According to Splashdata, the #1 and #2 most commonly used passwords are “123456” and “password,” so the creation of strong passwords is one way that users can be proactive in fighting security breaches. Since passwords are the core of an overall security plan, here are my favorite password-related tips. When using a managed service provider, it’s just as critical to follow these guidelines because any time data travels to a third party, it can become more vulnerable.
PASSWORD TIP 1
Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and symbols. Make sure the password length is longer than eight characters – Microsoft recommends at least 14 characters. Don’t use common or uncommon words from the dictionary or real names. Don’t spell your name backwards, use words with common spelling errors, or repeated sequences of the same numbers or letters. Create a phrase or sentence. If you are curious how strong your password is, check it out at How Secure Is My Password or use the Microsoft Password Checker. You can also learn how your password stacks up with the Password Strength Checker – this site evaluates the strength of your upper and lower case letters, numbers, symbols, etc.
PASSWORD TIP 2
Create a different password for each website you use or wherever you access your data. Don’t use the same password for Facebook, Twitter, LinkedIn, Google+/YouTube, Pinterest, Instagram, etc., because if someone gains access to one account, the hacker could then gain access to all of your social networking sites – contact information, photos, family member names, etc. Also, if you use passwords to access online banking, medical data, or other confidential information, create unique passwords to access each site.
PASSWORD TIP 3
If you don’t want to remember your passwords because they are too long and complex (hopefully), or if you would like an online site to generate passwords for you, check out LastPass. With LastPass, you will only need to remember one master password to log onto the site. LastPass automatically saves your log-ins and passwords for all sites that you visit – after you enter them both the first time, they are saved and encrypted in LastPass. Once you return to the website, LastPass will enter your password and user name automatically, which will serve as protection against keyloggers (software that records keystrokes when a user logs on to a specific website with the intent to steal information). There is a free version as well as a premium version – and the download is available for Windows, Mac, and Linux. While there have been security breaches on LastPass, LastPass remains the leader in the web password manager space.
PASSWORD TIP 4
If you store important documents on your home computer with bank account information, tax information, and social security numbers, make sure to add a password to them. If your computer ever gets stolen, the passwords will add another layer of security to your information.
PASSWORD TIP 5
If you are asked security questions as an additional component of password creation, don’t use easy answers. For example, don’t use your birthday, spouse’s first name, mother’s maiden name, your car license plate, or city where you live. For many hackers and even those who know the right websites to search, these pieces of data can be easy to find.
PASSWORD TIP 6
Whenever you sign up on a new site or get assigned a new site to access, there is often a default password. Often, we are so busy that we forget to change the default password – not a good idea. Before you do anything on the site, go first to the settings area and create a new password.
PASSWORD TIP 7
Since most businesses require users to change their passwords every 90 days, changing your personal passwords several times a year is a good idea.
PASSWORD TIP 8
Always be sure to log off of the site that you’re accessing because bad guys can steal your passwords. Even if you close your browser, your visit is still active. Logging off from the site will immediately end your session on the site. While you should always delete your cookies, history, and cache, you can either manually do this or set your browser settings to automatically delete when you close your browser.
PASSWORD TIP 9
Don’t give your IT Department a heart attack and write your passwords on a Post-It note attached to your monitor, under your keyboard, in a drawer, etc. While this sounds obvious, people think no one will notice or that the note will just be placed on the screen for a few moments. If you do this, you are handing your data to a thief on a silver platter – don’t do it.
PASSWORD TIP 10
Does your business have a password policy? If your business is progressive, you will read and sign harassment, privacy, BYOD, and social media policies. But due to the importance of passwords, make friends with your IT department. Go the extra mile: always change passwords when asked and always set up your password according to company policy. If corporate policy allows, set up a screensaver to activate after a short period of inactivity to protect anything on the screen.
PASSWORD TIP 11
Don’t use your email address as a username (unless corporate policy dictates that you must) – and don’t make your password the same as your username. If you are accessing a business-owned account, then access is terminated once you leave your position. And if you use a personal email address, once you leave the position, the business has no way to access the account. Personal email addresses are easier to hack.
PASSWORD TIP 12
Don’t ever click on the “remember password” option in your browser. Unlike passwords saved in LastPass, they are not protected by encryption and are open for bad guys to see if they get ahold of your browser. To quote Dana Molina of SureTech, “If your device is ever stolen, you’ve just invited a thief into your home, removed their shoes, and given them a foot massage.”
Do you have a tip to add to the list?
Image Credit: digitalart via FreeDigitalPhotos.net.
This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.