As Thursday 2nd of May is #WorldPasswordDay we thought it would be a great way to share some thoughts and opinions about how to organise passwords.
One of the most frequent problems we encounter as a managed service provider is users forgetting passwords. It’s not hard to see why.
Users can be overwhelmed by the number of passwords you have to manage. Let alone remembering to update and change them regularly. Like we have mentioned before in our password security blog.
Naturally, lots of users tend to store passwords by writing them down on a physical document.
This is not advisable and is incredibly unsafe, here are just a few reasons why…
If a criminal gained access to your email account, they could then…
- Find your personal details for all the websites you’ve registered to
- Steal your sensitive data
- Change your password and ask for a ransom to get it back
- Delete your messages
- Impersonate you to scam your contacts
These are just the potential risks if a criminal only got into your email account. Imagine if they got into your social media accounts, bank accounts or your online crypto-wallets (if you have any).
Aside from writing them down, other users use the same password for every single online account they own. This is the worst thing you could do.
So, what should you do? Organise your passwords and keep yourself protected!
Why should I organise my passwords?
Deciding to organise your passwords is as simple as it sounds. Keep your passwords in a structure with filters and levels that are easy to navigate and locate quickly. Whilst keeping this database protected from any unwanted users.
It’s a fantastic way to keep track of what sites you are signed up too, and what account may still exist that you may not remember. As well as protecting you from being exposed from any future accounts being exposed.
Here’s what steps you should take to get organise your passwords and up your security:
1. Search and identify!
A great place to start is to radically look at what you have signed up too over the last 5-10 years. More and more attacks stem from older inactive accounts that could hold the key to getting into current information.
How to do this? A good place to start is to scan your emails and see what you are getting alerts from. From here you can see what potential accounts you might have and start to collate them.
If you’re having trouble thinking of what accounts you could have, here’s a head start:
- Email addresses
- Fuel suppliers; Gas, Electric, Water
- Betting sites
- TV and Film; Netflix, Amazon Prime
- Music; Spotify, Apple Music
- Online shopping; Amazon, eBay
- Cloud storage accounts; Dropbox
- Social media; Facebook, Twitter, Instagram
- Job sites
- Financial software
- Travel and transport; Uber
From this, you should be able to gather all your usernames and work out where you have currently active accounts.
2. Refresh and strengthen!
Once you’ve worked out where all your active accounts are, you can then begin to refresh and strengthen existing passwords.
The best action to take is to remove any existing payment information that is already on accounts which you don’t intend to use.
Aside from this, replacing these passwords is vitally important. We’ve talked before about how to increase the security of your password. With tips on extending passwords and using a combination of alpha-numeric characters.
However, it is equally important to replace older accounts passwords even if they seem strong. Hackers use a variety of ways to break into sensitive information and have great success with out of date passwords. As we’ve explained before in our common ways passwords are hacked blog.
If you are looking for ideas, check the weakest passwords of 2018. And do the complete opposite!
3. Store securely!
Ideally, in your brain. However, we aren’t all masterminds. The next best thing is using a digital password manager.
Password managers are secure and can be accessed by users you want to share them with. Simply sending details over email or instant messaging is a huge security breach. Meaning that if you are unable to access an account for any reason, you do have the option for someone you trust to do so on your behalf
What other options are there for further protection?
You need to think about how your brain works. If you are the type of person who is good at remembering and keeping track of what needs to go where then trust yourself and set up 2-factor authentication. With 2 factor authentication, you can use the organization you process in your own brain and then have it backed up by confirming the log in via a device.