Password security has never been more important than it is in the wake of the massive breaches at Target and Neiman Marcus. While those incidents may not have involved passwords, they serve as reminders that we must be more cautious. Take this opportunity to review the password security of your business website, email accounts and social media accounts.
As often as people are warned to change their passwords, to not use the same passwords for multiple accounts and services, and to use long, complicated passwords; too many are still taking chances.
It is one thing to risk your personal reputation when someone spams your friends on Facebook using your personal account, but what if they use your business Facebook page? Will your business followers be as quick to forgive as your friends and family?
It isn’t just that someone might say something on your Facebook page that is offensive, or tweet half naked pictures of themselves on your Twitter feed. People will get over being offended when they realize what happened. What they won’t get over so quickly is the loss of trust. How can they trust a business that is not able to manage their own password security? That feeling will linger and your brand will suffer for it.
The following are some tips for setting a secure password:
Don’t use the same password for multiple accounts. This should be an obvious tip and as often as we see it suggested, there are still people who use the same password for their email, website, bank account access and social media accounts.
Don’t use obvious easy passwords like 123456, asdfasdf or the word ‘password.’ You also should not use publicly available information like your phone number, birthday, childrens’ names or your street address. Google suggests you come up with a phrase about each account and use the first letters of each word, adding numbers and symbols where appropriate. Your email phrase might be, “I love to get email from Cassie and Tim.” Your password from that might be, “Il2gefC&T”. This password has upper and lower case letters, a number and a symbol. To increase the security make the phrase a little longer and add more numbers and symbols.
If you must write your passwords down, keep them hidden. Don’t carry passwords around in your wallet or keep them on a note taped to your computer screen.
Set password recovery options with each account. If you forget your password some sites will simply email you a link that allows you to login. Others will require that you answer preset security questions. You can add an extra layer of security by spelling the answer to your security question in a special way. For example, if the answer to your question is the city name Cincinnati, you might spell it Sincinn@e. The key here is to remember your special spelling so you don’t lose access to your own account.
Some sites request a cell phone number and permission to text a verification code to you. This method is commonly called two-step verification. If your account is accessed by an unrecognized computer or device, you will receive a text with a verification code. If you are the person trying to access your accounts, then all you have to do is enter the verification code after receiving it by text. If someone else has attempted to access your accounts and they do not have the verification code, they will be locked out.
Security issues will continue to be a problem – from simple pranksters trying to make a mess of your social media accounts to hackers going after your financial information, or worse – your customers’ financial information. Take steps now to save your brand, your reputation, and your finances by protecting passwords.