• Warren Buffett
  • Volvo
  • NASDAQ Composite Index
  • 10 Year Treasury
  • Commercial Banks
  • JPMorgan Chase
  • Emerging Markets
  • Commerce Department
  • Stock Market
  • Home
  • Practice Management
  • Research & Insights
  • Alternatives
  • ETF Managed Portfolios
  • Home>Practice Management>Practice Builder>When Should You Change Your Passwords?

    Related Content

    1. Videos
    2. Articles
    1. Retirees: Beware of Complacency

      Christine Benz warns that a strong stock market may mean that retirees are overlooking some key risks.

    2. New Data Shows Slightly Brighter Picture for Economy

      Morningstar's Bob Johnson says retails sales were better than expected, and industrial production may be truly bottoming out.

    3. Weekly Wrap: How Trump's Win Affects Stocks

      Our analysts give their takes on how the new administration will impact the healthcare, industrials, and consumer sectors.

    4. Trump Victory Doesn't Change Our Outlook for Stocks

      We don't expect to make many changes to the fair value estimates of stocks in our coverage universe due the election outcome.

    When Should You Change Your Passwords?

    Your clocks aren't the only things worth changing in the fall.

    Helen Modly, CFP, CPWA, 11/17/2016

    Daylight Savings Time recently ended, and we "fell back" an hour to Standard Time. In addition to changing your clocks and the batteries in your smoke detectors, now is a great time to reset your passwords.

    Do you need to change all of them? Not necessarily. You should change any passwords where you use the same user ID and password across multiple sites, which may not have the same level of security implemented. For example, if you use the same user ID and password for your gardening forum as you do for your email account, change your email account to something unique.

    You should also change any passwords used on an unfamiliar computer. Did you look up your bank balance while on your friend's computer? Change that password. 

    Finally, you should change old passwords to implement better password policies--for example, replace “password123” using some of the password tips below.                

    The longer the better: A longer password such as "AndTheCowJumpedOverTheMoon" is more secure against a brute-force attempt to crack than a shorter but more complex password like “MyP@ssw0rd.” Aim for 16 or more characters using multiple words. Avoid using a long single word, as it would be vulnerable to a dictionary attack. Instead, create a memorable phrase or even a nonsense word, as long as you can remember it. You can add complexity with numbers and special characters to a longer password for even more security, but more complexity can become difficult to remember.

    Use unique passwords as much as possible: If someone acquired your login and password to one site, what other sites could they log into, and what could they do? Could they make purchases on your credit card? Glean information about you to use as blackmail or harass you? If nothing else, your email password should be unique and not used anywhere else online. Unique passwords should also be used for your bank, any website where you have stored your credit card or bank account information, and sites such as Facebook that have copious amounts of personal information.

    Use two-factor authentication where available: Two-factor authentication sounds complicated but is quite simple: When you enter your password into a site that has two-factor authentication enabled, a second form of authentication will occur. This usually entails a security code being sent via text to your phone or an alternate email address for you to enter. Many major sites now offer this as an opt-in feature.

    Use a password manager:  Using a password manager eliminates the need to remember your various user IDs and passwords, allowing you to have long, complex, and unique passwords to as many websites and services as you like. Whether you choose a paid or free version, it should support two-factor authentication and, if you ever find yourself logging in from more than one device, sync across multiple devices such as your computer and your phone. Most password managers will also offer the ability to designate an emergency contact that will be given your logins and passwords in the event of your incapacitation or death.


    Helen Modly, CFP, CPWA, is President of Focus Wealth Management, Ltd., and a practicing wealth advisor. She is a member of NAPFA and Chair of the board for the National Capital Area chapter of FPA. She can be reached at info@focus-wealth.com.

    The author is a freelance contributor to MorningstarAdvisor.com. The views expressed in this article may or may not reflect the views of Morningstar.