15 October 2014

Tips for protecting your business passwords

With online security breaches becoming all-too-common, here are some tips for protecting your business by creating unique, strong passwords.

There seem to be an increasing number of online security breaches these days, with the likes of eBay, Tesco and Adobe all suffering at the hands of hackers in the past year. Just this week, hackers claim to have stolen the login details of almost 7 million Dropbox users.  While Dropbox has denied the security breach, it’s a stark reminder of the importance of using unique, secure passwords.

Most small businesses won’t have a sophisticated IT system or detailed knowledge of IT security, but there are simple steps you can take to prevent your data being stolen and misused. One of the easiest is to make sure you have strong passwords for all the software and online services you use for your business.

Weak passwords and reused passwords are two of the main ways hackers can get access to your accounts. Once they have this, they could cause misery by buying products with your company’s money or taking out loans by pretending to be your business.  

Tips for good passwords

Most people know they should have a stronger password, but there is often a trade-off between creating a password that’s strong enough and one you’ll remember easily. Using ‘password’ or ‘123456’ are obviously not secure, but it’s surprising just how many people use these.

Your password should not be something that others can guess easily, but memorable enough for you to remember it.  Most experts agree on the following:

  • Create a unique password for each account. If you reuse a password, even if it is relatively strong, if it’s compromised, all your accounts will be. Even variations of passwords are not advisable, because if one account is hacked, it’ll be easier to crack others that use an almost identical password.
  • Don’t use personal information such as your birthday or name within your password
  • Don’t use whole words or sentences that are easy to guess, such as ‘letmein’.
  • In general, the longer your password, the harder it is to break, so make sure it’s longer than 6 characters.
  • Use a mixture of upper and lower case letters, numbers and special characters. Don’t just substitute the vowels for numbers – this has become fairly common and therefore is relatively easy to guess.
  • Change your password frequently and ensure any staff you have to do the same.
  • Use two-step verification where you can, as this is essentially another layer of security. However, if you’re going to use this, do make sure you have the correct information listed.

Ideas for creating memorable, strong passwords include condensing a sentence or line of a song you’ll remember, using the first letter of each word. Another suggestion is to use information that’s near where you work, such as a serial number.

There are also tools to help you check the strength of your passwords, such as How Secure Is My Password? Many websites also now have added security, only allowing passwords with a minimum degree of difficulty such as a mixture of letters and numbers and indicating the strength of your password.

How to keep track of all your passwords

Given the number of online services and software applications designed for business use, it’s now common to have to log into multiple applications each day in the course of an ordinary business day (not including all your personal user accounts). So how can you have tens of individual, strong passwords and manage to remember them all?

You could use password management software, such as LastPass or RoboForm. These save your passwords securely for you, taking the effort out of remembering your passwords. Some of these are free and others offer specific business subscriptions.

Alternatively, many browsers give you the option of saving your online passwords so that you don’t need to enter them each time. While this is convenient and reduces the number of passwords you need to remember, it does have its own risks – if your laptop was stolen, the thief could easily get access to this information.

A more old-school method is to have a hard copy of your passwords. Both have their own risks. While password managers claim they’re practically infallible, there have been instances where companies have been breached. Similarly, having a paper copy of your passwords means they’re available to anyone who finds them.

There’s no completely fool safe way to manage your passwords, but ensuring you have strong, individual passwords is definitely much safer than using the same, simple password for all of your accounts. Plus, don’t forget other online security steps, such as installing anti-virus software.