Time To Get Serious About Passwords

By: David Christianson, BA, CFP, R.F.P., TEP, CIM

OK, folks, it’s time to get serious about passwords.

When the Canada Revenue Agency’s name was added last week to the long list of websites that have been hacked, it’s definitely time to take some basic precautions to protect your personal information and your money.

I also received two other notifications in the mail last month about security breaches in charity organizations that have my email address on their list. Scary.

These were sobering reminders that we are all connected and that criminals have new and different ways of stealing from us. That prompted me to review my list of passwords and I was shocked to see that I’ve committed the cardinal sin of reusing passwords from one site to another.

The CRA incident made it clear – if you use the same password with your CRA account (or online banking or investment access) as you do on some other site, and that other site gets hacked, criminals have the potential ability to get at your personal information and even your money.

If your identity is stolen, then credit cards, loans or government benefits can be claimed in your name, creating a liability for you. Money can be transferred to someone else’s bank account, potentially.

So, how do you protect against this?

Protecting your online data

First thing, I am not the expert on this, and you need to search out your own sources. But we know that the first basic step that you MUST take is to use a different, unique password for each website or online access that you set up.

Ideally, using a different username is also recommended, but most websites now require you to use your email address. This means being even more diligent with your passwords.

From what I understand, the best approach is a complex, computer-generated password for each site. (My favourite is !W79Xx#781Zf97!, but I don’t recommend you reuse that one.)

These are obviously hard to keep track of, but there are tools to help. Apps like LastPass, Keeper, KeyPass, Bitwarden. Dashlane and others generate these complex passwords for you, then track them. All you have to do is remember one complex password and you have access to all other sites.

An alternative is longer passwords that you can remember, where websites allow. Something like Fox17!deer21!horse79# is a lot more secure than your dog’s name or your kid’s birthdate. Many people develop a system where they might have similar long passwords, but a number or letter sequence that is different for each site, so all they have to remember is the different characters. That’s a good start.

Other security experts advise against using real words, as I have shown above. Clearly, the randomly generated gibberish codes are the best.

Better yet is two-factor authentication. Using this means that every time you (or a criminal) attempt to log on to any site, it sends a unique code to your phone that you have to input before being granted access. In this way, a hacker would need to have access to your phone as well as your password. Better protection.

Your mobile device (Apple or Android) will store your passwords for you, as will a Google account or the latest version of Windows on a PC computer, or Apple operating system on a Mac. Some of these systems will also offer to provide those complex passwords for you and remember them. Take advantage.

A challenge I have this weekend is that as I create complex, unique passwords on each of the 42 sites where I am registered, I have three separate systems where I must update.

It’s worth it. Think how many hours you will spend clearing up an identity theft, or what you could lose if you are hacked.

Just do it!

This article is meant as an introduction to this topic and should not in any way be construed as a replacement for personalized professional advice. Please consult legal, tax, insurance and investment experts for advice on your unique situation.

David Christianson, BA, CFP, R.F.P., TEP, CIM is recipient of the FP Canada™ Fellow (FCFP) Distinction, and repeatedly named a Top 50 Financial Advisor in Canada. He is a Portfolio Manager and Senior Vice President with Christianson Wealth Advisors at National Bank Financial Wealth Management, and author of the book Managing the Bull, A No-Nonsense Guide to Personal Finance.

Related Posts

When to take CPP?

When deciding whether to take CPP early at age 60 or delay until age 65, there are several factors to consider.