Written By: Phil Kernen
Passwords are forgotten every day, usually an inconvenience fixed with a reset. But sometimes serious consequences intrude. In January, the New York Times reported on a German programmer living in San Francisco. A decade ago, he was paid 7,002 Bitcoins in return for making a video explaining how cryptocurrency works. He stored them in a digital wallet on a hard drive and wrote the password on a piece of paper he has since lost. After ten failed attempts, the password will encrypt itself, making the wallet impossible to access; eight attempts have failed so far. With Bitcoin trading over $50,000 each, his lost password is worth over $350 million. He is not alone.
We live in an increasingly digital world driven by electronic account access and a growing number of passwords. How do you manage them all? We know about the danger in using weak passwords or memorizing one random password and using it for everything, or not changing passwords often enough. Each of these approaches puts our reputational and financial assets at risk. Consider using a password manager.
I write this only having recently become a convert to using a password manager. My wife used one at work. After learning one of my teenagers was using passwords that would make any IT security person shudder, she insisted the family adopt one too. She chose Lastpass, but there are several good options from which to choose. I went along half-heartedly, if only to set the example for my kids, continuing to update my password protected MS Word doc. Twelve months later it struck me; I haven’t updated my word doc since last Fall. Using the password manager turned out to be much easier and more efficient than expected.
Password managers have several benefits. Password managers make it easy to generate a random password for each account. Utilizing this feature can prevent password-reuse attacks, where attackers steal user emails and passwords and use them to break into other sites using the pairs they stole. Password managers track websites with which you have accounts, making it easier to identify and close any unused accounts and reducing your online exposure.
When you sign up for a password manager, you will need to create a master password. Your master password encrypts the contents of your password vault, so utilize something complex. 12345678 need not apply. You can also set up two-factor authorization via text or bio-metric settings, such as fingerprints on your phone. Password managers are not immune to security bugs but taking steps to increase security is better than doing nothing.
A password manager exchanges tracking many passwords for one master password, which underscores the importance of your master password. It is the key to your digital life. But what if you lose or forget your master password? Each password manager will have its unique recovery process, but the best approach is to find a method to keep your password secure and accessible to you in the first place.
A friend took the following approach when he recently updated his estate plan. He utilizes a password manager for his accounts, but he was uncomfortable documenting his master password in the legal file. His solution was to note half of his master password in the file and give the other half to a trusted family member. Or you could substitute a safe deposit box for one of these parties. While he is alive, he has created a relatively painless way to obtain his password should it ever be forgotten. When he passes away, the legal firm and his family member will come together and provide the executor the master password needed to wrap up his digital estate.