hacked.
Q: How secure are password storage sites?
A: Nothing is 100 percent safe. But LastPass and the other leading sites, such as Dashlane, are fully dedicated to security in a way that other sites are not. Using a password manager is considered the most secure way to use your accounts. It is definitely safer than keeping track of your passwords using email, which is a huge target for hackers, or most any other do-it-yourself password management strategy.
Q: Isn’t it still highly risky to put all your passwords on one site?
A: No one should be able to access your account as long as you use two-factor authentication. This extra layer of security requires you to enter not only a master password (which you should make as strong as possible) but a one-time verification code sent to another of your trusted devices. Some sites, like LastPass, enforce this when you log on from a new location.
The material shown is for informational purposes only and should not be construed as accounting, legal, or tax advice. Altair Advisers LLC is a registered investment adviser with the Securities and Exchange Commission; registration does not imply a certain level of skill or training. While efforts are made to ensure information contained herein is accurate, Altair Advisers cannot guarantee the accuracy of all such information presented.