Each and every one of your online accounts is a doorway into your life, which is secured and locked only by the password you have chosen to protect your account. Nearly three out of four password protected accounts are guarded by old or reused passwords – which is comparable to using one key to open nearly all of the doors and windows in your home. In a world where a hacking attempt occurs every 39 seconds, it is not only advisable but imperative to update the way in which your passwords are created and managed.
In the first half of 2019 alone, 4.1 billion electronic records were exposed due to hacking data breaches. Eight out of ten of these breaches were caused by poorly constructed or recycled passwords. Even though it is common knowledge that using the same password or password structure for more than one account is a poor practice, this is a frequent strategy used to protect personal information. The human brain is not well-suited to create unique, memorable passwords. So people often use passwords that are easy to recall such as a pet’s name or an anniversary date. These sorts of passwords are as easy to remember as they are for hackers to guess.
Some people try to add to their security by creating different passwords and keeping them either written in a physical notebook or stored in a file on their computer. But these strategies pose their own risks. Passwords could be stolen by a burglar who finds your notebook or a hacker who finds the password file on your computer. You also risk losing your passwords to a house fire, computer failure, or other disaster. On top of it all, using a notebook or password file just isn’t very convenient, especially as the number of websites you use grows.
Often hackers don’t have to guess a person’s password because they trick the person into giving the password to them using a scam called “phishing”. This scam works by them sending you an email or text message that appears to be from a company you know and trust such as a social networking site, an app, or even your bank. The nature of the message will often cause you concern, claiming that your account has compromised or that a charge (which you of course won’t recognize) has been made to your account, for example. In a rush to secure your account, you click the link in the message and enter your user name and password, payment details, or any other personal information they ask for on the web page the link takes you to.
However, the message is not from the reputable company you trusted. It is actually from hackers who have created the sophisticated ruse to obtain your information. You may not even realize it is a trap, as the link they send you will take you to a website that looks nearly identical to the real website of the company the email claims to be from.
The Password Manager Solution
The most effective and convenient tool that can be used to virtually eliminate the risk of a security breach is a password manager. A password manager is a computer application that stores all of your passwords in one secure location. It remembers all your passwords so that you don’t have to!
To use a password manager, you only need to remember the master password, which is used to gain access to all passwords stored inside. Many password managers can be used across all of your computers, smart phones, and tablets, allowing you to access all of your passwords at any time and on any device. This provides a high degree of security during your lifetime and access to the right people if you are incapacitated or pass away.
Not only does the password manager eliminate the need to memorize all passwords, it allows you to easily create and use more secure passwords. Because they’re easier to remember and type, people often use passwords made up of simple combinations of words and numbers. Someone who brought home their dog Fluffy in 2011 might use “fluffy2011” as their password. But passwords like those are much easier for hackers to crack. Sometimes this information can be pulled off a person’s Facebook profile or other public information.
A password manager can create and store long, complex passwords containing a random combination of letters, numbers, and symbols. An example of a strong password created by the password manager our firm uses (but not for one of our actual accounts!) is: “mMf@ZQqd7EHPkMX4”. That kind of password will be impossible for a hacker to predict.
For an additional layer of security, the password manager can also store answers to security questions in a similar way. Instead of entering a common and easy to guess answer to a security question (such as your mother’s maiden name or the city where you met your significant other, information that may be found on your Facebook profile), you can create and store unique answers to these questions in the password manager.
No one wants to have to type in “mMf@ZQqd7EHPkMX4” each time they log into their email or bank website, but with a password manager, you won’t have to. Most password managers plug into your browser, allowing you to click a button or choose from a menu to enter your password into the login form on the website.
Using a password manager also protects you from “phishing” scams because each password is tied to the specific website it is for (for example, www.yourbank.com). Since the password manager will always offer to fill in your information on legitimate websites, you will then notice that something is not quite right.
A password manager is also the best way to be certain that your accounts can be accessed by the right people if you are ever incapacitated or when you pass away. Upon incapacity, your agent responsible for your finances will need immediate access to your accounts. To successfully manage your finances in your absence, your agent will not only need your passwords, but will need to know of all existing accounts. Without a password manager, your agent would not only have to search for the location of your passwords, but they may not even be aware of the existence of some of your accounts. A password manager would ensure that your agent not only has all necessary passwords but is able to effectively and successfully manage all of your assets and pay your bills in your absence.
When someone passes away, their loved ones often scramble to find all of the information needed to access accounts, pay bills, and then close the accounts. This process that occurs after death is significantly lengthened and becomes much more difficult when this information is not readily available to executors and trustees. We have even seen estates where loved ones were unable to identify what banks the decedent had accounts at because the statements were all online and the computer and email passwords were not known. Having a password manager and taking steps to ensure that the master password is available after your death eases the estate administration process and avoids the lengthy detective work that might otherwise be needed.
Getting Started With a Password Manager
While there are many password managers to choose from, they all function in the same basic way. After choosing and installing your password manager, you must then create a master password. This password is the key to all of your passwords, so it should certainly be a unique and hard for anyone else to guess. And it should also be relatively easy to type since you will need to type it whenever you need access to your passwords.
Your passwords should be at least 8 characters long (10+ is preferable) and include both uppercase letters, lowercase letters, and numbers. A couple of master password strategies we have seen successfully employed are:
- Choose a memorable phrase of medium length and create your password from the first letter of each word. For example, your memorable phrase might be, “I really love my husband, 4 kids and 2 dogs.” And then your password would be, “Irlm4ka2d”.
- Choose a memorable shorter phrase and make an abbreviation with punctuation. For example, your memorable phrase might be “Life is good. Be happy.” And then your password could be, “lf*gd&b*hppy”. Note that the abbreviation is an important part of the security because many password cracking tools are adept at combining words with punctation. So “be.happy”, for example, would not be a secure password for anyone to use.
Your master password is the only password that you will need to remember, but you need to make sure you will remember it. Losing or forgetting your master password will be extremely problematic (if you lose your password, it and everything it protected are gone forever). So it is imperative for to write your master password down and store it in a safe place, such as a safety deposit box or in a fireproof safe. Another method of storage is to place the password in an envelope and place it somewhere in your house where it is unlikely to be stolen. Wherever you keep your master password, you should make sure that your financial helpers upon incapacity (power of attorney agents and trustees) and upon death (executor and trustees) know where to find it.
Your password manager is only as effective as the passwords stored within, so the final and most important step is to change your passwords using the random password generator tool. This is probably the most daunting and time-consuming aspect of using a password manager due to the number of accounts the average person has. A good strategy is to start by changing the passwords to your most important accounts first, such as your email password and passwords to your bank accounts. The passwords to less important accounts can be changed later, at your convenience.
Although it may be confusing and time consuming at first, a password manager will practically eliminate the risk of your data being stolen or lost, which is very high if you use recycled or old passwords across all of your accounts. They also make your passwords and accounts easy to access to people who may need them in an emergency situation. One out of three Americans will be hacked each year, and the number is only increasing as the internet is becoming more accessible, and hacking strategies are becoming more advanced. Just as you would take the necessary precautions secure your home from any potential intruders, it is necessary to use a password manager to secure your accounts from hackers. An invasion of your online information is just as costly, if not more costly, than an invasion of your home.
If you have any questions about using a password manager or organizing your estate, please don’t hesitate to reach out to our office. We’re here to help!