Better Password Security

We all do it. Even when our web browsers prompt us to use the strong password they’ve created when setting up a new account, we feel the urge to type in the password we use for just about everything else. It’s so much easier to remember that way.

But now that we’re all working remotely, we take our workplace’s sensitive data home with us through the cloud. Suddenly, having your Internet connection and go-to password compromised has much more dire consequences. 77% of all cloud account data breaches are due to compromised passwords. Passwords give hackers the easiest path to account data and resources, enabling them to bypass any account security meant to keep them out.

Practicing bad password habits is like leaving the door to your house wide open for anyone to come in and take a look around. These habits include:

• Using short passwords
• Using easy-hack-passwords
• Reusing the same password across multiple devices or accounts
• Saving passwords in non-secure places
• Sharing passwords with coworkers
• Not using multi-factor authentication with passwords

And once the hacker’s in your cloud’s metaphorical house, they’ll wreak havoc. If one cybercriminal gains access to your Microsoft or QuickBooks Online Account, they can do so much damage. An unauthorized account takeover could mean:

• Stolen sensitive data
• Phishing messages sent from your company’s domain
• Reconfigured cloud security settings
• Ransomware infection of your cloud storage
• Forwarded private emails
• New users added or important users removed
• Stolen credit card or bank account information

And the list goes on. It sounds like a horror movie, doesn’t it? 

While you may want to still use your tried-and-true password for your J. Crew shopping account, it’s not a risk you or your employees should take when it comes to sensitive business information. 

Let’s look at some of the things we can do to improve password security.

• Use at Least 7-10 Characters
  • Don’t make your password too short because the shorter it is, the easier it will be for people to guess what it is. Most account creators require at least eight characters, but the longer you can make it, the more secure it will be.
• Use a Mixture of Letters, Numbers, and Symbols
  • Instead of sticking to a single word as your password, it’s best to throw in some numbers and symbols as well. Grammar rules don’t matter in passwords, so sprinkle in “?,” “!,” “@,” and “&” wherever you’d like. 
• Don’t Use Personally Identifiable Information
  • That includes your name, your spouse’s name, your kids’ names, your dogs’ names, the street you live on, etc.
• Use a Password Generator
  • If you’re not sure what to use for your password, you can use one of the many password generators online.
• Store Your Passwords Securely
  • Places you should NOT store passwords include:
    • Sticky notes
    • Unprotected Excel Sheets or Word Docs
    • Public Trello
    • The notes app on your phone
  • Safe places you can store your passwords include:
    • Your Browser (if it has a strong password)
    • Password Manager
• Don’t Share Passwords with Others
• Use a Business Password Manager
• Use Multi-Factor Authentication with Your Logins
  • One of the best safeguards you can have for account security is to use multi-factor authentication (MFA) in addition to a strong password. According to Microsoft, MFA can block 99.9% of all attempted fraudulent sign-in attempts. Apps like DUO or email/message codes can make a significant difference in keeping your company data secure.