Introduction: Password Best Practices
Hey guys, I'm Neadom Tucker, and if you're like any business owner out there, you have a number of passwords to keep up with every day. So, what are the safe practices when dealing with passwords and security in your business?
Sometimes you have to give your password to some Staples account to your office manager or things like that. So, what are we gonna do to make sure that these things are safe and secure, to make sure that would-be hackers don't necessarily get access to information? Stay tuned and we'll see you then.
Password Safe Practices
Hey guys, I'm Neadom Tucker, owner of Kotori Technologies, and today we're gonna talk about password safe practices.
Now, let's think about this. If you're a business owner and you're hiring new employees, or if you're a business owner and you're needing to set up logins for users—or even if you're not the business owner, you're the office manager and you're having to do these same jobs—how do you distribute these passwords in a safe manner to the people that need them? Especially if you're having to do it remotely for somebody not in your office.
Also, how do we make sure that the passwords you're using are secure in the first place?
Distributing Passwords Safely
The first thing we want to do is separate the communication of the username and the password. We also would love to implement two-factor authentication; we've got some other videos on that in the past you can take a look at.
We want the login and the password to come in two different methods of communication. We don't even want those to go both via email.
For example, if you’re onboarding John Doe, you might email him his username and then send a text message with the password. That way, a would-be hacker would need access to both platforms.
Another method: email the username, then call the user and give them the password over the phone.
And always require the user to change their password at first login. As business owners or office managers, we don’t want the liability of knowing everyone’s password. If we do, we could be held accountable for actions taken under that login.
User Accountability
If you know the user's password, you have the ability to log in as them. That breaks accountability. If something goes wrong, the user could say, “It wasn’t me,” and you wouldn’t be able to prove otherwise.
So, communicate credentials using two different methods and require password changes at login.
Two-Factor Authentication
The ultimate best practice: implement two-factor authentication. Office 365, G Suite, and other cloud platforms support it. Implement it. Implement it. Implement it. It will help protect you and your information.
Creating Complex Passwords
Let’s talk about the passwords themselves. Use a password manager. There are too many passwords to remember, and best practice is to have a different password for every site.
Who can keep up with 237 different passwords? I can’t. Most people can’t. Use a password manager like 1Pass, LastPass, Dashlane, or RoboForm. Use one complex password to access the manager, and let it handle the rest.
Password Managers and Complexity
All of these systems are fairly secure—nothing is 100% secure—but they’re good. Use two-factor authentication to access your password manager too.
Now, about password complexity: use at least eight characters, with uppercase, lowercase, numbers, and symbols. Avoid obvious phrases like “dogcatcher” or “Jeremys great.”
Instead, use a sentence. For example, if you’re a Jimmy Buffett fan, use a line from “Margaritaville.” A sentence with spaces, numbers, and mixed case is strong—and memorable. Some sites support up to 24 characters. Use that space.
Conclusion
That wraps up another week of When You Need 'Em, Ask Neadom. Today we talked about two key things: how to safely communicate passwords to users, and how to create complex passwords.
If you have any questions, reach out to us online at http://www.kotoritechnologies.com. Until next time—take care!
