No one would dare drive a car with a rope tied around their lap, but you’d access your life’s savings with 4-digit PIN. Neither action makes sense. Good passwords are a minimum requirement.
A recent article, How Biometrics Is Becoming the Security of the Future, made me think about digital security. While biometrics are convenient, they are really just an access method and doesn’t invalidate the use of a good password. I don’t know of single biometric tool that isn’t tied to password. So if your password is “p@ssw0rd”, you still have poor security even though your face or fingerprint is unique.
My rules for passwords are simple.
Lock your devices with solid passwords. Your smartphone and your PC are your digital twin and probably have access to your entire financial world. Why would you leave them wide open for someone to grab and gain access to almost everything about you?
Use a password locker. A password locker enables you to have a master password that access your other passwords. Why is this so important, because then you can use really good individual password such as 15 characters or more with lots of non-standard characters for your passwords for every account. There are free ones, but I think it might be worth the price of a couple of latte’s month to protect yourself and gain the integration features found in the paid versions.
Use two-factor authentication. I have 2-factor on all my important accounts or require it when I make major changes to account such as updating passwords, addresses, or transfer funds. I use an authentication application on my smartphone to provide me the 6 digit code where it’s allowed. In other cases, I just have the system text me the 6 digit code. Two-factor proves you have control of the device.
Use strong passwords. Strong passwords are not that hard to come up with. If you are using a password locker, most have strong password generators. I set mine so the characters are password characters are easy to read. So it avoids putting “1’s” next to “l’s” or “0’s” next to “O’s”. I know I’ve spent 5 minutes trying get serial numbers entered when I have a lot of similar looking characters. Another great trick is us longer passwords that are phrases. I find song titles from my youth relatively easy to remember.
Use shared passwords via a password locker. This is probably controversial, but we provide support for some older relatives. I also share access to household accounts like utilities, drug stores, and groceries with my spouse. In the case of the relative, they write the password on a post-it stuck to the refrigerator where anyone coming in sees it. Even then, they get stuck. Having secure access to the account and password, we can help them. In the case of shared household activities, it means we can back each other up and don’t end up texting passwords to each other. Where there is a family feature, we do use it, but until all accounts have family sharing, we’ll be using shared passwords.
Change the passwords. Change is hard. About the time I get comfortable with a password, it seems it’s time to change it. I’m less hard core about this requirement, but if you even suspect something is going on, be sure to change your password.
Lock your accounts down. If you can, lock up the features of your accounts that can rob you or take control of your accounts. I’m not old enough to use my 401k, so they are locked for withdraws. Most other accounts, don’t allow significant changes without additional confirmation. Also, the change in law lets you lock your credit reporting accounts so no one can open loan or charge without you unlocking them. They can still report on you, but it protects you. Spend some time getting to know the features of your major accounts.
Audit everything. While you are in locking, you should turn on your audit features. For example, I get get an email or text if someone makes a foreign charge or charges over $500 on my credit card. It takes 5 seconds to read and delete if it is OK. If it’s not, I can contact the credit card company in seconds to stop the problem before it becomes my problem. The only draw back, it is really hard to buy a gift for my spouse when traveling because she gets the alerts. I can live with it.
No matter what anyone tells you or how great your biometrics are, you still need good passwords. I think a password locker is helpful and certainly better than pad of paper, post-it notes, or Excel spreadsheet. After that, it is up to you to use it, set good passwords, and monitor your account statuses. Access anywhere is a great super power and with great power comes the responsibility to use it with care.