Password security is one of many elements of our ongoing efforts to protect our customers’ data. But even though we have all heard many times how important password protection is, we still see basic password protection rules broken all the time.
So here is a quick refresher:
- Never write down your password on paper. Never stick a note with your password on it to your laptop keyboard, or tape it to your monitor, or hang it on your cubicle wall. Just don’t do it!
- Never keep passwords in a clear text (non-encrypted) file on your laptop, on a server, or on any storage device. Just don’t do it!
- Never make it easy for a hacker to guess your password by including the company name, vendor name, your name, server name, application name, department name, pet’s name, kid’s name, spouse’s name, birthday, anniversary, or any combination of the above. Substituting some symbols for letters, like P@yr0ll or S@l$sF0rce, is still not OK. Personal information is easy to find on the internet, and the symbol substitution won’t fool a good hacker. Just don’t do it!
- Never log on to anything while sharing your screen in a web meeting. A quick screenshot can be taken by anyone watching. Just don’t do it!
- Never send passwords to colleagues, clients, vendors, or anyone else in a non-encrypted email, or in a Slack message, Google chat, or any other “open” channel. Just don’t do it!
OK, so I told you what not to do. Now how can you cope with all the passwords you have to remember?
The approach that I use is to minimize the number of passwords that I have to remember by using a password store application (aka a password manager) like LastPass. This tool and others like it securely store many of my passwords, so I only need to remember the master password that opens my password store. All my other passwords are randomly generated, very strong passwords that I don’t even try to remember. My master password is a complex string of characters and numbers, but since it’s the only password I need to remember it’s not a problem.
One more thing: whenever it is offered, use two-factor authentication (2FA) for applications that really matter, like bank accounts. The extra step is simple with SMS and authentication apps, and well worth it for the significant extra protection 2FA offers.
So go ahead, protect your data—JUST DO IT!