How To Keep Your Business Passwords Secure
Long gone are the days when you only had a handful of passwords. Everything’s online now. And everyone wants you to sign up or log in.
You could use one very strong password across all your websites (which I would NOT recommend). But what about the misguided website that only allows a 20 character password? Then you’re creating a different password for just that one.
Then you come across a website that won’t allow a special character you use. Now you need to make a different password. And on and on it goes.
What happens when password data gets leaked from a site? That one strong password won’t help you anymore. It’s now freely available across the web and linked with your email address.
What about updating your secure password(s)? If you’re like me, you have hundreds of site logins. What if one of them gets breached (hackers get your data and share or sell it to the highest bidder)? Which they likely will at some point… Now you have to update ALL your other website logins.
Let’s pretend we live in a safer world and nothing gets breached. You still need to update all your passwords at least once a year. Preferably every 6 months or so.
You can’t be secure and keep track of all your passwords on your own anymore. It’s just too hard.
So What Can You Do?
You can get a password manager. I recommend this for every individual and business nowadays.
Disclaimer: I’m not going to suggest any one password manager over another. There are plenty of options if you search “password manager” and there’s plenty of reviews as well. Pick what works best for your situation.
A password manager is an app and/or service. You set up a username and a VERY strong master password (see section below). Then you can store website logins, secure notes, images, and pretty much any data you want to keep secure in your “vault”*.
(Remember - nothing is unhackable. Anything can be breached so think about the pros and cons for your situation when storing data anywhere.*)
I even like to store my fake answers to security questions that many websites require. I store them in my password manager so I don’t have to remember the answers. Using fake answers, it’s harder for someone to look through my social media presence to find the actual answers and hack into my account.
All your info should be encrypted. I can’t think of a password manager that wouldn’t do this, but check that they do first. If there’s a data breach, your information should be encrypted* and look like gibberish.
(Encryption doesn’t mean your data can’t be hacked. Just that it’s harder to hack.*)
A good password manager should work on multiple devices (though this is likely for a fee) like your laptop, tablet, and phone.
It should also have a browser extension* that gets updated fairly regularly. The extension can automatically fill in your log in data. This saves you time and also ensures that you’re on the correct, legitimate website (a common phishing tactic).
(When you find the browser extension for your password manager, make sure it’s the right one. It should have a link to the company website, should have lots of reviews, and should be updated regularly*).
Creating A Secure Master Password
The EFF (Electronic Freedom Foundation) has great tips on creating a secure password.
They recommend using dice and a word list. You just need 5 dice and their word list to create a strong passphrase.
Only write down your passphrase if you can store it safely or only until you’ve memorized it. If you forget it, it can be extremely hard to access your password manager account.
Sharing With Teams
Now that you have all your passwords safely stored - you can share them with your team.
A good password manager will allow you to share what you want with whom you want (likely for a fee).
This is helpful if you have employees. It’s so helpful, you should teach them about password security first. Show them how to set up their own individual account and how to use a password manager effectively. Employees are a common source of targeted hacks. Training them on security can help prevent attacks on your business.
You can also use the password manager when you work with a contractor or other business. If you work with a marketing firm, easily share your social media credentials without them seeing any passwords. They can still log in and set up a marketing campaign for you.
If you think any account may have been compromised (there’s a data breach or just weird things going on), change the password immediately. Ensure it has been updated in the password manager and everyone on your team will be updated as well.
Wrap It Up
These are just some basics about password managers. I highly recommend doing a little research on your own. They won’t be the best solution for everyone. But I do think it’s the best solution for most individuals and small businesses.
Give it a try today!