If you have elderly relatives or clients, chances are that you've been called in to a password-related crisis:
- "I know this is my password. What the hell is CAPS LOCK?!!"
- "I've been locked out of my account! I swear I only tried once or twice."
- "I write down all my passwords in a notebook. But I'm not sure I wrote down the last one."
- "Why do they make these things so damned hard?"
- "You used to be able to call up a real live human being."
Not only is this frustrating for everyone involved, but not having a system for keeping track of passwords can result in security issues. So, what are good (and easily adoptable) methods for maintaining security and sanity? The discussion below is relevant for all of us, but I'm focusing on techniques that may be particularly helpful for elders.
First off, why passwords? I worked for technology companies for years and I can tell you that security is a very thorny issue, particularly when dealing with identity, payments and financial platforms. For obvious reasons, only authorized users should be given access to these platforms. There are some alternatives to passwords, most notably biometric sensors such as Apple's facial recognition or Clear's retina scanner and fingerprint pads. I love these when they work. But most laptops aren't equipped with these sensors and they can also be frustrating (watch people try to pay with Apple Pay while wearing a mask).
So, username/password combinations are the most common way to access restricted sites and apps. In recent years, most banks and financial services companies have also added two-factor authentication (2FA). This sends a text or email to the authorized address with an additional code that the user must enter to access the site. The logic is that a hacker who may have gotten access to the username/password combination through a data breach would be unlikely to also have access to the mobile phone or email mailbox of the user. I understand why 2FA is needed but I can tell you from experience that it adds very high level of frustration to older users who have to toggle back and forth between devices.
Password Management Options
Pen and Paper
It might be a little counterintuitive, but pen and paper is actually not a horrible way to manage passwords for elders. First, it uses a mechanism with which they are familiar and may be more likely to actually use. Second, it is shielded from online scammers. The downside is, of course, that it may be discovered by someone in the house (possibly an intruder but, more likely, a relative, "friend" or somebody working in the home). But that risk can be mitigated by storing the notebook in a safe, inaccessible place.
Digital repository
This could be something as simple as a spreadsheet or a Word document (preferably password protected). One advantage to this approach is that it could be saved on a USB drive and not accessible from the Internet. Another is that a copy of that USB drive could be shared with a trusted friend, relative, attorney or fiduciary.
Both of the methods above do require manual updating of new passwords as needed. This happens more frequently than you might think. Users create new accounts on new sites fairly often. And existing sites sometimes require users to change their passwords periodically for security reasons. If your elder is not diligent about updating their password information it will quickly become out of date. I have seen client notebooks with more than a dozen previous passwords scratched out, until they finally gave up tracking.
Browser
All major browsers now offer the option to save passwords. I've found that these can be hit-or-miss. They also require the user to be logged into the browser, so it requires remembering (or sharing) at least one username/password combination. They also do not work across mobile apps, only within the selected web browser.
Password Manager
I'll tip my hand and say that password managers are my preferred method of managing passwords for my relatives and clients. They work across browsers (with plug-ins) and mobile apps. They allow storing additional notes. They automatically update when the user changes passwords on a site (when, for example, a site forces the user to change passwords after a certain amount of time or because there was a data breach). They allow multiple accounts per platform (for example, I have multiple accounts with Fidelity and each is accessed with a different username and password). The user only has to remember one username/password combination and can share that information with a trusted relative or professional advisor.
There are a number of well-established password managers in the market. I tend to use LastPass because I like its interface and because the free level of subscription works well (although I've found that the paid versions do add some useful functionality). However, I know that 1Password, Enpass and Dashlane also have their advocates.
Which of the above methods is best for you will depend on what you find important and, perhaps most importantly, which your elder relative or client will actually use.