Best Practices for Passwords

In our digital age, the amount of passwords we have to create and remember is dizzying.  We are sure most of you are aware of the tips to create strong passwords to protect your online financial information.  The problem to following these tips is that you end up with dozens of unique, strong passwords which are impossible to remember.  It is tempting to simply use the same password for multiple sites, which is not recommended.

Here’s a quick review of some tips to creating strong passwords:

  • Create unique passwords for each website – this reduces the likelihood of multiple accounts being compromised in the event of a security breach
  • Use longer passwords – at least 8 characters
  • Avoid common words and names (especially your own name)
  • Use different types of characters:
    • Uppercase letters
    • Lowercase letters
    • Numbers
    • Symbols (!,@,#,$,%&, etc.)

In addition to the above, we recommend changing important passwords (i.e. bank accounts) at least every 3 to 6 months.  Keep in mind that the password to your email system is also critical.  Since your email is used to reset password from other sites, someone can do a lot of damage if they gain access.

So, now that you have unique passwords for all of your online accounts (and are changing them regularly), how in the world are you supposed to remember them all?

The worst option is to keep sticky notes around your computer or to keep passwords in an unprotected file on your computer.  A much better option is to use a password manager system.   These systems can securely store your passwords and make it easy to use them across different devices.  They can even store useful information for filling out forms and help you generate strong passwords.

Below are some options for password management:

  • 1password (
    • Stored locally (not in the cloud) with option to sync with other devices via iCloud, Dropbox or WiFi
  • Dashlane (
    • Stored locally on single device – free version
    • Option to sync with other devices via their server with paid version
  • Lastpass (
    • Cloud-based
  • RoboForm Everywhere (
    • Stored locally with syncing to all devices over their servers

All of the password managers listed above use a very high level of encryption to keep your passwords secure.  The possible entry point for a hacker is the master password, so it is important to make this password as strong as possible.

Also, we recommend that the most important and trusted person in your life (such as a spouse) be able to access all passwords in the event of incapacity or death.  Make sure you share where everything is stored so this person is able to access the critical information if needed.


Please remember that past performance may not be indicative of future results. Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by The Arkansas Financial Group, Inc.-“AFG”), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful. Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions. Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from AFG. Please remember that if you are a AFG client, it remains your responsibility to advise AFG, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. AFG is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice. A copy of the AFG’s current written disclosure Brochure discussing our advisory services and fees is available for review upon request. Please Note: AFG does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to AFG’s web site or blog or incorporated herein, and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly.