Solve All Your Password Problems
In this article, I’ll cover common password problems and mistakes with the goal being to improve your quality of life and reducing your vulnerability to rapidly increasing security threats. Then, I’ll provide you with password tips and tricks that will improve your security, your company, your mental well-being. Nothing drives me crazier than chasing down passwords.
If you are already doing these password pro-tips, you get a gold star. That’s one reason I’m writing this password protocol piece. Because at the end of the day, your potentially dangerous personal password practices affect people across the planet.
More Passwords, More Problems
Working remotely for a remote agency means that I deal with all types of passwords. Over time, poor password management can create two major issues.
#1. Hunting down passwords is a productivity killer.
Everyone knows this struggle. If you deal with lots of accounts at work, consider how much time you are wasting. Added up over time, there is a significant opportunity cost. But primarily… being unable to access an account at the moment of need is extremely frustrating. If the task is time-sensitive, it can be highly stressful. If the task is menial, you either skip it or begin the annoyingly familiar password hunt.
#2. You are putting you and your company at risk.
You should protect your personal accounts, but your company passwords can have dire implications that affect many people. While password hunting is a recurring annoyance, a security breach at your company only requires one major incident to do irreparable damage.
Most Common Password Mistakes
These will likely hit close to home. When I say “common”… I’m talking every millisecond of every day these password mistakes occur.
1.) Using the same password over and over.
If you have been using the same password for years… it’s safe to say that you’ve already been compromised. Seriously… stop doing this. You might as well just tattoo it next to your ex-girlfriend’s name because it will also haunt you for years.
2.) Insecurely sending passwords
Even people that know not to do this succuomb to the temptation. If I’m a hacker and I obtain an email password, the first thing I’d do is search your inbox for more passwords. Now you’re small hack just became a potentially incorrectable problem.
3.) Granting Unnecessary Account Permissions
Say you are adding a new blog author to your WordPress site, and you just provide them with the default admin access. Even if you are a savvy password protector, this new author can add their go-to password “password123456” and the second they post a blog, you’ve invited them in. Paraphrasing Shrek, “Accounts have layers, onions have layers. They both have layers.” Use these layers to protect yourself from unnecessary risks.
Password Tips & Tricks: How to Improve Password Management
This is just my own personal password management advice. If you have additional tips, post them in the comments below. Some things will improve overnight, and you’ll thank yourself in the morning. But to have a profound impract, you must systematically purge, protect, and optimize over time. Don’t get lazy, and encourage others in your company to commit.
No more chasing down passwords. This changed everything for me.
Often in the form of a browser extension, these password managers will optimize your efficiency and security overnight. My personal preference is LastPass, but there could be other one’s out there so shop around. LastPass is a vault protected by a single password so you better make it at least 12 to 14 characters with special characters and numbers mixed into it.
LastPass changed my life because it saved me time and headaches. There may be other alternatives out there, but I full endorse LastPass. Been a user for about 5 years now, and they just keep getting better.
- Seamless account access and switching
- Password sharing with team and external members,
- Great mobile password management app
- Credit Card
- Auto-fill and even auto-login
- Desktop application
You can even store and share credit card numbers which eliminates the need for password sharing.
Currently, there is a race between Payment Managers to integrate the Windows Hello camera which allows for Facial Recognition logins on your Window desktop. Whoever figures that out first will be receiving a lot of users. That would be a very seamless process.
2.) Create Passwords You Don’t Rememeber
This is a wild concept, but with a Password Manager, you really don’t need to be able to type it in ever again. Often times, there is an option to generate a random password. That is not a temporary password, that is the developer encouraging you to protect your account. Often these password generators are built in, and the first thing we do is change the password to something familiar. These password generators are not intended to be temporary.
3.) Create Individual User Accounts for Essential People (whenever possible)
Stop using a shared company account whenever possible. Because you’ll lose track of who has access to the account. Also, anyone can potentially jeopardize the account by insecurely storing the password. Another benefit of individual accounts is that you can identify suspicious activity faster, and isolate the threat. Has an employeeever left your company? Did you take the time to change the password to that shared company account? Do yourself a favor and create an account for essential personnel and keep a record of all of your accounts.
4.) Only Provide Users with Necessary Account Permissions
Account Permissions can be dificult to understand, and it can be annoying to have to go back in and tweak their permissions if they need access. Some people don’t like to do this because it can be awkward. I don’t have any tips on how to make it less awkard. You are on your own there. I’m just here to tell you that it is a lot smarter to keep account permissions in check.
5.) Start with Your Most Sensitive Accounts
This tip is intended to make things easier for you. Improve and protect our most sensitive accounts first, and then work your way down. Imagine someone has a vendetta against you, and they have access to all of your accounts. Where could they do the most damage? In actuality, there a millions of hackers and programmed bots with no vendetta but they are a thousand times more determined and capable of doing damage.
6.) Get Your Team and Clients on Board with the new Password Security
There is a theme in this blog post, and its similar to the lessons we’ve learned duriing COVID-19 . The stakes can be extremely high. Sensitive Account Hacks can ruin lives and destory a company overnight. It’s a serious matter, and you don’t want to be the one that is to blame.
If you share accounts with clients, it’s important that you encourage them to adopt similar practices. If they are not tech savvy, do simple things like suggesting a phone call to exchange passwords. Ask them if its alright to change a password. I’ve seen some shockingly insecure passwords over the years. Typically, most people respond well when you explain the security risks if an account is compromised. Sometimes I change my teammates passwords just to keep them on their toes.
7.) Time to Clean Up Years of Mistakes
Type “password”, “pw, “p:”, into your email inbox search bar and I bet you’ll find at some passwords. Also try common passwords you used to use. Do the same for other communication channels like Slack. Then, you should do the same for your shared drives, and Google Drive, and lastly search your computer harddrives. You’ll likely find documents. Purge any trace of an old password, and that will help protect you. Hackers are far more clever than me and with machine learning AI and quantum computing on the rise, it’s safe to say that brute force hacking will continue to grow in strength.
8.) Use 2-Factor Authentication
I posted this last because the current text or email method is a little annoying, but this article wouldn’t mean much if I didn’t recommend it. I like efficiency, and this extra step slows things down. However, I must admit it is a very effective way to protect your most sensitive accounts. So you should definitely use 2FA.
But to Google or whoever has the next solution in the works, please hurry up. 2FA is the reason I suddenly became cool with allowing Apple to scan my face everytime I login which I’m sure isn’t going to come back to bite us down the road. So yeah, add 2FA to your accounts, and if you are the super admin, you can usually enforce that action for your coworkers. It’s better than putting you and your entire company in jeopardy just because its annoying.
Please feel free to provide your own suggestions in the comments below. This is not a complete list so I will be adding to it. Bookmark this article because Iwill be updating it as best practices evolve over time.