Can You Trust Password Managers With Your Banking Information?

Unfortunately, password managers can be hacked as well.

The growth of internet banking and ability to do almost anything online makes our lives a lot more convenient. It saves us untold trips to physical locations where we'd have to queue up to talk to someone who may or may not be able to help. However, it also means there's an online back door that hackers and scammers can try to use to access your accounts.

That's where passwords and password managers come in. And unfortunately, as a recent hacking incident shows, they may not be as safe as you think.

Password managers are safe, but not as safe as you think

Passwords are the first line of defense against cybercrime, but it isn't easy to keep track of them all. I did a quick count when I started this article and was surprised to learn I have over 100 different passwords for different accounts. That includes everything from work to utilities to subscription services to financial services. I'm not unusual.

It's not surprising, then, that people turn to password managers for help. Many cybersecurity experts recommend password managers such as 1Password and Dashlane. Not only can they help you create strong passwords, but they can also keep track of them and make it easy to access your accounts from different devices.

The challenge is that few things are 100% secure, including password managers. Even if they have cutting-edge encryption and the latest security, they can be hacked. For example, LastPass, a popular password manager, recently announced details of a security breach that potentially compromised millions of customers' information.

The company assured its users that sensitive information, such as passwords and credit card numbers, were not stolen. However, the criminals accessed other information such as names, addresses, emails, phone numbers, and website URLs. In a release, LastPass said it would be "extremely difficult" for the thieves to crack people's passwords, but warned customers they could be targeted by phishing and other social engineering attacks.

If you're a LastPass customer, change all your passwords today if you haven't already done so. Sadly, you're also going to have to be extra vigilant. Be particularly suspicious of anyone who says they're a customer service representative of a bank or brokerage firm and asks for your information over the phone. These could be phishers who've gotten hold of your information from LastPass.

How to protect your accounts

Even if you're not a LastPass customer, the breach shows that even security companies aren't immune. It doesn't mean we can't trust password managers at all. It means we can't rely solely on these companies to keep us safe online, no matter what they promise. Here are some tips to keep your banking and other information safe.

1. Don't use your pet's name or other easily guessable password

Complex passwords containing a mix of uppercase and lowercase letters, numbers, and symbols are dramatically harder to crack than birthdays, maiden names, or even your first pet. Ideally, your password should also be 12 characters or more in length. According to an interview with a security expert in The Guardian, it's the difference between two seconds for a weak password and 400 years for a truly secure one.

2. Don't use the same password for every account

The temptation to re-use passwords is entirely understandable. It's much easier to remember a couple of passwords than keep track of a hundred of them. However, it can dramatically reduce your online safety.

You might think you'll use one password for the "less important" logins such as a news subscription or social media, and reserve more secure ones for your banking and email. But it doesn't work that way. Once a hacker's accessed one of your accounts, they can use that info to learn other sensitive information, potentially putting your secure logins at risk as well.

3. Use two-factor authentication (2FA)

Many companies, including banks, have some system of extra authentication available, though you might have to turn it on. It's essentially another online lock that works in addition to your password. It might take the form of a text sent to your phone, an authenticator app, or a fingerprint scan. Enable it on any accounts where you store your financial information.

4. Choose a password manager you trust

The big advantage of using a password manager is that it makes it easier to keep track of the hundreds of unique and complex passwords we talked about above. The downside is it's nerve wracking to put all your password eggs in one basket, particularly one that could get hacked. Passwords managers may also alert you to potential breaches and offer encrypted file storage.

The ideal scenario is one where your password manager is part of your overall security. Think of it as an alarm system in your home -- even if you had the best system in the world, you'd still need to lock your doors and windows. Look for one that hasn't had any security incidents and has strong encryption and security measures. It should also be easy to use and compatible with the devices you use.

Bottom line

The best approach to internet security is to make life as difficult as possible for a potential hacker. We may not be able to turn our computers into miniature Fort Knoxes, but the harder it is to access your confidential data, the more likely it is that criminals will give up and look for easier online prey.