Financial Paranoia 4 - The Bare Minimum - Password Manager & Separate Usernames

 In the last installment, we discussed using a separate email account, email aliases, and a separate smart phone for online banking and credit cards.

All of this compartmentalization will go to waste, however, if you use the same username and password for your banking sites/apps as you use for things like Reddit and Facebook.  

Using a separate password for each site requires either an ironclad memory, a big paper notebook, or a password manager.

The Password Manager

For low priority non-financial sites, I recommend using something like ProtonPass or BitWarden to manage your accounts and passwords.  These work accross smart phones and PCs, sync your passwords, and are easy to use.  

For banking related stuff, however, I recommend using an offline password manager such as KeePass.   This is simply because it can't be hacked if it's not in the cloud.  You can keep this data on a USB flash drive, and attach that to your computer or phone only when you need it.  

A word of warning about USB flash drives, though.  You should make a backup to a secondary drive at least once every month or so, and you should keep it in a safe place where you won't lose it.  If you lose this drive or it breaks, you could very well lose access to all of your accounts.  

For most financial related sites, you will need some sort of username, which will typically be one of the following:

1. An Account number
2. An email address
3. A separate username

When an account number is used, you will typically not have any choice in the matter, but at least the account number will be unique.

When an email address is used, you can make it unique by using an alias. 

When a separate username is required, this will sometimes be created for you, and sometimes you can choose it yourself (or change it later).  

Since you are using a password manager anyway, I would recommend that you create a separate un-guessable username for each site when you have the opportunity.  

Either way, you for sure want to use a separate hard to guess password for each site.  Most password database tools have a feature that can generate the passwords for you.  Sadly, some sites will only accept relatively short passwords or not allow special symbols.  Use the longest password possible, as you will normally only have to copy & paste to input it.  

You might want to use easy to remember and enter passwords like "Happy-toaster-Fossil-345$" instead of "DdfhjfREgGcED32T42%#!k1$" in case you have to enter them manually ona phone keyboard or something, but even then it is usually only a one time thing.  

Once you have completed the above...

Congratulations!

You have now virtually eliminated the risk that anyone can log into any of your accounts via a password list from data breaches they purchased online.  In fact, they won't even be able to figure out your username, much less password in most cases.