The New World of Logging into Things

I started back in the 1990’s, like most of you, creating my own Ebay account, Hotmail account, and setting up a MySpace profile (before Facebook took over the world).  In doing so, I was able to get the same username with just about all of the websites I joined or visited, but better yet, I was able to use a simple password that worked with 95% of all those websites.

I MISS THOSE DAYS!!!  It seems like every other day some website is asking me to change my password because it is either “weak” or I’ve used the same password for too many years.  I used to just add a number to my one-word password and I had no problem remembering what it was.  Then I had to add a symbol to my password, and my brain could still handle that.  It seems that once we hit the year 2015, the world must have adopted some secret internet rule that required all websites to start telling their members that their passwords were too simple and needed to be changed every 6 months.  Luckily, I have a piece of paper taped to the inside cabinet door (nobody will ever think to look there for my passwords) with all the usernames and passwords written out so I don’t have to try to remember 147 different usernames and passwords.

Well, over the last year, now it seems as though I missed another vague internet rule that is requiring all internet companies and their websites to require “Two-Factor Authentication”.  You don’t know how many times I have had to change passwords – again, and before I can log onto whatever internet site, I have to run to the kitchen and grab my cell phone to get the text message with the secret code so I can get logged in.  And if I wait too long, then I have to do it again.  Very frustrating!

What am I supposed to do now?  How can I manage all of these new passwords and 2-step log-in procedures?  Let’s take a look at how the security features on internet sites are starting to evolve and some of the options you have to make your life a little easier.  When it comes to your banking internet sites or banking apps on your smartphone, I understand why security measures have evolved as they have to keep up with the super-techie criminals who are trying to hack everything out there relating to financial information.  Plus, we really have no choice but to change our sign-in practices as the financial entities make us change.

First off, what is “Two-Factor Authentication”?  Two-factor authentication is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access to the website, they will be required to provide another piece of information.  Most often, this is a random set of numbers, letters, or a combination of both that are sent to your cell phone via a text message or sent to your email address.  Once you have the randomly generated “factor”, you enter it into the website you are logging onto to gain access.  This additional hurdle means that a would-be cyber-criminal won’t be able to access your account, even if they have your password.

To make this process even more complicated, institutions are starting to add a “time factor” to their two-factor authentication processes.  This means that once you get your special code, that sequence of numbers/letters expires after a certain number of minutes.  That’s where I get frustrated because I will get sidetracked by something, punch in the number, and get a message that it expired and have to start all over again.

As two-factor authentication becomes more popular, some states are considering passing legislation that will require certain industries to only use two-factor authentication with their websites and smartphone apps.

Let’s take a look at password and password management.  As I mentioned earlier, some of my simple passwords from the 1990’s just don’t pass today’s standards for what a solid password is.  As a result, I’m having to change my passwords on more websites and more frequently than ever.  So how does one manage all of these changes?

I think the days of having a list with all the websites I use with my user name and password is getting a bit antiquated.  With every company going to internet business, my list is growing and growing.  I have one friend who has a little black book that he carries around with him in his computer bag.  What’s the problem with this?  A person would be in big trouble if they lost their little black book or password list.  Or what if it fell into the wrong hands.  That could cause some big problems, especially with financial or banking sites.

What is a person to do?  One of the simplest ways to manage your passwords is by utilizing the password management tools offered by your internet browser.  As an example, when using Google Chrome, you can go to the upper right corner and click on the 3 dots which opens a pulldown menu where you can select “settings”.  Once you do that, there is a section that allows you to autosave your passwords.  This option also comes up when you enter a username and password at a website for the first time.  If you choose to use the password managers with the internet browser, you don’t need to write your passwords down.  The problem here is that if you access the internet from a different device, you won’t have your user names and passwords on that device unless you remember to log into Google or whatever company’s browser you’re using.

Another option is to use third-party password management tools like Keeper or 1password.  I will not pretend to know how these apps work, but supposedly they can securely store all of your passwords and log you in with a single click or tap. The way Business Insider website explains it is:

“The way that password managers work is simple: you save all your passwords to the manager and then create one “master” password for all of them. When you sign into a site, you just use that one master password — it’s the only one you need to remember. That means you can make this one password lengthy and strong”.

The interesting thing about these password management companies is that they use a technique called “zero knowledge”.  Chris Hallenbeck, chief information security officer for cybersecurity firm Tanium, described it to Business Insider like this:

“What makes a password manager safe is its Zero Knowledge security model that consists of three layers of defense: the encrypted user data, the manager’s password which is not kept on the system, and the security key. A hacker would need to break down all three defenses to get access to the information”.

I’m not sure what all of that means, but it is something that I definitely need to look into.  Some third-party password management software is free while others charge a minimal monthly fee that comes with extra bells and whistles that can store credit card information and even fingerprints.

This blog is created and authored by Chuck Henrich (Content Creator) and is published and provided for informational and entertainment purposes only. The information in the Blog constitutes the Content Creators own opinions and it should not be regarded as a description of services provided by Southwest Michigan Financial, LLC. The opinions expressed in the Blog are for general informational purposes only and are not intended to provide specific advice or recommendations for any individual or on any specific security or investment product.  It is only intended to provide education about the financial industry.  The views reflected in the commentary are subject to change at any time without notice.

Nothing on this Blog constitutes investment advice, performance data or any recommendation that any security, portfolio of securities, investment product, transaction or investment strategy is suitable for any specific person.  The Content Creator and Southwest Michigan Financial, LLC assumes no responsibility or liability for any consequences resulting directly or indirectly for any action or inaction you take based on or made in reliance of the information, services or materials provided within this blog.