Passwords Everywhere

in On Line Banking, Security

Do you have a magic list of passwords for all of your various on line profiles? Do you have a system for changing your passwords often? Do you have the same password for all of you on line profiles?

If you answered Yes to the last question, allow me to say, “DON’T DO THAT!”, for the love of MyDoom, if any of the many sinister nasty folks on the Interweb get into one of your accounts, suddenly they are into all of them. I have talked about Financial On Line Security before, but this was triggered by yet another interesting discussion with Mrs. C8j.

RRSP, RESP, RDSP

Security Needs to be Watching

There is actually a very long list of different financial on-line profiles with user ids and passwords, but Mrs. C8j pointed out that she really should have access to this information in case of an emergency. My guess is that a solution to this will be to actually print out this information and put it in a safe deposit box or somewhere safe for her.

This is actually a terrible solution, because:

  • You should not have a file with this information on a computer anywhere (unless you have it under some kind of heavy encryption, but even then, that may not be that safe).
  • Printing it just means that it will be even less safe (paper is much easier to pilfer).
  • Printing the information means she has a snapshot, at that moment, however, when I change those passwords, the list is suddenly useless.

The other ideas like putting it on your cell phone is bad, because the phone is easily stolen, and putting it “in the cloud”, just makes it easier to find.

What is the best way to keep this information secure, while being able to share it (securely) for the “what if” scenario.

Questrade Democratic Pricing - 1 cent per share, $4.95 min / $9.95 max

{ 8 comments }

{ 8 comments… add one }
  • My Own Advisor September 4, 2013, 7:53 PM

    Memorize them and tell your wife 🙂

    The more tools you use, the more that can go wrong.

    Reply
  • Hunain @ Howtosavemoney.ca September 4, 2013, 9:21 AM

    I would say that instead of writing it on a paper or printing it you should use Lastpass. It is software that keeps all your passwords in one place and you can give different password to different accounts. It will automatically save your passwords and whenever you want to access something you only have to sign in to your primary email.

    Reply
  • LifeInsuranceCanada.com September 4, 2013, 9:12 AM

    It’s relatively easy to have a unique system of generating secure passwords. Basically the ‘use my kids birthday’, but not quite that simplistic.

    Find one thing that has variations of numbers, and another thing that has variations of text. Combine them, and add in a non-text symbol.

    Lets say I use my phone number, initials and the % sign. So here’s an easy one:
    866gacooke6625433%. Or I use my wife’s name and cellphone number 999bacooke9999999%.

    Want it funkier than that, break the initials into two sections, like
    866ga662cooke5433%.

    The system is easy to use, generates lots of passwords, is as secure as anything randomly generated, but it’s something that can be easily remembered.

    However – you missed one big thing. If someone cracks a database with your password on one site, they’ve got it for all your sites if you use the same password. What I do is use one very unsecure password for most online sites because I don’t care about security. Forums, website registrations, all that stuff, I don’t use anything secure. For anything that’s got financial information, I tend to use a system like above (not that system, I have my own) and not reuse it on other sites.

    Reply
  • George September 3, 2013, 11:00 PM

    This is a common problem, and very easily solved. Three tools work well and are highly secure (but work slightly differently): 1Password, KeePass, and LastPass. All of these tools work on the idea of an encrypted, highly-secured password safe that’s kept online.

    LifeHacker has a full review of all these tools. My personal choice is LastPass, which I have used now for a few years. It’s solid, reliable, and ensures that I have extremely lengthy and secure passwords that are unique to each and every website. Here’s the link to the LifeHacker review: http://lifehacker.com/5785420/the-only-secure-password-is-the-one-you-cant-remember

    Reply
  • Bet Crooks September 3, 2013, 1:08 PM

    For many financial things, your spouse or partner doesn’t need to know your passwords. If you have died, they can use proof of death and the will to get the passwords reset. (The Blunt Bean Counter had a guest post that emphasized the need to have your will explicitly specify your spouse/partner/next of kin is entitled to your e-assets and social media assets, too.) If you are incapacitated, they can use a doctor’s letter and your power of attorney to get the passwords reset.

    If you really want to provide them with the passwords paper is probably the way to go. I can think of several ways to have a sheet of paper around this house which would be so inconvenient for a stranger to find that they would probably prefer to just hack my accounts.

    Which reminds me, I think I’d better go backup my databases again. I’m far more likely to crash something than to get hacked!

    PS Your bank accts should be safe for a few months: trying to rob someone just AFTER they pay university tuition and accomodation expenses for their children is just silly.

    Reply
    • bigcajunman September 3, 2013, 3:10 PM

      We have already lived through a few “compromised accounts”, strangely thieves don’t seem to mind if I don’t have much, they’ll take what they can get.

      Reply
  • Vipul September 3, 2013, 11:23 AM

    You can create a file and encrypt it using openssl. This article describes the details, but you can just download and use it.

    http://www.codeproject.com/Tips/432905/Simple-File-Encryption-using-OpenSSL

    Reply
  • schultzter September 3, 2013, 9:55 AM

    Check out passwordmaker.org – it’s an theory/principal/algorithm with many implementations.

    Reply

Leave a Comment

*

%d bloggers like this: