How dangerous is it really, to have your financial information online?
Or cutting to the chase – how secure is your retirement? Not how much money you have, but how easily could someone else steal what you’ve worked so hard to save?
What do you do to protect your money online?
Do you access your bank account or retirement accounts on the Internet? Track your finances with all your account numbers, passwords, etc. on Mint? How about your name, Social Security Number, and address when you e-file your taxes with the IRS or your state tax board? And then there’s always Amazon, and your credit card information, along with the names and addresses of everyone you send gifts to.
If you’re like me, you do all this, and more.
That’s a lot of information you’re sharing on the internet. But SSL keeps you safe, right?
Not right now.
HeartBleed has recently demonstrated just how long your “secure” information can be exposed without your knowledge. At this exact moment, your name, SSN, usernames, passwords, account numbers, any information you have shared with any website, could be in a database being traded among hackers.
Scared? I know I am, but perhaps less than most, because I took steps long ago to secure my online information. What steps have you taken to protect your money online?
Some say with the latest HeartBleed vulnerability you should only change your password after you know the site has fixed their security. I’d rather improve my security immediately. Especially considering hackers started attacking HeartBleed almost immediately after it was first published.
Protect Your Money Now
My solution? Use a unique, long, random password for every account, a secure, encrypted password manager, and a cloud storage system accessible from all my computers and smartphone.
- Random passwords are much harder to crack with a dictionary attack
- Unique passwords for each site means whenever a website gets hacked you just have to change that one password
- Unique passwords means even if the site hasn’t fixed the HeartBleed vulnerability, if someone steals that password it’s only for that website so your other accounts are safe
- Password manager will generate secure passwords automatically, and let you fill in login forms with a single click
- Password managers make maintaining your emergency information organizer a breeze
- You only have to remember one password – the one for your password database (make this a hard one!)
- Random passwords are impossible to remember, and difficult to type when you’re using someone else’s computer
- Risk of exposing all your passwords if your password database is cracked
- Storing your password database in the cloud risks cracking if the encryption is ever compromised
Bluntly, some would say putting all your eggs in one basket is stupid. Warren Buffet is no security expert, just one of the most successful long term US investors of the past century, and his investing strategy resonates with this.
Or you might be worried about storing your (encrypted) password database in the cloud. Security and convenience are always inversely related, and it’s up to you to know what you’re comfortable with. Me, now I accept the tradeoffs, wagering it’s more risky to use the same password on multiple sites, than it is to store an encrypted password database in the cloud. But you may decide differently.
From my perspective, if you’re going to have to change all the passwords on all the sites you use on the web anyway, do you want to do it now, once, or do you want to do it every time you hear some website is hacked. If you want to really scare yourself, think about all the times a website is hacked and you never hear about it… How long did it take Target to announce their security breach?
Keep all your eggs in one basket, but watch that basket closely.
– Warren Buffet
If you want to give this a try, here are a few of the more popular choices.
Password Managers: The Contenders
LastPass is a great app ecosystem, with support for most mobile and desktop operating systems. With free and paid versions, you can experiment with their apps before deciding, but be aware all their mobile apps require a premium account.
OneSafe is highly regarded for mobile devices (Android, iOS, Windows Phone), but is not free and has no Windows desktop version.
KeePass is a versatile password manager. Support for almost any operating system, any device, any web browser. It’s free. Best of all, it’s open-source, making it much more likely any problems will be discovered and fixed quickly.
Cloud storage: The Contenders
Now that you have your secure password database, where do you put it?
In the cloud. But encrypted courtesy of your password manager.
When you’re talking cloud storage, everyone has their favorite. Most are free, with premium upgrades available for more space, or additional features, but you’ll need to evaluate them for yourself to see which meets your unique needs. A detailed review of all the features of these cloud storage providers is beyond the scope of this article, but here are the top providers and their key strength:
- Easiest to Use
- Available for Windows, Mac, Linux, iPhone/iPad, Android
- Great for collaborating on documents with multiple simultaneous editors
- Windows, Mac, iPhone/iPad, Android
- Impressive web-based Office suite for multiple platforms
- Available for Windows, Mac, iPhone/iPad, Android, Windows Phone
- Started as large document sharing, gradually migrating to broader services
- Available for Windows, Mac, iPhone/iPad, Android
- More enterprise features, less consumer friendly.
- Available for Windows, iPhone/iPad, Android
- The go-to cloud solution for Apple users, tightly integrated into all Apple products.
- Apple only
For password managers, KeePass is my personal favorite. It’s definitely not the most user-friendly, but it just works, everywhere.
For cloud storage, Dropbox and Google Drive are neck and neck. Dropbox is dead simple for sharing files online. Google Drive is great for collaborating on documents with real time editing. Both work fine for storing password databases and accessing them on any device.
Are you worried about your online security? Have you tried one of these solutions? Leave a comment below and share your experiences.
Photo of padlocks courtesy of .martin.