Despite the widespread knowledge that our identities and data may be easily compromised by our password habits, many of us are still making mistakes when it comes to how we generate passwords for our many online accounts. Many of us use easily guessed passwords with minor variations, we use the same passwords over and over, and we put our passwords in unsecure locations – like the sticky notes found on desks or word documents saved on our desktop. People who have bad password habits are at greater risk for having multiple accounts breached. If a hacker got a hold of your Facebook or email password – how many other accounts do you have that would be easily breached with that information? It’s important to think about the security of your passwords and storage methods before it happens to you. Cleaning up after a major breach can be both expensive and time consuming.
Our staff implemented a password management tool called LastPass last year, which has been valuable for generating and storing secure passwords. The shared folder structure helps us share common accounts with ease, instead of our old habit of passing around sticky notes with passwords. This service alerts us when a website has been breached and our passwords may have been exposed so we can change them, and tells us if we have weak passwords, or if we’ve used the same or similar passwords in multiple places. Last Pass has both a free, individual-based version and a fee per user Enterprise version, which allows an administrator to easily take over any account within the enterprise group in case a staff member ends their employment, so you don’t waste tons of time tracking down and resetting passwords for important accounts.
If you’re not using a password manager that generates and stores long and complex passwords, it’s important to practice at least some basic habits when managing your own passwords.
- Make sure the passwords you create are at least 12 characters long, if a website will allow it, and uses a combination of upper and lower case letters, numbers, and punctuation.
- Don’t use the same passwords in multiple places. If your password is discovered in one place, hackers will easily access other accounts that use the same login.
- Don’t use common words or sequences of letters or numbers in your password. For example, avoid using the word ‘password’ or ‘qwerty’ or ‘12345’ in your passwords. These are easily guessed.
- Use two-factor authentication where possible. This method will allow you to have a text message or email sent to you with a verification code to verify that the person trying to log into your account is actually you. While it takes an additional moment to get logged in, it increases the security of your account.
Lifehacker also has a great post about methods you can use to create passwords that are both secure and memorable.
Data & Technology Coordinator