Michael Kitces #FinTech

Password managers are a powerful tool in the fight to fend off cyber crooks

Breaking down how password managers actually work, plus details on three good options for advisers to consider

Feb 4, 2015 @ 9:31 am

By Blane Warrene

As advisers renew their focus on cybersecurity, one important area not to overlook are passwords. While choosing the right technology is an important component of reinforcing our security when online, so is correcting some of our bad habits.

Passwords have been broken for some time, though they remain a necessary element of securing the systems we use. There are two primary reasons passwords, by themselves, are not optimal as a security gatekeeper.

(Related read: Morgan Stanley breach offers universal cybersecurity lessons)

One is the availability of very powerful, inexpensive computers. These enable bad actors to perform what are called brute force attacks on systems. In the most basic terms, this is where a hacker seeks to guess passwords and 'guess' a login. Once this is done, the hacker can freely navigate a system using one or more accounts.

The second is our sin of convenience. For example, if you use one or two passwords for multiple online accounts, and those are compromised, you are not only risk one account, but many. Likewise, the simpler the password, the quicker they are to be 'guessed.'

Password managers seek to disrupt this using a couple of different features. Let's start with how they work and how they can help us overcome the challenges of using difficult and unique passwords.

The most popular solutions work across any web browser on a PC or Mac, and extend onto smartphones and tablets. Once installed, they ask you to create one primary password to unlock access to all of your passwords. This is the only password you will need to remember, and writing it on a sticky note or keeping it somewhere easy to find does not qualify as 'remembering it.'

Initially, a password manager should prompt you to import passwords already stored within a browser, such as Google Chrome, Internet Explorer or Mozilla's Firefox. Once these are imported, they can be removed from the browser's storage, since they were not being stored securely.*

(More: Why insurance is not the cybersecurity answer)

As you visit and use sites and tools online that requires your login, the password manager will prompt you to save your credentials. Use this also as an opportunity to change your passwords at each destination. Your password manager will allow you to create unique, complex passwords and save those for easy use later. Password managers support automatically including numbers, uppercase letters as well as special characters, so you can end up with a password like “U6%$1bzdg)i!” and not have to remember how to type it in.

If you have a large number of online accounts to store credentials for, you can also run a test against your existing passwords. A password manager can often help you determine if your passwords are too weak, if you have duplicates across sites, and more.

Choosing a tool that supports many platforms and devices means these new, complex passwords will also be available to you in and out of the office and on any device you use. This continues to provide secure convenience wherever you are.

These three password managers noted below also offer business-tier services if you want to extend this to your staff. This will enable you to maintain control of the online credentials used in the course of running your business while also insuring your employees are more secure in their overall use of passwords.

1Password by Agile Bits. 1Password started out as a pure Mac solution for passwords. It has since matured into an excellent option for both Windows and Mac users - with apps that extend onto Android and iOS devices. 1Password enables the use of multiple personal and professional vaults.

LastPass. Maybe the most flexible manager with coverage that also includes Windows Mobile, USB-only editions for thumb drives, as well as Blackberry and Surface RT. The enterprise edition of LastPass (their business tool offering) also includes support for single sign on to important business platforms for employees - like Office 365, Salesforce and Box.net, as well as an auditing dashboard to control business logins for employees.

RoboForm. This was for a long time a Windows-only selection. However, that changed and now includes support for multiple web browsers and mobile devices. There is also an offline edition of RoboForm called RoboForm2Go. This will store all of your passwords on a secured thumb drive with no cloud sync. The drive can then be plugged into any computer with a USB port to unlock and access your passwords without leaving those passwords on the computer in use.

While we are only scratching the surface of reasons to use password managers, and their capabilities, the results are clear. Strong passwords alone will not completely remove the risk to our online accounts, but it greatly reduces the ability for bad actors to easily break in. Extending those difficult passwords to our mobile devices while preserving the ease of logging in should be the feature that makes it a no-brainer for most to take the leap.

Blane Warrene is the co-founder of QuonWarrene.

*Apple's Safari may be an exception. In the latest release of OS X, Apple's Keychain tool was extended to Safari and iCloud as a sort of encrypted password manager. While there are some elements of a password manager in this solution, it does not yet have the robustness of a pure password management app. However, if you work purely on OS X and iOS devices, it may serve as a solution that is a step up from no password management at all.

(More from Blane Warrene: The biggest mistakes advisers make with technology)


How do you protect and manage your passwords?

View comments

Upcoming event

Oct 22


San Francisco Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Most watched


Young advisers envision a radically different business in five years

Fintech and sustainable investing are two factors being watched closely by some of the 2019 class of InvestmentNews' 40 Under 40.


Young professionals see lots of opportunity to reinvent the advice experience

Members of the 2019 InvestmentNews class of 40 Under 40 have strategies to overcome the challenges of being young in a mature industry.

Latest news & opinion

Target-date fund design may be wrong for retirees

Researchers suggest the funds don't adequately hedge against sequence-of-returns risk in retirement.

InvestmentNews' 2019 class of 40 Under 40

Our 40 Under 40 project, now in its sixth year, highlights young talent in the financial advice industry. These individuals illustrate the tremendous potential of those coming up in the profession. These stories will surprise, entertain, educate and inspire.

New Jersey fiduciary rule: Pressure leads to public hearing, comment deadline extension

Industry push results in chance to air grievances on July 17 and another month to present objections.

Galvin to propose fiduciary rule for Massachusetts brokers

The secretary of the commonwealth is proposing a fiduciary standard in response to an SEC investment-advice rule he views as too weak.

Summer reading recommendations from financial advisers

Here are some books that will keep you informed and entertained during summer's downtime


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print