This year marks twenty years of computer and internet usage for me. In a two-part series, I discuss my experience and learnings on managing multiple passwords (part 1) and computer security (part 2). From spending the whole day in the IIT, Madras library in the mid-90s to rarely entering it in the 2010s, it has been a sea change in the way I (and all of us) seek and process information.
The need for a password manager: necessity is the mother of clutter.
Initially one could access all parts of a website (including sub-directories!). Soon site owners wanted users to "log in" to use the entire or sections of the site. From having to log in to use e-mail, now more passwords were required. Unfortunately, each website had its own password codes. Some wanted one letter in capital, some a character like $,%,... and so on. When online banking took off, some banks wanted the passwords changed every few months and even insisted that the new password should not resemble the last three passwords! Some AMCs also insist on this.
So the need for a password manager became natural. The most secure password manager is this one:
Of course, as long as the notebook stays at home (in one place) and so is the computer used to make financial transactions. Sure your dog can eat your notebook or it can be burnt, but when it comes to security (and insurance) we can only consider probability and not possibility. Those who can distinguish probability from possibility can also distinguish paranoia from prudence.
Security is the cost of Convenience
There is no free lunch. If we want a "convenient" way to "securely" store passwords and login, then it will have to come at the cost of security. Any piece of code, be it human generated or machine generated, can be cracked/hacked by anyone with enough determination. So none of the password managers that we have today are hacker-proof. It is merely sheer dumb luck that I have not been hacked as yet.
For the last 15 years or so, I have been using Roboform to manage my passwords and in the last 9-10 years or so, I have been making online transactions with passwords stored in it. I make no claims that is the best or even good enough. There are many other options which are probably better, but I have no intention to shift as I am used to it.
Initially, Roboform was free to use for storing ten logins with a paid version for unlimited logins. Thanks to competition and emergence of browser based password managers, Roboform is now completely free for personal use with a paid business version. There is a cloud based version which can be used to sync passwords across devices and this costs a small fee.
Roboform (so should others) comes with a so called "master password". This can be used to unlock access to select logins. This master password is not stored anywhere in the Roboform software. So losing this would mean trouble. I have used my wife's favorite password as the master password so that she can access the logins in my absence. Any login involving money exchange can be further secured by this master password. This was the first double authentication I had used prior to the emergence of the mobile.
Now with mobile based authentication at the final stage of the money transfer, I believe such master passwords are not of much use.
In my opinion, double authentication is meaningful only when two separate devices are involved. This is the reason I will never use my mobile for online transactions. Losing a mobile is not just a possibility!
Why not browser-based password managers?
I am of course referring to Chrome and Firefox (most popular choices?). As of now, all my financial transactions logins are in Roboform with a master password. All the rest (Facebook, Gmail, EB bill, Telephone, property tax etc) are all on chrome.
However, I do feel that there is no harm in using browsers to store say, AMC passwords. Suppose the browser is hacked and the password is out in the open (with the login), what is the worst that can happen? I may have to pay tax if the hacker makes a redemption. The money will go to my bank account in T+1 or T+3 days ( I can get this canceled in the meantime as I will get an SMS and email alert). The hacker would then need my bank credentials and mobile phone to access my money. That is just too much of a long shot.
Paranoia ----> possibility
Prudence ----> probability
Oh yeah, by the way, I am pro-Aadhaar and supposedly the CIA knows my A-number. How flattering!
The problem with browser based password managers are the updates. Chrome suddenly changed its settings interface and couple of weeks ago. When I managed to get to the password and wanted to change one and clicked on the "eye", it wanted a windows password! Users who did not set a windows login password suddenly could not access their own passwords.
Thanks to an outcry in the forums, this was quicked removed in the next update. I have never faced such nonsense with Roboform. Even if the latest version looks completely different from the first version I used, the core settings are the same.
Even though all sites have a "forgot password" link, some do not have a "forgot login id" link. So at least for this, a cloud-based service is necessary. I will be getting the Roboform Everywhere service (20 USD per year or 50 USD for 3Y or 75 USD for 5Y)
Chrome has this too (free) and it is quite convenient.
By the way, you can have some fun trying to find out how secure your password is with many online tools. Here is a screenshot:
Disclosure: I am NOT affiliated with any of the brands mentioned in this or any post here.
Ask Questions with this form
And I will respond to them in the next few days. I welcome tough questions. Please do not ask for investment advice. Before asking, please search the site if the issue has already been discussed. Thank you. PLEASE DO NOT POST COMMENTS WITH THIS FORM it is for questions only.
GameChanger- Forget Startups, Join Corporate & Live The Rich Life You want
My second book, Gamechanger: Forget Start-ups, Join Corporate and Still Live the Rich Life you want, co-authored with Pranav Surya is now available at Amazon as paperback (₹ 199) and Kindle (free in unlimited or ₹ 99 - you could read with their free app on PC/tablet/mobile, no kindle necessary).
It is a book that tells you how to travel anywhere on a budget (eg. to Europe at 50% lower costs) and specific investment advice for young earners.
The ultimate guide to travel by Pranav Surya is a deep dive analysis into vacation planning, finding cheap flights, budget accommodation, what to do when travelling, how travelling slowly is better financially and psychologically with links to the web pages and hand-holding at every step. Get the pdf for ₹199 (instant download)
You can Be Rich Too with Goal-Based Investing
My first book with PV Subramanyam helps you ask the risk questions about money, seek simple solutions and find your own personalised answers with nine online calculator modules.
The book is available at:
Amazon Hardcover Rs. 271. 32% OFF
Infibeam Now just Rs. 270 32% OFF. If you use a mobikwik wallet, and purchase via infibeam, you can get up to 100% cashback!!
Flipkart Rs. 279. 30% off
Kindle at Amazon.in (Rs.271) Read with free app
Google PlayRs. 271 Read on your PC/Tablet/Mobile
Now in Hindi!
Order the Hindi version via this link