Is Your Password Actually Secure?

Here at WealthPoint, while we do talk about financial planning topics quite a bit, that’s not the only thing on our minds. For example, I also think about food, golf, Purdue basketball, how well this squirrel is balancing itself on the tiny tree branch outside my office window…but I digress. Today’s blog isn’t about any of that, but it is about something that comes up quite often in conversations around our office and with clients: cybersecurity.


As you probably know, cybersecurity can seem abstract, complex, and difficult to manage. But there’s at least one thing you can do that’s simple and can prevent a lot of headaches: improve your passwords.


If you’re like me, or at least the old me, you use a small handful of passwords for everything. You might change them slightly based on the requirements of a specific website, but for the most part you don’t have much variety. I’ll bet most of the passwords aren’t random, either. They probably include a word or number that is tied to your personal information (like a name or zip code). This makes passwords easy to remember, sure, but it turns out this isn’t the most secure way to go about things


Passwords should be complicated. The longer and more complex, the better. At a recent cybersecurity workshop I attended, an expert from Charles Schwab told us that an 8-character password takes a good hacker 15 minutes to crack. Compare this to a 12-character password, which takes 3 weeks. Simply adding more characters, such as exclamation points, to the beginning or end of your existing password helps increase security. This is called password padding.


Another option would be using passphrases instead of passwords. This would be several words with spaces in between them, making your password longer and more unique. A great resource to try is howsecureismypassword.net, which estimates how long it would take a computer to crack your password. For example, I tested the following passwords and got some interesting results. As you can see, spaces really throw the computer off.


Josh – instantly (I definitely don’t recommend ever using your name or any variation of it)

J0sh! – 68 milliseconds

hFK*cnTR7iyL@1$z – 1 trillion years (randomly generated using a password generator)

my name is josh – 5 million years

My Name Is Josh! – 7 trillion years

hFK* cnTR 7iyL @1$z – 36 quintillion years


The next step would be to make your passwords random and unique. If you have the same password for all of your accounts, you’ve created a hacker’s dream scenario; he only needs to break into one place and he’ll have everything. Ideally, you would have a different and unique password for every account. And even if they’re unique across accounts, passwords that contain easy-to-guess words or numbers – particularly those related to your personal information – won’t be hard for a hacker to guess.


If someone accesses one of your accounts, they’ll probably have access to that personal information, meaning they won’t have to work very hard to guess your other passwords. Not only should they all be different, they should all be comprised of random letters, numbers, and other characters. Seems like a pain, but perhaps manageable if you had a good place to store all these random passwords…


…but be careful about that too. Having them written on a notepad on your desk or in your drawer isn’t the best answer. How easy is it for someone to snap a quick picture of that piece of paper using their cell phone? What if you lose it?


As an alternative, we see many people using spreadsheets on their computer to store a list of their passwords. While this does add an extra layer or two of defense, it’s still not a perfect solution. Is the spreadsheet itself password-protected, or could someone open the file right up? What happens to that file if your computer is damaged and becomes unusable?


As you can see, it’s become a complicated issue. But the good news is, as hacking has evolved, so have other technologies that can help you prevent it. There are several password management apps available that address all of the aforementioned concerns. Here at WealthPoint, we’ve become fond of LastPass. It’s free to use (there is a paid version but we’ve found the free version suits our needs just fine) and available on your computer, phone, tablet, etc.


To log in, you create a “master password” that gives you access to your vault, where all the other passwords are stored. My master password is complex, but I’m able to remember it since it’s the only one I need. Once logged in, you can access all other passwords you’ve saved.


Perhaps the best feature is the password generator, which generates complex, random passwords and automatically stores them in your vault. I’ve been working on replacing my old passwords with new ones using this feature. It even gives you a “security challenge” score that increases based on how good your passwords are, which has motivated me to make a lot of progress!


As you can see, the issue can be complex, but your solution doesn’t have to be. I’ve been using LastPass for about 18 months and I feel as if my online security has improved greatly. While we aren’t cybersecurity experts, we do take data protection very seriously. We are happy to discuss any questions you may have regarding our approach to protecting data or how we use password management apps.


Thanks for reading!

About the Author: Josh Bentz

Josh Bentz, CFP®, Wealth Advisor, helps clients organize and simplify their financial lives by providing comprehensive, personal financial planning. As a Wealth Advisor, Josh provides comprehensive financial planning for clients. He enjoys getting to know individuals and families so he can give specific, meaningful advice. He believes in being a fiduciary and doing what is in the best interest of clients.