Keeping your personal finances secure is more important now than ever. We keep locks on our doors, secure money in the bank, and shred financial documents before we throw them out. But these days, thieves don’t even have to pick your locks to make off with your money—that is why having a good strategy for strong passwords is essential.
Whether it’s the password for your bank, a credit card company’s web site, financial services like PayPal, or online store account with payment information attached, having good strong passwords and keeping them secure protects you from today’s most common forms of fraud and theft.
Learn More: The Benefits of Having a Bank Account
Take a moment to think about your various financial and other passwords and consider these tips for protecting your accounts:
Don’t Be Complacent
Even if you keep your passwords and devices secure, the companies with which you do business might not. Assume the worst and always take every precaution.
Yahoo, Equifax, Target, Microsoft, Facebook, Instagram… These are some of the many companies that have seen data breaches affecting hundreds of thousands of individual accounts—and these are not obscure companies. It is almost a certainty you have done business with a company that has suffered from a data breach—that means it’s critical that you take extra precautions to protect yourself.
More Resources: Capital One Data Breach: How To Protect Your Financial Identity
Keep Your Passwords Unique
If you re-use the same password everywhere, your accounts will fall like dominoes if even one of them is breached. Never re-use passwords from one site to another.
We know this complicates things; who can remember unique passwords for all of their accounts? There are new tools you can look into for just that purpose. We’ll discuss password managers a bit later.
Avoid Common Passwords
Besides using different passwords on each of your accounts, take care to avoid passwords other people typically use. Don’t use “password123”, “qwerty”, or “123456”. Anything that is really obvious to you is also obvious to everyone else, so you have to dig deeper to come up with something uncommon.
Some security researchers recommend using phrases of 3 random words—this generates passwords that are easier to remember and long enough for most sites and applications. Be careful not to use any information about you that can be gleaned from social media—don’t use your pets’ names in your passwords if you talk about your pets on Facebook or other social media channels.
Be Careful with the Password Length
Good passwords should be at least 8 characters long, but 10 characters is better. As passwords get longer and longer, it gets harder to remember them, so don’t make it too long to easily remember and type—if your password is really lengthy and complicated, the site you’re logging into might “time out” before you finish entering it, and you’re more likely to have typos that will potentially lock you out of the account. Come up with a good length for your passwords, but not so long that it’s impossible to enter.
Don’t Change Them Too Often
Many workplaces make people change their passwords every few months; this practice just makes it more likely people will forget their passwords or write them down on a sticky note. Better to keep strong, unique passwords for longer than to change them too frequently.
Use a Password Manager
Since none of us can remember unique passwords for all of our accounts, software tools are available to create strong, unique passwords and fill them in for you when you log into various accounts.
It’s possible the web browser you use has built-in password management tools you can use. Apple devices offer iCloud Keychain, or for Android you could use Google Smart Lock or a 3rd-party app like 1Password, Dashlane or LastPass.
If you use a password manager, it’s especially critical that you remember the password for that app or service, as it protects every other password you have. Never re-use the login credentials for your password manager, and never share them with anyone under any circumstances.
Finally, be aware that some web sites, especially banks, will not work well with password managers; they block auto-fill for security reasons, making it much harder to use a 3rd party app to log into the site.
Keep Written Passwords Secure
You might also write down each password, in a notebook, password journal, or some other kind of diary. Keep this written log secure! If it were to go missing, the person holding it could take over your entire life. Only use a written backup of your passwords if you have a very secure way to store it.
Many people don’t keep passwords written in physical form, but do have them “written” in a document or spreadsheet on their computer. If you do this, you’re probably better off using a password manager that was designed for the task, rather than Excel or Word.
Any electronic file containing your passwords should be encrypted and protected with its own password. This is a tall order with Office documents—often password-protected documents are still readable, and the password only protects the document from being edited without authentication. This means that the text in the document is readily accessible and not secure.
All this is to say that if you are going to keep a document with your passwords in one place, it’s better that it’s in written form in a safe or locked cabinet rather than in an unencrypted file on your computer.
If your smartphone lets you use a fingerprint or face ID scan to log you in, this is the way to go! It’s much better than having to remember and type a password using a smartphone keyboard, and only you have your face and fingerprints.
Part of this will likely mean using your bank or credit card company’s app on your phone rather than their web site. Financial institutions prefer this, as their apps are more secure than using the web to log in. Get in the habit of managing your accounts through the official app rather than the web, and use biometrics to login wherever you can.
Be Very Careful About Two-factor Authentication
Many services now encourage or even require two-factor authentication. This system requires 2 factors to allow access: a password, and a trusted device. This is a very secure method because hackers won’t have your trusted device even if they know your password, and a thief who steals your phone shouldn’t know your passwords even if they have your device.
The downside to two-factor authentication is that it is more likely to lock YOU out of your own account than to protect you from thieves. If you ever change your phone number, you can be locked out of your account even though you know the password. There is no quick way to resolve this, and many people end up locked out of their accounts for weeks or more. If you’re someone who forgets your password a lot or ever loses your trusted device, two-factor authentication can quickly become a nightmare.
If you use a service that forces you to employ two-factor authentication, please add a second backup phone number to the account. That way if your trusted device is ever lost or stolen, you can have an authorization code sent to the backup number and still gain access to your account.
Managing passwords isn’t easy, and it’s crucial to your financial security. Take the time to get organized, evaluate your passwords and come up with a good strategy for maintaining them and keeping them all secure.
If you’ve been the victim of a data breach or any of your financial accounts have been compromised, check out our free Identity Theft Prevention course in our FIT Academy, and be sure to download the Identity Theft Prevention workbook from our Downloads page.
Anyone with security concerns should think about getting a Credit Report Review, where a certified financial coach will review your credit report with you and help you correct errors and find anything out of the ordinary.