Watch the news, especially the tech news, for any period of time and you’ll inevitably see something about a data breach. In fact, just recently Capitol One disclosed that they had a breach involving more than 100 million credit card holder’s information. Usually, these breaches involve customers personal information of some sort, and businesses go to great lengths to protect that information, and yet we see all the time that things can still happen.
Some businesses don’t collect personal information so they aren’t as stringent about some of their security, and others are so focused on protecting that information that other things can be overlooked. This is especially true when it comes to passwords. We’ve all heard, and told, the jokes about the person who uses the same password for everything or writes down their password on a post-it note that they stick to their monitor.
While everyone usually has an individual login for things such as email or their computer, a company will often share the same credentials for everyone on other enterprise software. Perhaps it is an editing software, or stock image service, an online meeting portal, or any number of other services. As more and more services have become cloud-based, this has become more and more common. So, how secure are your passwords?
First, let’s talk about the passwords themselves. Ideally your passwords should be alphanumeric (meaning they have both letters and numbers), and if the service allows they should also contain random characters such as #^$. This makes them as secure as possible. You should also put in the max number of characters as allowed by the service. Sometimes it may be 12, others, 16, others 24! The longer you make it, the more secure it becomes.
So, now that you have a bunch of really long passwords, how in the world do you keep them all straight? This is where a password manager comes in, and there are plenty of good ones out there. A password manager will do several things for you. It will allow you to store your passwords securely, generate random passwords, and more.
I have used LastPass for a few years now and love it. Not only can I organize my passwords and secure notes, but it is incredibly easy to generate new passwords and store them securely. They even have a mobile app so I can access (and copy) my passwords from anywhere, and all I have to do is remember one password. Another reason I love LastPass is a feature that your business may want to consider, and that is password sharing.
Instead of printing out passwords, writing them down on post-its, or texting them to a colleague, I can share the password with someone via email. When I share the password I have the ability to give them access to the account and I can control whether or not they can even see the password. This means they could have complete access to an account without ever knowing the login credentials. This becomes very practical from a business standpoint. Instead of creating a shared document or printing out passwords to each new hire, you can just grant them access. This gives your organization far more control over your passwords. They can have all the access they need to do their job, and you don’t have to worry about whether those passwords fall into the wrong hands, get copied or changed without you knowing, or becoming compromised.
In the interest of objectivity, it is worth noting that I focused on LastPass because it is the software I personally use. However, there are a number of quality password managers on the market and you should find one that fits your needs. Some other highly rated managers include Keeper, 1Password, and Dashlane.
Utilizing a password manager is a wonderful way to keep yourself and your organization as secure as possible with your online activity. At Rokusek, we’ve worked with several organizations to implement a password security system to help them keep control of their passwords. If you’d be interested in talking to us about this or something similar please contact us today to see how we can help you.