Last updated on August 22nd, 2020 at 09:37 am.
Your small business passwords could get stolen unless you lock them up in an easy to use password “vault.”
The most secure way to keep passwords is to remember them in your head. However, if you have dozens and dozens of passwords for everything you use in your daily life, you may need a way to store them securely.
Many people may just type their passwords into a simple text file on their computers or write their passwords on pieces of paper. Or some people use the same password for all their accounts. Hopefully it’s obvious why these ideas are very BAD for security. You must never do this for any accounts.
If you cannot remember all your user accounts and passwords, we recommend a password manager that is encrypted, transportable, and contains extra security features:
– Encrypted in that it’s not easy for anyone to break into the password database file to get all your passwords, even if it’s stolen.
– Transportable in that it allows you to install the password manager on any OS you want (Linux, Windows, Mac, mobile) in case you need to use it on other types of machines in the future.
– Extra security features as in it auto-closes/locks after so many minutes of not being used, auto-typing so contents don’t get saved in the copy-paste clipboard, and clearing the copy-paste clipboard after copying-pasting the password to another window.Home and Workplace Security Architecture Risk Assessment
If someone has many passwords, they may resort to the following bad practices:
- Use the same small business passwords for multiple accounts
- Have the computer’s web browser save the passwords
- Writing down passwords
If you use any of the practices above, we highly suggest you consider the following:
- If a person has multiple accounts with the same passwords and one account is broken into, then all that person’s account’s are essentially “broken”, as a cybercriminal can easily figure out what other common accounts a person has.
- Having the web browser save passwords may not be the best idea, especially if someone steals your device, or breaks into your computer, they would have access to your accounts.
- The oldest bad practice in the book is to write your password down. You’re compromised if the papers with the passwords are ever found.
Because of these issues, we recommend you commit all your passwords to memory OR you use a password manager. A password manager will create an encrypted database file that will be next to impossible for someone to break into unless you use a weak password for the database file. Then you can safely place this file on a home network share, your portable devices/laptops, or even in the public cloud if needed.
There are many choices for password managers. Among the most popular are:
- Password Safe
- And more…
Here is a thorough website that reviews some of the best password managers.
The one we have used for a while is called KeePass. It can work for Linux, Windows, Mac, and it has ports to Android, iOS, and BlackBerry mobile devices. There is no cost and this tool is very robust. It can visit websites and type passwords in for you!
This is what it generally looks like:
Most Password Managers have similar looks and functions to each other in which they encrypt a database of your usernames, passwords, and sometimes credit card numbers, etc. Others may have ways of sorting out your passwords to make them more manageable when browsing through the database.
Other important features can include:
- auto-closes/locks after so many minutes of not being used
- auto-typing so contents don’t get saved in the copy-paste clipboard
- clearing the copy-paste clipboard after copying-pasting the password to another window
- 2-Factor authentication (uses a text message, email, or some other means of providing additional authentication after you enter your password)
Regardless of what password manager you use, make sure you actually use it, and not revert to writing down your small business passwords in plain sight, whether on paper or in an unencrypted text file. If you do write down your passwork, get it to your password manager as soon as possible, then shred your password paperwork. And of course, don’t use the same password for multiple things- accounts online unfortunately get compromised often and cyber criminals already know that people use the same passwords for all their common accounts…
Comments and questions below are viewable and open to members only.