We hope our blog will help you with your IT questions

medical

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.

The Importance of Credentials

Posted by on in Information Security
  • Font size: Larger Smaller
  • Hits: 126
  • Subscribe to this entry
  • Print

Most of us have dozens of credentials which we use unconsciously…to log into our business network, to check Facebook, payroll, accounting, encrypted email, Dropbox…the list seems endless. But we log in so automatically that we tend to forget what those credentials are protecting. 

 

Access credentials are a critically important piece of information infrastructure, and in many cases they are one of the ONLY things which separate our critical data from the Internet (and unwanted access by third parties). So let’s play a little game…we’ll ask you for a list of the things you would do with credentials IF YOU ABSOLUTELY WANTED SOMEONE ELSE TO GAIN ACCESS TO YOUR SENSITIVE INFORMATION. 

  • Use a simple password such as password123 
  • Use a short password 
  • Never change your password 
  • Use a password with your name, a child’s name, your address, or your phone number 
  • Place your password on a sticky note and tape it to your monitor, or to be really secure, tape it under your keyboard 
  • Use the same password for Facebook and your accounting, payroll, or tax accounts…or for that matter use the same password for 30 or 40 different accounts 
  • Keep your password in a note on your phone (which is probably not encrypted, nor is it set with a passcode) 

 

You get the point. So let’s start to fix this… 

  • Assemble a written list of all your credentials – it will need to go in your safe between uses 
  • Mark the credentials which are business critical…these are the ones that if a malicious outsider carefully used them, they could make your life miserable. Think accounting, banking, payroll, taxes, sensitive cloud storage, backups, etc. Make sure that these are changed at least 2-3 times per year, minimum. Make sure that they are changed in the event of any significant staffing change 
  • Try the habit of using a passphrase which is complex, i.e. upper case, lower case, numbers, and special characters, and which is strong (over 8 characters) 

 

Examples: 

If I love my dog:  iL0V3MyD0G 

If I hunt:  iLiKe2BL@$TPeskyW@bb1t$ 

 

The key is to use multiple words, associate them with something important to you (to make it easy to remember), and substitute special characters or change letter case in a consistent way (consonants can be caps, vowels lower-case for example). 

  • For unimportant accounts such as Instagram or Facebook usually credentials are not as big an issue 
  • Change your passwords on a regular basis 
  • Remember to NOT use consistent credentials for important accounts. If your Facebook account is the same as your payroll account, if FB is compromised, so are you. 
  • Protect your credentials list carefully, ensure that others cannot access it electronically.
0