Enwealthen

Walking the path to financial freedom and security

Protect Your Money Online

| 4 Comments

padlocks on railingHow dangerous is it really, to have your financial information online?

Or cutting to the chase – how secure is your retirement?  Not how much money you have, but how easily could someone else steal what you’ve worked so hard to save?

What do you do to protect your money online?

Do you access your bank account or retirement accounts on the Internet?  Track your finances with all your account numbers, passwords, etc. on Mint?  How about your name, Social Security Number, and address when you e-file your taxes with the IRS or your state tax board?  And then there’s always Amazon, and your credit card information, along with the names and addresses of everyone you send gifts to.

If you’re like me, you do all this, and more.

That’s a lot of information you’re sharing on the internet.  But SSL keeps you safe, right?

Not right now.

HeartBleed has recently demonstrated just how long your “secure” information can be exposed without your knowledge.  At this exact moment, your name, SSN, usernames, passwords, account numbers, any information you have shared with any website, could be in a database being traded among hackers.

Scared?  I know I am, but perhaps less than most, because I took steps long ago to secure my online information.  What steps have you taken to protect your money online?

Some say with the latest HeartBleed vulnerability you should only change your password after you know the site has fixed their security.  I’d rather improve my security immediately.  Especially considering hackers started attacking HeartBleed almost immediately after it was first published.

Protect Your Money Now

My solution?  Use a unique, long, random password for every account, a secure, encrypted password manager, and a cloud storage system accessible from all my computers and smartphone.

Pros

  • Random passwords are much harder to crack with a dictionary attack
  • Unique passwords for each site means whenever a website gets hacked you just have to change that one password
  • Unique passwords means even if the site hasn’t fixed the HeartBleed vulnerability, if someone steals that password it’s only for that website so your other accounts are safe
  • Password manager will generate secure passwords automatically, and let you fill in login forms with a single click
  • Password managers make maintaining your emergency information organizer a breeze
  • You only have to remember one password – the one for your password database (make this a hard one!)

Cons

  • Random passwords are impossible to remember, and difficult to type when you’re using someone else’s computer
  • Risk of exposing all your passwords if your password database is cracked
  • Storing your password database in the cloud risks cracking if the encryption is ever compromised

Bluntly, some would say putting all your eggs in one basket is stupid.  Warren Buffet is no security expert, just one of the most successful long term US investors of the past century, and his investing strategy resonates with this.

Or you might be worried about storing your (encrypted) password database in the cloud.  Security and convenience are always inversely related, and it’s up to you to know what you’re comfortable with.  Me, now I accept the tradeoffs, wagering it’s more risky to use the same password on multiple sites, than it is to store an encrypted password database in the cloud.  But you may decide differently.

From my perspective, if you’re going to have to change all the passwords on all the sites you use on the web anyway, do you want to do it now, once, or do you want to do it every time you hear some website is hacked.  If you want to really scare yourself, think about all the times a website is hacked and you never hear about it…  How long did it take Target to announce their security breach?

Keep all your eggs in one basket, but watch that basket closely.

- Warren Buffet

Your choice

If you want to give this a try, here are a few of the more popular choices.

Password Managers: The Contenders

LastPass is a great app ecosystem, with support for most mobile and desktop operating systems.  With free and paid versions, you can experiment with their apps before deciding, but be aware all their mobile apps require a premium account.

OneSafe is highly regarded for mobile devices (Android, iOS, Windows Phone), but is not free and has no Windows desktop version.

KeePass is a versatile password manager.  Support for almost any operating system, any device, any web browser.  It’s free.  Best of all, it’s open-source, making it much more likely any problems will be discovered and fixed quickly.

Cloud storage: The Contenders

Now that you have your secure password database, where do you put it?

In the cloud.  But encrypted courtesy of your password manager.

When you’re talking cloud storage, everyone has their favorite.  Most are free, with premium upgrades available for more space, or additional features, but you’ll need to evaluate them for yourself to see which meets your unique needs.  A detailed review of all the features of these cloud storage providers is beyond the scope of this article, but here are the top providers and their key strength:

Dropbox

  • Easiest to Use
  • Available for Windows, Mac, Linux, iPhone/iPad, Android

Google Drive

  • Great for collaborating on documents with multiple simultaneous editors
  • Windows, Mac, iPhone/iPad, Android

Microsoft OneDrive

  • Impressive web-based Office suite for multiple platforms
  • Available for Windows, Mac, iPhone/iPad, Android, Windows Phone

HighTail

  • Started as large document sharing, gradually migrating to broader services
  • Available for Windows, Mac, iPhone/iPad, Android

Box

  • More enterprise features, less consumer friendly.
  • Available for Windows, iPhone/iPad, Android

iCloud

  • The go-to cloud solution for Apple users, tightly integrated into all Apple products.
  • Apple only

The Winners

For password managers, KeePass is my personal favorite.  It’s definitely not the most user-friendly, but it just works, everywhere.

For cloud storage, Dropbox and Google Drive are neck and neck.  Dropbox is dead simple for sharing files online.  Google Drive is great for collaborating on documents with real time editing.  Both work fine for storing password databases and accessing them on any device.

Are you worried about your online security?  Have you tried one of these solutions?  Leave a comment below and share your experiences.

Photo of padlocks courtesy of .martin.

4 Comments

  1. I admit that sometimes those sites like “Mint” that aggregate your passwords for other financial sites do scare me a little bit. How many other bugs like heartbleed are out there waiting to be exposed?
    jefferson @See Debt Run recently posted Uncommon Side Income MethodsMy Profile

    • It is frightening when you think about all the implied trust and how quickly it can fall apart.

      If you’ve noticed all the spam from AOL the last week or so, they finally announced today that they were hacked. Makes you wonder how many companies get hacked and never tell you about it unless it’s obvious like this.

      Reminds me of the time my credit card number was changed by my credit company because a store has been hacked, but they refused to tell me which store it was. Security by obscurity is weak security indeed.

  2. It’s frightening the sheer amount of private financial information we have floating on the internet. I can strongly agree with you on the need for stringent security measures. Am currently using the combination of an encrypted file on dropbox…and even with that, I never feel absolutely safe!
    Simon recently posted Wyndham Rewards Visa Signature Card ReviewMy Profile

  3. Short of an eidetic memory and being able to remember all your passwords without assistance, no one is ever truly safe. Even then, you’re still susceptible to social engineering – it’s amazing how many people believe someone who calls them on the telephone asking for private / confidential information.

    But that said, I think an encrypted password store on a generic cloud storage platform is the best compromise. At least on a generic cloud you’re less likely to be targeted as you might be on a more attractive target, like a cloud especially for password storage.

    When it comes to security, being paranoid is a good thing. After all, even paranoids have enemies!

Leave a Reply

Required fields are marked *.


CommentLuv badge