This post is part of our Nonprofit's Guide to Online Safety series.
As more of our work lives take place online, chances are the number of digital accounts and tools needed to get work done is growing. With new accounts comes the need to create (and remember!) strong passwords. In today’s post, we take a look at some tried and true best practices to help you protect sensitive information and enhance the safety of your passwords.
Think of Passwords as Your Passport
Passwords are an essential part of being active online. Much like a passport, they grant entry to the countless platforms you rely on everyday in order to work, connect with colleagues and friends, buy supplies, be entertained and, of course, access your personal devices. Using a strong password is therefore essential to keeping your information safe and preventing hacking attempts. At the same time, many of us still rely on the use of a single password (or limited set of passwords) to be repurposed from account to account. This may seem like a convenient solution to remembering passwords, especially when shared among team members, yet it can unleash a series of consequences that can be dangerous and quite costly to repair if access to accounts becomes compromised.
This video by Vox, Why You Should Stop Memorizing Your Password, offers compelling arguments in favour of switching to more secure password practices. Check it out!
How to Strengthen Your Passwords
Below are some suggestions for protecting your accounts and creating safe log-in credentials:
- Make it strong: in order to be strong, passwords should be long and unpredictable, containing a mix of numbers, letters, and symbols. Consider using a passphrase consisting of four to five words, as it can sometimes be more secure than a random generated password.
- Make it unique: rather than repurposing or recycling passwords, create ones that are unique to each account. In the event of a password leak, this will protect your other accounts from unwanted access by hackers.
- Review and change your existing passwords: with this information in mind, taking the time to review and update your current passwords is a great way to protect your organization against potential cyberattacks and other forms of data misuse. You could also consider formalizing this policy into a yearly audit, sharing updates and new practices with your team as it evolves.
- Be mindful of browser-based password managers: Popular browsers like Chrome, Firefox and Safari have integrated password managers that store log-in informations and auto-fill it at the time of access. However, this means that anyone using your computer will be able to access your accounts unless you encrypt your computer’s hard drive and/or have two-factor authentication enabled (more on that in the next section).
Tools & Strategies To Keep Your Accounts Safe
Two Step Authentication
In addition to creating a strong password, you can enable two-step authentication (also known as 2FA for short) to protect your data even further. 2FA is an extra layer of security that verifies that only authorized users can gain entry into any account. The first step, of course, is inputting your profile information (typically your username and password). Instead of immediately gaining entry, however, the second step kicks in by asking you to verify your identity by providing an additional piece of information. This could be anything from a personal identification number (PIN), an answer to a ‘secret question’, or a unique one-time passcode (OTP) via text message or email. 2FA can also happen via push notifications, meaning that instead of receiving an OTP by text or email, websites and apps will send a push notification to your phone to notify you of an attempted login. From there, you can approve or deny access simply by tapping on the notification. Watch this video to learn more about how 2FA works:
If your organization handles several online profiles, think anything from social media to online banking, then setting up a password manager can be a great way to generate strong passwords that you can remember.
Password managers work by storing the log-in information for all of your online accounts, and can also generate unique strong passwords for each of them. All of these passwords are then encrypted, and can only be accessed by inputting a master password (the only one you will need to remember!) The extra advantage of using a password managing tool is that, if you are logged into the software, it will automatically fill your log-in information when visiting your account’s platforms, thus saving you the need to remember which email address, username and password is associated with them. Even better, password managers can store other types of sensitive data, such as credit card numbers or secure notes. They are also helpful in protecting against phishing. Since they can auto-fill information based on your stored log-in information, if you notice that the autofill is not happening, this may be a sign that you have been directed to a malicious URL.
Popular password managers include 1Password, LastPass or the open-source Bitwarden. Last Pass, for example, is a cloud-based password manager with extensions, mobile apps, and even desktop apps for all the browsers and operating systems you could want. It’s extremely powerful and even offers a variety of two-factor authentication options so you can ensure no one else can log into your password vault. After installing a password manager, you will likely want to start changing your website passwords to more secure ones. LastPass offers the LastPass Security Challenge, which identifies the weak and duplicate passwords you should focus on changing. Users who prefer an offline password management tool may be interested in KeePass.
- Why You Need a Password Manager. Yes, You. (New York Times)
- How to Test Password Strength Using These Free Tools (Tech Radar)
- A Look at Password Security, a 5-part series by Mozilla (access the full suite of articles here)
- How to Set Up Two-Factor Authentication on All Your Online Accounts (Verge)
- The Best Password Managers for 2020 (PC Mag)