Compromised password emails abound these days. I'm sure you've seen them..."your account has been compromised...I know your password...send money."
Many of my clients ask how could this happen? Well, data breaches are dismayingly common. If you've been using the same password for multiple website/services, you are at risk personally and in your business.
Here are some good tips that you've probably heard before:
- never re-use passwords
- don't use common passwords such as "password" and 1234.
- make your passwords long, mix alpha case, numbers and symbols when permitted
- change passwords often
I know what you're thinking: OK, these are great tips, but how realistic is this really? My answer: not realistic at all. This could mean remembering thousands of passwords. That leads to my next recommendation: purchase/subscribe to password keeper software.
I recently attended a seminar which focused on three different password keepers: Keepass, LastPass and RoboForm. All had similar features and functionality. I personally use LastPass and find its features to be robust and easy to use. One differentiator of Keepass is that your password vault is not online - your data is stored locally. These password keepers have other features too such as the ability to hold your credit card information and pop that into web forms, storage for other sensitive information like passport or driver's license numbers, and most can be used from multiple devices like mobile phones, tablets and PC/Mac computers so you can have your passwords everywhere you need them.
Now, having strong, unique passwords is a step in the right direction. However, if you want to be even more secure, you'll want to look into multifactor authentication. You may have heard of multifactor authentication, and your company may have instituted this practice. If you haven't, then it's definitely something you should be aware of and even moving toward if you want to increase your security.
Typically, multifactor authentication consists of a combination of 3 things: (1) something you know (like a password or PIN), (2) something you are (like a fingerprint or iris); and (3) something you have (this could be a YubiKey or an app on your phone (note: LastPass comes with an Authenticator app and Microsoft and Google offer their own). Location and time are two other elements that could be considered factors.
Following the above password suggestions is the least of what you should be doing to protect yourself and your data. MFA is the next level. When computers and websites are set up to require MFA, you make it harder for the bad actors to access your data and steal your credentials.
What to do next:
- Check into a password manager. LastPass has a free tier that you can sign up for here.
- Look into getting an MFA app - LastPass includes an authenticator app. You can also get one from Microsoft here.
- Once you have one or both of these, start cleaning up your passwords and set up 2FA (two-factor authentication) on commonly used sites such as Twitter, Facebook and banking sites. A list of sites that accept 2FA are listed here.
Reach out to us if you need assistance or have questions.