Most of us have dozens of credentials which we use unconsciously…to log into our business network, to check Facebook, payroll, accounting, encrypted email, Dropbox…the list seems endless. But we log in so automatically that we tend to forget what those credentials are protecting.
Access credentials are a critically important piece of information infrastructure, and in many cases they are one of the ONLY things which separate our critical data from the Internet (and unwanted access by third parties). So let’s play a little game…we’ll ask you for a list of the things you would do with credentials IF YOU ABSOLUTELY WANTED SOMEONE ELSE TO GAIN ACCESS TO YOUR SENSITIVE INFORMATION.
- Use a simple password such as password123
- Use a short password
- Never change your password
- Use a password with your name, a child’s name, your address, or your phone number
- Place your password on a sticky note and tape it to your monitor, or to be really secure, tape it under your keyboard
- Use the same password for Facebook and your accounting, payroll, or tax accounts…or for that matter use the same password for 30 or 40 different accounts
- Keep your password in a note on your phone (which is probably not encrypted, nor is it set with a passcode)
You get the point. So let’s start to fix this…
- Assemble a written list of all your credentials – it will need to go in your safe between uses
- Mark the credentials which are business critical…these are the ones that if a malicious outsider carefully used them, they could make your life miserable. Think accounting, banking, payroll, taxes, sensitive cloud storage, backups, etc. Make sure that these are changed at least 2-3 times per year, minimum. Make sure that they are changed in the event of any significant staffing change
- Try the habit of using a passphrase which is complex, i.e. upper case, lower case, numbers, and special characters, and which is strong (over 8 characters)
If I love my dog: iL0V3MyD0G
If I hunt: iLiKe2BL@$TPeskyW@bb1t$
The key is to use multiple words, associate them with something important to you (to make it easy to remember), and substitute special characters or change letter case in a consistent way (consonants can be caps, vowels lower-case for example).
- For unimportant accounts such as Instagram or Facebook usually credentials are not as big an issue
- Change your passwords on a regular basis
- Remember to NOT use consistent credentials for important accounts. If your Facebook account is the same as your payroll account, if FB is compromised, so are you.
- Protect your credentials list carefully, ensure that others cannot access it electronically.