Managing multiple login passwords “securely”

Published: August 26, 2017 at 10:48 am

This year marks twenty years of computer and internet usage for me. In a two-part series, I discuss my experience and learnings on managing multiple passwords (part 1) and computer security (part 2).  From spending the whole day in the IIT, Madras library in the mid-90s to rarely entering it in the 2010s, it has been a sea change in the way I (and all of us) seek and process information.

The need for a password manager: necessity is the mother of clutter.

Initially one could access all parts of a website (including sub-directories!). Soon site owners wanted users to “log in” to use the entire or sections of the site. From having to log in to use e-mail, now more passwords were required. Unfortunately, each website had its own password codes. Some wanted one letter in capital, some a character like $,%,… and so on. When online banking took off, some banks wanted the passwords changed every few months and even insisted that the new password should not resemble the last three passwords! Some AMCs also insist on this.

So the need for a password manager became natural. The most secure password manager is this one:

Photo by Jesse Radonski (Flickr)

Of course, as long as the notebook stays at home (in one place) and so is the computer used to make financial transactions. Sure your dog can eat your notebook or it can be burnt, but when it comes to security (and insurance) we can only consider probability and not possibility. Those who can distinguish probability from possibility can also distinguish paranoia from prudence.

Security is the cost of Convenience

There is no free lunch. If we want a “convenient” way to “securely” store passwords and login, then it will have to come at the cost of security. Any piece of code, be it human generated or machine generated, can be cracked/hacked by anyone with enough determination. So none of the password managers that we have today are hacker-proof. It is merely sheer dumb luck that I have not been hacked as yet.

For the last 15 years or so, I have been using Roboform to manage my passwords and in the last 9-10 years or so, I have been making online transactions with passwords stored in it. I make no claims that is the best or even good enough. There are many other options which are probably better, but I have no intention to shift as I am used to it.

Initially, Roboform was free to use for storing ten logins with a paid version for unlimited logins. Thanks to competition and emergence of browser based password managers, Roboform is now completely free for personal use with a paid business version. There is a cloud based version which can be used to sync passwords across devices and this costs a small fee.

Roboform (so should others) comes with a so called “master password”. This can be used to unlock access to select logins. This master password is not stored anywhere in the Roboform software. So losing this would mean trouble. I have used my wife’s favorite password as the master password so that she can access the logins in my absence. Any login involving money exchange can be further secured by this master password.  This was the first double authentication I had used prior to the emergence of the mobile.

Now with mobile based authentication at the final stage of the money transfer, I believe such master passwords are not of much use.

In my opinion, double authentication is meaningful only when two separate devices are involved. This is the reason I will never use my mobile for online transactions. Losing a mobile is not just a possibility!

Why not browser-based password managers?

I am of course referring to Chrome and Firefox (most popular choices?). As of now, all my financial transactions logins are in Roboform with a master password. All the rest (Facebook, Gmail, EB bill, Telephone, property tax etc) are all on chrome.

However, I do feel that there is no harm in using browsers to store say, AMC passwords. Suppose the browser is hacked and the password is out in the open (with the login), what is the worst that can happen? I may have to pay tax if the hacker makes a redemption. The money will go to my bank account in T+1 or T+3 days ( I can get this canceled in the meantime as I will get an SMS and email alert). The hacker would then need my bank credentials and mobile phone to access my money. That is just too much of a long shot.

I repeat

Paranoia —-> possibility

Prudence —-> probability

Oh yeah, by the way, I am pro-Aadhaar and supposedly the CIA knows my A-number. How flattering!

The problem with browser based password managers are the updates. Chrome suddenly changed its settings interface and couple of weeks ago. When I managed to get to the password and wanted to change one and clicked on the “eye”, it wanted a windows password!  Users who did not set a windows login password suddenly could not access their own passwords.

Thanks to an outcry in the forums, this was quicked removed in the next update. I have never faced such nonsense with Roboform. Even if the latest version looks completely different from the first version I used, the core settings are the same.

Even though all sites have a “forgot password” link, some do not have a “forgot login id” link. So at least for this,  a cloud-based service is necessary. I will be getting the Roboform Everywhere service (20 USD per year or 50 USD for 3Y or 75 USD for 5Y)

Chrome has this too (free) and it is quite convenient.

By the way, you can have some fun trying to find out how secure your password is with many online tools. Here is a screenshot:

Source: https://password.kaspersky.com/in/

Disclosure: I am NOT affiliated with any of the brands mentioned in this or any post here.

================================

Ask Questions with this form

And I will respond to them in the next few days. I welcome tough questions. Please do not ask for investment advice. Before asking, please search the site if the issue has already been discussed. Thank you.  PLEASE DO NOT POST COMMENTS WITH THIS FORM it is for questions only.

[contact-form][contact-field label=’Name’ type=’name’ required=’1’/][contact-field label=’Email’ type=’email’ required=’1’/][contact-field label=’Comment’ type=’textarea’ required=’1’/][/contact-form]

GameChanger– Forget Startups, Join Corporate & Live The Rich Life You want

My second book, Gamechanger: Forget Start-ups, Join Corporate and Still Live the Rich Life you wantco-authored with Pranav Surya is now available at Amazon as paperback (₹ 199) and Kindle (free in unlimited or ₹ 99 – you could read with their free app on PC/tablet/mobile, no kindle necessary).

It is a book that tells you how to travel anywhere on a budget (eg. to Europe at 50% lower costs) and specific investment advice for young earners.

The ultimate guide to travel by Pranav Surya is a deep dive analysis into vacation planning, finding cheap flights, budget accommodation, what to do when travelling, how travelling slowly is better financially and psychologically with links to the web pages and hand-holding at every step.  Get the pdf for ₹199 (instant download)

You can Be Rich Too with Goal-Based Investing 

My first book with PV Subramanyam helps you ask the risk questions about money, seek simple solutions and find your own personalised answers with nine online calculator modules.

The book is available at:

Amazon Hardcover Rs. 271. 32% OFF

Infibeam Now just Rs. 270  32% OFF. If you use a mobikwik wallet, and purchase via infibeam, you can get up to 100% cashback!!

Flipkart Rs. 279. 30% off

Kindle at Amazon.in (Rs.271) Read with free app

Google PlayRs. 271 Read on your PC/Tablet/Mobile

Now in Hindi!

Order the Hindi version via this link

Do share if you found this useful
Share your thoughts on this topic at the  Reddit freefincal_user_forum

Reach your financial goals like a pro! Join our 1600+ Facebook Group on Portfolio Management! You can now reduce fear, doubt and uncertainty while investing for your financial goals! Sign up for our lectures on goal-based portfolio management and join our exclusive Facebook Community. The 1st lecture is free!
Want to check if the market is overvalued or undervalued? Use our market valuation tool (will work with any index!) or you buy the new Tactical Buy/Sell timing tool!
About the Author Pattabiraman editor freefincalM. Pattabiraman(PhD) is the founder, managing editor and primary author of freefincal. He is an associate professor at the Indian Institute of Technology, Madras. since Aug 2006. Connect with him via Twitter or Linkedin Pattabiraman has co-authored two print-books, You can be rich too with goal-based investing (CNBC TV18) and Gamechanger and seven other free e-books on various topics of money management. He is a patron and co-founder of “Fee-only India” an organisation to promote unbiased, commission-free investment advice. He conducts free money management sessions for corporates and associations on the basis of money management. Previous engagements include World Bank, RBI, BHEL, Asian Paints, Cognizant, Madras Atomic Power Station, Honeywell, Tamil Nadu Investors Association. For speaking engagements write to pattu [at] freefincal [dot] com
About freefincal & its content policy Freefincal is a News Media Organization dedicated to providing original analysis, reports, reviews and insights on developments in mutual funds, stocks, investing, retirement and personal finance. We do so without conflict of interest and bias. Follow us on Google News Freefincal serves more than one million readers a year (2.5 million page views) with articles based only on factual information and detailed analysis by its authors. All statements made will be verified from credible and knowledgeable sources before publication. Freefincal does not publish any kind of paid articles, promotions or PR, satire or opinions without data. All opinions presented will only be inferences backed by verifiable, reproducible evidence/data. Contact information: letters {at} freefincal {dot} com (sponsored posts or paid collaborations will not be entertained)
Connect with us on social media
Our publications

You Can Be Rich Too with Goal-Based Investing

You can be rich too with goal based investingPublished by CNBC TV18, this book is meant to help you ask the right questions, seek the right answers and since it comes with nine online calculators, you can also create custom solutions for your lifestyle! Get it now. It is also available in Kindle format.
Gamechanger: Forget Startups, Join Corporate & Still Live the Rich Life You Want Gamechanger: Forget Start-ups, Join Corporate and Still Live the Rich Life you wantThis book is meant for young earners to get their basics right from day one! It will also help you travel to exotic places at low cost! Get it or gift it to a young earner

Your Ultimate Guide to Travel

Travel-Training-Kit-Cover-new This is a deep dive analysis into vacation planning, finding cheap flights, budget accommodation, what to do when travelling, how travelling slowly is better financially and psychologically with links to the web pages and hand-holding at every step. Get the pdf for Rs 199 (instant download)
Free android apps