There’s the password for your email account, for your shipping system, for your warehouse management app, for your CRM user profile… and many more.
Passwords protect your user access from being abused by others and securing those passwords takes a little thought.
Insecure Password Habits
Who needs a password strategy? Many enterprises do. All too often, passwords are open secrets with gaping security holes such as:
- Writing passwords on sticky notes next to a computer screen (or under the keyboard)
- Passwords like ‘123456’, ‘secret’ or ‘password’
- Using the same password for multiple company accounts (and your Facebook account too)
Take the last one for instance. This is why cyber criminals target less well protected social media accounts and not just business accounts. It’s because they know there is a good chance that the same password is being used for accounting, customer accounts, and possibly server administration.
Education is the First Step
Even the tightest password strategy may not be enough if users blab their passwords to anyone who asks. That includes hackers using social engineering tricks like masquerading as legitimate IT support engineers.
A few basic instructions and precautions can significantly reduce security risks:
- Never leave passwords in plain view
- Never share a password, even with a colleague who cannot access his or her account on the same system
- Use at least 8 characters with a mix of upper and lower case, numerals, and special characters
- Do not use personal information (dates of birth, for example)
Easy to Remember, Hard to Crack
The joke is that over the last couple of decades, users have been forced to use passwords that are hard to remember, yet easy to crack. With the computing power available nowadays, hackers can use brute force methods and try hundreds of millions of different passwords per second.
Possibilities for resisting such attacks include forming passwords from the first letters of a string of meaningful words. ‘Look what they’ve done to my song, Ma’ could give ‘Lwtd2ms,M’ with an added ‘,’ to make things doubly difficult for hackers. However, remember that your users may rapidly give up on any complicated approach, so recommendations have to be simple as well as secure.
The challenge of multiple passwords remains. Many people find it difficult to cope with more than three or four different ones. A solution is to use a password management application like LastPass, Roboform, or KeePass that requires just one master password that grants the user access to their entire database of passwords.
This still leaves a risk that compromising one central password will open up access to all the associated accounts. It is possible to put two-factor authentication in place. This requires the use of a device such as a USB key or a mobile phone to provide proof of the legitimate user’s identity for using and changing the password. This increases security, but also complexity.
Let’s summarize the main takeaways:
- Train your users to use simple but effective methods to protect existing passwords
- Give them easy, but secure ways to generate new passwords
- Provide password management software to maintain security, but reduce complexity
- Use extremely strong security methods like two-factor authentication if required.
Which methods is your LA distribution company using for secure passwords? Tell us what works for you in the Comments box below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, How COOs at Los Angeles Distributors and Manufacturers Get More Done: A Guide to Productivity, Data, Staffing, Delegation, and Making It Home for Dinner Most Nights.