Best Password Practices for Non-Technical People

 

Almost everything we do is connected to the internet. We manage our healthcare needs, pay bills, and have intimate social interaction via the internet. That's why it is especially important for you to do everything you can to protect your data. Often times, your password is the only thing stopping someone from accessing your email, laptop, phone, etc. With that said, do away with your collection of sticky notes and follow these six easy practices:

1. Create strong temporary passwords 

As tedious as it may seem, creating strong temporary passwords is an effective way to keep your information secure. You wouldn’t want anyone to access your personal information because you used an obvious password, such as “password” or “p@$$word.” You don't have to change your password every day, but consider switching it up every three to six months.

2. Use two-factor authentication

Use two-factor authentication (2FA) for everything. Two-factor authentication involves obtaining access to an account or service only after providing something you have and something you know. You use 2FA without even thinking about it. Using your credit and debit cards has long required a pin or zip code (something you know) and now requires a chip (something you have). Some online platforms require your password (something you know) and your phone (something you have) in order to verify a pin. These are all examples of 2FA, which are important for your safety. I look forward to the day when you have to go through 3FA.

3. Don't use the same security questions and passwords

This is an extremely helpful practice in the event that one of your accounts is hacked or leaked to the public. Someone may obtain the credentials to one account but become frustrated when the same credentials do not work elsewhere. It is also helpful to use bogus answers to your security questions. Nothing is more annoying to a hacker than irrelevant answers to a security question.

Question: What is your mother maiden name?
Answer: Lily Potter

4. Do not share your passwords and security questions

You would think this would be a no brainer, right? Well, I am here to tell you that it's not! I developed a tool for managing access to a collection of third party assessments. It was shocking to find out that by the second year, the vendors were creating shared mailboxes and granting everyone on the team access to them. This meant that the security questions and passwords were all the same. Don't share your passwords and security questions.

5. Don't use a browser's auto-populate feature

Probably the easiest way to have your passwords stolen is for you to allow your browser to store them. There may be an exception to this rule, but a browser has to put the password in "plaintext" when it auto-populates a password field. This means a kid with a first-grade education can reveal what your password is by simply using the browser to change the auto-populated password field to a text field. This has been the Achilles' heel to the auto-populate feature.

6. Use a password vault 

A password vault makes it easier for a person to manage passwords without having to remember them by heart. There are really only two types of vaults: public and private. The beauty of a password vault is that it helps you perform all the above-mentioned practices.

Cloud-based password vaults are publicly accessible online products for storing passwords. There are many different types of cloud-based password vaults on the market, but one of my favorites is Keeper Security. Keeper Security uses 2FA to make it difficult for hackers to access your account and passwords. It also allows you to control how others access the information in your password vault. 

For example, you can force everyone to use 2FA. Best of all, it allows you to copy and paste passwords during a presentation or when screen-sharing without having to reveal the password. No shoulder surfing here! Keeper Security has plenty of package options for individuals, families, and businesses.

There are also several private vaults. Private vaults are installed on a laptop or desktop and are not accessible via the internet. A product, such as KeePass, is a great private vault because it is effective but free. (I'm not sure why KeePass is free because it's the best in the business.) It has many of the same features as Keeper Security, except that it works as a single-person password vault. You can place it on a shared drive so others can access it, however, you would have to share the master password, which means you cannot limit the access of each person. This is arguably the only drawback to a KeePass vault.

———

Have any other tips that you would like to share? Any other methods for online security that worked for you or your business? Let us know in the comments below!

 
BusinessGuest User