Get your CPA firm aquainted with new FTC rules. Creating strong, complex passwords requires using the right kinds of characters, numbers and symbols. You should adhere to these practices even if you aren’t required to. Further, the practices recommended in the first part of this series could be useless if you don’t follow the accompanying practices laid out here.
Some Guidelines
1. Your company’s IT administrators may have policies that already require you to use a new password when creating one, but you should change passwords often and never reuse or recycle (change just a few letters) passwords.
2. Never share passwords. That means with colleagues, friends and other accounts of yours.
3. Never text or email passwords. Securely store and transmit passwords. This can be achieved through encryption, which is a method of scrambling data on the internet so that only authorized users can access it, or a one-way encryption method called hashing.
4. Use a separate password for each account. We can be tempted to reuse passwords from site to site, but think of what could happen if one was compromised.
5. Similarly, never use the same usernames and passwords for business and personal accounts. As above, think of the consequences of losing one password for two or more sites.
6. Combine passwords with 2FA (two factor authentication) or MFA (multi-factor authentication) wherever possible. 2FA/MFA are the use of other “factors” or pieces of information that act together to allow you to sign into your accounts. This can be a text message sent to your phone, a biometric factor (fingerprint, iris scan, etc.), a code given through an authentication app, a hardware key, or other, additional means of signing on to your accounts. The point is a site can use a secondary (or tertiary, etc.) piece of information to ensure you are who you are. Though not foolproof, 2FA or MFA improves your security by putting up another required roadblock to hackers.
7. Never write passwords down or input them into Excel or Word. This is another temptation that should be avoided. Imagine someone peeking into your files.
8. Do not use browser password saving/encryption features. These have notoriously weak encryption. Use a password manager instead.
Next, we look at proper and safe password policies for both businesses and administrators.
***
Tech Kahunas is a San Diego Managed IT Services provider which provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.
Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.
