During the coronavirus pandemic, we not only have to protect ourselves physically, but also digitally. The Federal Trade Commission (FTC) has seen an influx of scammers trying to get the information of American citizens. Some have applied for unemployment income utilizing the victim’s information while others have posed as fake coronavirus charities. These are just a few of the ways in which hackers and scammers have taken advantage of this financial crisis.
We have previously written about a few of the means in which how you can protect your identity online, including monitoring your accounts/credit reports, utilizing fraud protection services/alerts, and freezing your credit. In this article, we are going to go dive deeper and discuss the best way by which you can protect your information – a password manager.
Managing a “Smorgasbord of Passwords”
If you are like me, you have a ton of passwords to remember, for both work and leisure. I did a quick survey of the number of different accounts I have that require a password – I found a total of fifty different accounts. Fifty! A client once referred to them as his “Smorgasbord of Passwords.”
Given we have so many different passwords to remember, we tend to cut corners. We use the same passwords for different websites/accounts (or a slight variation thereof). In one 2018 Study[i] by Virginia Tech professors, they found that 52% of the users studied had the same passwords (or very similar and easily hackable ones) for different services. We tend to utilize passwords based on ours or our family members information (names, birthdays, etc.).
We tend to utilize simple words as our passwords (or for a part of our passwords), and we utilize the same passwords for years. In a 2020 Study[ii] by Security.org, they found that only 44% of users studied utilize “moderately complicated” passwords – meaning those that include special characters, uppercase letters, numbers, etc. Not only does this create a security threat, it is also a pain for us consumers – I don’t know how many times I have had to reset my passwords because I forgot them (it’s happened at least 100 times, no hyperbole).
Hacker’s Paradise – Weak Passwords
We often don’t realize the sophistication of hackers. They are going to utilize our desire for simple or easily-to-remember passwords against us. They do this in several different ways.
First, they can utilize so-called brute force attacks, where the hackers have programs that use random trial and error to determine one’s passwords – the shorter/simpler the password, the better. Other times, they will buy passwords on the dark web due to a breach on another site, and they will try such passwords to see if you use them for other sites. They sometimes utilize “Dictionary Attacks,” a hacking method that uses an index of words that feature most commonly as user passwords.
What’s worse, these attacks are getting more advanced as technology evolves. In 2012, a password cracking expert created a program[iii]that can try 350 billion password guesses per second. In just 5.5 hours, the expert was able to crack an 8-character password containing upper- and lower-case letters, digits, and special characters.
What is the Solution?
It is simply impossible to create really strong passwords for a host of websites. Can you imagine having to remember something like this “ePYHc~dS*)8$+V” across 50 websites? It’s really not practical.
This is why we have been recommending something called a Password Manager.
A password manager will generate, retrieve, and keep track of long, random passwords across all of your accounts for you. It also may have the added service of protecting all your vital online info—not only passwords but PINs, credit-card numbers and their three-digit CVV codes, answers to security questions, and more—with encryption so strong that it might take a hacker between decades to crack.
How Do Password Managers Work?
All password managers work in the same way. Your passwords for a host of websites are stored in a “vault” that only you can open. There is a master password used to open the vault – a unique complicated password that only you know – you cannot open the vault without it. The company won’t have access to this master password on their servers either.
The master password must be long and intricate. Worry not, this will be the only long, intricate password you will need to remember – it should be at least 12 characters with a mix between uppercase/lowercase, letters, numbers, and special characters. The security experts recommend a longer sentence (lyrics to a song, a poem, etc.) which includes special characters.
After you have set up your master password, you will need to go to each website that requires a password. This includes those sites that you absolutely want to keep secure (banking, retirement accounts, brokerage accounts, personal email), along with your subscriptions, social media accounts, and other retail accounts. You will then log into each site utilizing your current passwords, and the password manager will then create a long, randomized password for such site. Once you have logged into every site, you are essentially done – your password manager should work on all of your devices (computer, phone, tablet, etc.).
There are a variety of good password managers out there (the best based on my research were Dashlane, 1Password, Keeper, and LastPass – more on this one below). Some managers are free, while others cost $5-10 per month. After doing some research, I didn’t see a reason to pay for a password manager when there is a really good free version available - LastPass.
As an example, I evaluated LastPass by going through the entire process noted above, linking each of my ~30 accounts. It has a browser extension that you can download and conveniently access when you are creating or updating a password for a website in order to store your password. This extension also auto-generates a strong password for you if you don’t have the time or energy to develop a strong password for that particular website. I was surprised at how quick it was to do this – I completed the entire process in little over an hour. And I was also pleasantly astonished at how easy the process was – LastPass really streamlined the entire process to make it easier, especially for anyone who is technologically-challenged. Since then, it has been really nice not having to remember 30 different passwords, and it feels good to know that my passwords are as secure as can be!
We did a deeper dive on each of the very best password managers available, so if you have any additional questions, feel free to reach out us.
[i] Chun Wang, Steve T.K. Jan, Hang Hu, Douglas Bossart, Gang Wang, The Next Domino to Fall: Empirical Analysis of User Passwords across Online Services: https://people.cs.vt.edu/gangwang/pass.pdf
[ii] Security.org Team, “America’s Password Habits: 2020:https://www.security.org/resources/online-password-strategies/
[iii] Dan Goodin, Ars Technica, “25-GPU cluster cracks every standard Windows password in <6 hours”: https://arstechnica.com/information-technology/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
Associates of DeRose Financial Planning Group are registered representatives of Lincoln Financial Advisors.
Securities and advisory services offered through Lincoln Financial Advisors Corp., a broker/dealer (Member SIPC) and registered investment advisor. Insurance offered through Lincoln affiliates and other fine companies. DeRose Financial Planning Group is a marketing name for business conducted through Lincoln Financial Advisors.
*Licensed but not practicing on behalf of Lincoln Financial Advisors.