Why Password Management Is Important
In the course of my 20-year career, I’ve met people of all different backgrounds and business types. Most people consider technology an essential part of their day-to-day. Many people also have a love-hate relationship with technology.
The one thing I’ve seen again and again throughout my career – people have terrible passwords.
We often use the same password again and again.
I get it. We are in a hurry, we just want to create the account and move on.
Others keep the same password for years at a time.
Password Management: Too Important to Ignore
It’s so easy to forget the last time you changed a password. With over 100 passwords, I let password management software remember and change my passwords.
And yet, managing your passwords needs to be a top priority – especially for small businesses. I put it right up there with security patches. It’s an important component to your overall data security.
Is it a pain? Yes.
Is it essential? Absolutely.
Most small businesses and nonprofits can’t recover quickly from a data breach or a hack. Businesses usually can’t afford to be down for a few hours, days, or weeks.
Few things are more devastating to a small business than losing its credibility – particularly considering its smaller customer base and limited resources. Nothing breaks customer trust like having to tell your customers their data was passed along to cyber criminals. Or, telling your customers that a hacker wiped everything out and they need to provide their information again.
Data Breaches: A Real Problem
Unfortunately, data breaches are here to stay. So far in 2016, there have been 657 known data breaches exposing over 26.8 million records (Source: ID Theft Center). It’s estimated that every day 30,000 websites are infected with malware which can threaten not only business data but also customer information.
If your credit card company mysteriously sends you a new card or you receive an email from a company urging you to change your password (e.g., Dropbox), chances are your information is among the millions of records released into the public domain – with or without your knowledge.
Although technology issues may be cleared up in hours, it could take months to recover lost revenues. Almost 90% of businesses close after a data breach.
Although there are many steps to comprehensively protecting your confidential and sensitive information, password management is a significant and manageable step every organization can take.
Here are a few proactive things you can do to boost your password protection:
#1 Take a look at your passwords
How complicated are your passwords?
“It takes only 10 minutes to crack a lowercase password that is 6 characters long” Stopthehacker.com.
Make it your goal to frustrate criminals. Every password should be:
- Include upper and lower case letters, numbers, and a special character (e.g., !, #, ?)
- Be at least 10 characters long (preferably 15 characters)
- Not easy to guess (e.g., don’t use “password”, your account username, birthday, or address); and
- Changed at least every 6 months
Cyber criminals are looking for the easy mark. A recent survey found 67% of millennials use passwords like “password”, “1234”, or their username or birthday (all big password no-no’s).
There are plenty of easy targets out there. Don’t be an easy mark.
Cyber criminals use sophisticated software to crack passwords. If you use the same password for multiple accounts, it’s like leaving your keys on the front porch. Maybe no one will unlock the front door, empty all of your belongings into the back of your car and drive off. … but I’m guessing you don’t leave your keys on the front porch. With passwords, the stakes are higher because your digital front porch is globally accessible.
One of my favorite articles about passwords (I can’t believe I just said that out loud) is called How a Password Changed My Life.
It puts a new spin on creating passwords. The author created passwords connected to personal goals and mantras that helped him quit smoking and save money for a trip to Thailand. It sounds funny, but some passwords are typed in several times a day and if you’re saying it to yourself as you type it, those goals become your reality. When it’s time to change your password, you pick a new goal.
Another approach would be if you have a hobby or interest that could generate several unique passwords. For example, a movie buff might know that Samuel L. Jackson has 165 acting credits. Each password could be the name of a film, the year, and a special character. Boom. Done.
Because we all tend to use the same patterns for creating secure passwords, the most secure password protections is to use random, long passwords. This is the method I use.
#2 Who has access?
Unfortunately, your small business data is only as strong as its weakest link.
Who has access to your most important assets including finances, customer data, website(s), etc.? There are several possible vulnerabilities to consider:
- Former employees
- Tax preparers
- Web developers
- Shared web hosting – multiple users logging into the same web server
- Social media managers
- Shared folders/files on Google Drive, Microsoft OneDrive, iCloud, Dropbox, etc.
Changing your personal passwords may not be enough. You might find after some careful reflection that a lot of people have access to your small business information. It’s likely that you’ll need to create a plan of action to ensure as few people as possible have access to your sensitive business information.
#3 Password Management (and how password managers work)
I’m an example of a provider that has access to small business information and accounts. I create websites that require me to have an administrator role for the websites I support. I also manage client webmaster tools and analytics that are connected to Google and Bing (Microsoft) accounts.
Every client should be asking me how I am protecting their information. You should ask your providers too.
I use a password manager to encrypt, store, and create secure passwords for my clients, my business, and my personal accounts. It costs me $12/year, syncs on all of my devices, and I’ve enabled two-factor authentication, which means I approve or deny each login into my password manager software.
You aren’t fooling anybody if you have your computer password written on a post-it note hidden under your keyboard.
I’ve seen that “trick” dozens of times. If you have your passwords written down on a piece of paper and “hidden” somewhere, it’s easy to lose (and for others to find).
Password managers are secure databases that hold all of the websites, usernames, passwords, and secure notes (e.g., WIFI passwords) in an encrypted format on a secure server. Your password “vault” is unlocked with a master password – which is the only password you will need to remember.
A good password manager not only stores your passwords but also creates reports to review the strength of your passwords, and generates random secure passwords. I use LastPass because it works seamlessly with mobile and desktop applications. LastPass offers a free version. The password reporting feature helps you review duplicate/weak/old passwords, potentially compromised accounts, and overall password strength.
I recommend checking out a couple of the top-rated password managers (e.g., LastPass, Dashlane, Sticky Password) – look for ease of use and whether it includes the features you need (e.g., password sharing, mobile integration, desktop applications, password strength reports, password management for businesses with employees, etc.). Go with an established, well-respected provider that does not store your master password – you should be the only person with your master password.
I wish I could say there aren’t any bad guys out there that want to steal your information. I hope this post helps you to take action. Ask questions, take control of who has access to your information, and find a method to manage your passwords.
It’s your information – protect it.