I first wrote about passwords in 2011. What’s changed in the past seven years? What is important for you as a small business owner?
Use a Password Manager
Yes. Seven years ago I was on the fence about their effectiveness. I liked my method–a semi-encrypted text file that I would search through. It took me a few years but I now rely on one. Why? It helps me quickly search through the list and organizes not only the passwords but the myriad number of usernames I’ve accumulated. My text file was over 375 lines, it became unwieldy and difficult to efficiently find what I needed when I needed it. Are these managers secure and safe? While I have concerns over services that store data only in the cloud, they are probably than a post-it stuck to your monitor with a bold heading of “PASSWORDS!”.
See also:
- Get a Password Manager. No More Excuses (Wired, January 2018)
- The Five Best Password Managers (Lifehacker, August 2017)
- Some password-manager apps that store data centrally get it right (Macworld, April 2017)
Curious what I use? KeePass, an open source application.
Management without a manager
Ok, fine. You want to be stubborn and not use one? Please, at a minimum follow my suggestions from 2011.
TL;DR: three quick tips for manual passwords
- Create and unique passwords for everything, especially email and bank accounts.
- Make it long and use a mix of cases and add in a symbol when you can. Be careful when using words and dates, break up the order.
- Keep your software up-to-date!
See also:
- The Dynamics of Passwords (Sucuri, February 2015)
- 7 Password Experts on How to Lock Down Your Online Security (Wired, May 2016)
- Choosing and Protecting Passwords (US-CERT Security Tip (ST04-002) Last Revised October 2016)
What about my website? My employees & users need to log in!
This is why I push back on clients who want to require user accounts for ecommerce or other user interactions on their site. While security has evolved over the years, it is a large additional factor to manage for a site.
Three WordPress website password tips
- Limit user roles. If you have a VA draft your blog posts for you, they don’t need to be an Administrator, it’s probably best that they are a Contributor. Please don’t give them your username and password!
- Allow guest checkout. Yes there are many advantages in commerce for users to be loyal and have an account but if they really don’t want to make one they likely will either abandon their cart or make an easy (to guess/hack) password.
- Make sure you have a current SSL certificate installed and that your site is kept up-to-date!