Editor’s note: This is a recurring post, regularly updated with the latest information.
This week, a fraudster hacked into someone else’s Marriott Bonvoy account and checked into a Residence Inn in Florida using pilfered Marriott points. While the Naples police arrested the perpetrator, it’s a wake-up call for us to safeguard our loyalty accounts.
And this isn’t the first time this has happened. Last year, another man lived in a Hampton Inn on stolen Hilton Honors points for three weeks.
If you participate in the points and miles hobby, you likely have dozens of online accounts to keep track of. Remembering all the passwords to your numerous bank accounts and loyalty accounts is essentially impossible.
So what do most people do? They make simple passwords or use the same one over and over again.
If you fit this bill, you’re making yourself an easy target for online crooks looking to steal your identity, swipe your points or gain access to your financial accounts.
Fortunately, there’s a solution for creating and managing dozens of passwords that are impossible to guess but also impossible to remember: a password manager.
This tool is a critical part of my points and miles strategy, so let me explain what it is, how it works and why you should start using it now.
What is a password manager, and how does it work?
A password manager does exactly what it sounds like: It manages your passwords. That means it can securely and safely store your numerous passwords, helping you access and use them when needed but preventing others from accessing them when they shouldn’t.
Here’s how Cybernews describes these tools:
“A password manager is a program that allows you to generate and store all your passwords in a safe location. … And so, instead of memorizing all the login information you use for each site, you only have to remember one master password.”
Password managers vary in their costs and features. However, to get the most out of a password manager, know upfront that you’ll probably pay something for it. The best features — including searching the dark web for leaks of your private information and sharing secure information with family members inside a “vault” — aren’t included in free versions. The vault is a good place to save things like credit card numbers, insurance policy information and scans of passports in case they get lost. That way, they’re available anytime you’re connected to a computer. And because these programs operate on military-grade encryption, keeping your information there is safe.
Password manager options
Many password managers are on popular shopping portals, so if you sign up, initiate your purchase through your preferred shopping portal.
LastPass (which I use and is one of the more well-known password managers) has a browser extension for multiple browser types, allowing you to log in to sites you’ve saved or update most passwords with just one click. LastPass also is quite easy to use, and the same features are available in the app. You can also store your credit card information securely for online payments and create secure notes, which is where I store details that my wife and a friend I’ve shared access with can find the necessary information in case of emergencies. Personal and family plans range from free to $4 per month.
Dashlane is known for many extras and great security, though it also comes at a higher price (the free version is very limited). You’ll enjoy extras like two-factor authentication, sharing passwords securely with others and more. Personal and family plans range from free to $8.99 per month.
Bitwarden isn’t great for iOS, but Windows users will love the security. Its two-factor authentication is easy and adds extra security without breaking the bank. Plans range from free to $40 per year.
McAfee True Key comes from the same company you recognize from antivirus software. This password manager is an option with minimal features that’s compatible with most browsers. There’s a free basic plan that includes 15 passwords. True Key costs $19.99 per year for unlimited passwords unless you have McAfee Total Protection ($109.99 annually).
KeePassXC is ideal for those seeking a free, open-source option. It has good features but can be frustrating for anyone without advanced computer skills.
Meanwhile, 1Password has an easy-to-use website, but the browser extension is tricky. The key perk is the ability to create virtual credit cards for use when shopping online. Individual plans cost $2.99 per month, while family plans cost $4.99.
You can read reviews and comparisons of these plus other options at CNET (which is part of TPG’s parent company, Red Ventures).
Why you should be using a password manager
The problem with online security is that the best passwords are those a computer or a hacker cannot guess, often making them difficult to remember. Compounding this issue is the sheer number of online accounts the typical consumer has today.
There are two main roadblocks when it comes to the adoption of a password manager:
- Many travelers don’t know that these services exist.
- Many others think they will be cost-prohibitive.
In either case, this often leads to exceedingly risky choices — like using the same password for every account or creating passwords that are easy to remember. The 2017 Equifax data breach came from the company using the password “admin” on multiple platforms.
Consider just how many accounts you have right now that could be susceptible to fraud. Between your airline and hotel loyalty accounts, credit cards, bank accounts, streaming sites, Amazon, utilities and even your local library, you have a lot of passwords. And if any of these get hacked, you may lose some significant value.
Storing them in a password manager gives you strong passwords unique to each online site. Since you’re using different passwords, anyone who gains access to your American Airlines AAdvantage account won’t automatically have the password to your Capital One account. And because most password managers can evaluate the strength of your passwords or even suggest passwords when you update them or sign up for an account for the first time, these tools can lead to even more security.
For example, I just opened my LastPass account and navigated to the section that generates secure passwords. I asked for one that was 20 characters in length (using uppercase letters, lowercase letters, numbers and symbols), and this was the result: 3FIr50&8cq7LfC6@rdW@.
I’d have no chance of remembering that password on my own — but LastPass will store it for me.
Why a password manager is critical for me
Keeping my points and miles safe and protecting my credit card information is essential. However, I don’t check every online account I have daily or even weekly. This means a crook could have a decent amount of time to wreak havoc in some of these accounts before I notice.
Having a strong password (and changing it regularly) provides extra security for me on the internet to reduce these risks.
I also love that my password manager will alert me if any accounts are at risk. Maybe it’s been too long since I changed a password, or maybe one of them is too similar to another. I’ve also been informed when an existing password is simply too weak.
For any of these situations, password managers can help you change your login with just one click.
I would much rather set up and use a password manager than do the work required to report bank fraud, fight to get lost airline miles back or deal with a stolen identity. Since I have so many online accounts, I can’t remember all my passwords. I prefer to trust a secure source to help me make and store strong passwords — and then help me use them when needed.
Note that there are other layers to keeping your information secure — such as enabling two-factor authentication and allowing fraud alert communications on your most important accounts.
Related: How I learned that my credit card number was stolen
I’m a big fan of password managers. They help you access your passwords to streamline the login process but also keep them away from prying eyes through military-grade encryption. Since your passwords are saved, you don’t have to worry about remembering them, which (in turn) allows you to make stronger passwords that aren’t repeated across the dozens of online accounts you have. It also does away with the need to write them down in an unsafe location — like next to your computer or in your wallet.
I see a password manager as an essential part of my points and miles strategy. It ensures that my personal information isn’t compromised across the dozens of online accounts I have, keeping my rewards intact for my own use.
Additional reporting by Kyle Olsen.