March 1, 2019

8 Password Security Tips to Keep Your Online Accounts Safe

What price are you willing to pay for protecting sensitive information?

Derek Szyszka

Is Your Business Protected?

Digital privacy is at the forefront of everyone’s mind and this topic poses a very import question – are your passwords strong enough? Gone are the days where the average user has a few simple accounts like email, Facebook, and online banking.

It’s not uncommon nowadays for businesses to have 50+ accounts with various companies and services that need to have shared access amongst their team. And when clients share private account information that also needs to be distributed, this poses additional challenges and the security stakes are even higher.

It’s time to start taking password security seriously for yourself, your business, and your customers.

1. Avoid Generic or Duplicate Passwords

It might be convenient to use 123456 or summer as your go-to password for new accounts, but are you willing to risk a security breach by trying to save a few seconds each time you log in? An article from Forbes reveals the most commonly used passwords in 2018. Here are the top 5:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345

This handy tool will simulate in real time how long it would take a computer to hack into an account with a weak password. Try adding numbers or special characters and see how it affects the password strength.

2. Password Managers

Password managers are tools that allow you to create incredibly secure passwords (we’re talking like 32 characters of a garbled mess secure 5aDAYFb9g6fOByHW8D72KbFXQ9RpjLx1) save them in an encrypted vault, and share them across all of your computers and devices. Most will even come with a browser extension that will automatically fill in your username and password when you visit a website. Amazing!

Password managers make it incredibly easy to make and keep track of unique, secure passwords for every site you have an account with. And while they have grown in popularity in recent years they are still not as widely used as they should be.

Once you have selected a password management service, created your account, and added your login details for all the sites you use. The idea is that you will only need to remember one single master password that will be used to get into your encrypted vault of passwords. Your master password could be as simple as the name of your favourite movie, combined with the year it came out, and a couple of special characters or capital letters mixed in. %Office$PaCe99, for example. Just make sure it’s completely unique (no other website you log in with should use this password), kept secure, and as an added layer of security, you can change your master password periodically as well.

Once your password manager account is set up, you’ll have the ability to randomly generate unique passwords for any new or existing accounts you have. If you currently use the same 2 or 3 passwords for most websites you’ll want to take the time to update the password at each website with a new (long, unique and secure) password. You can also organize your account info into categories like Clients, Personal, Finance, or any custom folder you choose.

As an added bonus, some password managers will even let you share access to specific sites, or folders of sites, with other users. Think about sharing the login details for things like online banking, shopping websites, utility providers, or even just Netflix with your significant other.
Companies and teams can use folders to ensure everyone has access to the accounts they use on a regular basis. New accounts or password changes will automatically be updated for everyone who has access to them and new employees can simply be added to the folders they need. If an employee leaves, their master account gets disabled and they no longer have access to any of the sites.

No more spreadsheets of accounts, hunting for login details, or resetting passwords and having to track down whoever set up the account originally… oh, that person doesn’t work here anymore and their email is no longer active. Perfect!

Wikipedia has a good breakdown of some of the major password managers and features they offer that you can find here. We use LastPass here at Reaction.

3. Virtual Private Networks (VPNs)

Every time you connect to the free WiFi at an airport, hotel or coffee shop, anything you do online, including the text you type with your keyboard, (like account usernames and passwords), can be monitored and recorded by a third-party… even another guest on the same Wi-Fi network.

For a small monthly charge, a VPN service provider encrypts and masks the IP address of the data sent between your computer or device and the network it’s connected to. If you frequently travel or use free Wi-Fi networks, this is an absolute must to look into.

Nord VPN has some great videos and blogs that highlight the benefits of VPNs if you would like to learn more.

4. Anti-Virus Software

Everyone at some point in their life will experience a virus creating annoying popups or unwanted browser extensions. But what about keystroke loggers that map your typing or malware that takes screenshots of your activity every minute?

You can’t always rely on your operating systems built in virus protection software to keep you safe. AVG offers a free version of its software that will actively monitor potential incoming threats but may require a paid subscription to remove any serious malicious software.

5. Two-Factor Authentication (TFA)

Many online platforms have built-in TFA and that would require any new or suspicious account logins to be authenticated a second time by a one-time use code sent via email or text message.

If you end up a victim of a security breach and someone gets ahold of your private account login information, setting up TFA adds an additional free layer of security.

6. What To Do If You Get Hacked

What do Target, Home Depot, Facebook, LinkedIn, and Twitter have in common? They have all had user data exposed due to holes in security being exploited. If you are using unique passwords for every website the hack should be isolated to just that one account or service provider.

Depending on the type of hack, you may want to consider a few of the following options:

  1. Contact your IT department or provider for guidance and support throughout the incident
  2. Open a support ticket with the service that was compromised
  3. Update your password
  4. Scan your computer for viruses
  5. Notify any staff or affected clients of the breach (if client account data was included in the breach, some proactive PR here is a must.)
  6. Keep watch of your financial or credit card accounts
  7. Export and delete any sensitive data from the account and create a new one
  8. Disconnect any partnered accounts – this is common for Facebook and Google

7. Do A Regular Audit

Whether it’s once a quarter or once a year, it’s never a bad idea to review some of your most used accounts so you can ensure the passwords are and will remain, secure. Here are a few things you should be looking for during an audit like this:

  1. Insecure or weak passwords
  2. Duplicate passwords
  3. Accounts registered to email addresses that are no longer active
  4. Active accounts with services you don’t use anymore
  5. Accounts that former employees may still have access to

8. Try Before You Buy

When researching password managers, VPNs, and anti-virus software, make sure to request a demo (if they have one) and learn as much as you can about the product so you can get the most value out of it. And don’t forget to do a quick Google search for promo codes – you can often find free trials to premium accounts or percentages off subscriptions.

WHAT DOES THIS ALL MEAN?

“Cybercrime is the greatest threat to every company in the world.” Ginni Rometty – CEO of IBM

Password protection is just the tip of the cybersecurity iceberg.

Don’t wait until it’s too late. Take a proactive approach to protect your personal, business, and client account information today to avoid costly and potentially irreversible damage in the future.