We all know passwords are important – but there are so many of them! Some days it feels like you can’t do anything without repeatedly logging in somewhere. This means remembering countless user names and passwords, and then if 2 factor authentication is in place, having to go through that process as well.
Let’s face it, we are all extremely busy and may already by stressed or frustrated with a task that we need to do, layering on a sequence of security processes only adds to the strain of that, so it’s really tempting to just have the minimum acceptable level of security because your time is precious and it’s hard not to way up the benefits of security and come to the conclusion that it’s not worth all the time and hassle – if you are currently in that mindset – PLEASE DON’T BE, IT MAY COST YOU YOUR BUSINESS!
Instead, take a little time to think about your overall day to day security routines, there are lots of tools and processes that enable you to be extremely secure without stress or frustration. Here are some of my top tips for security happiness:
- Use a password manager – a password manager generates unique and complex passwords for each of your logins and stores them all in one handy place along with usernames and any other log in information you need access to. There are many good passwords manager apps available, We recommend Bitwarden as it’s so easy to use and highly secure. Bitwarden is free but there are paid enterprise versions available if you want to manage passwords across an entire organisation.
- Don’t use a browser to autofill your passwords – This may seem like an extremely convenient function for not having to remember your passwords but imagine if a hacker takes control of your laptop, there is nothing to stop them accessing all of your passwords via autofill. Bitwarden has a handy icon which you can click when are in a log on page, this opens up the app and finds the appropriate log in details based on the website that you are on. Therefore you can autofill from Bitwarden instead but only whilst you are logged in.
- Use 2 factor authentication wherever you can – most passwords can be comprised by hackers via a variety of methods such as:
- Credential Stuffing – when data bases of stolen credentials are acquired by hackers and used to see if there is a match.
- Phishing – where users are tricked into revealing passwords
- Password Spraying – uses a list of commonly used passwords against a user account
- Brute Force – complex algorithms are used to convert encrypted password into plain text.
- If you have 2FA in place, a hacker, even if they crack your password cannot get any further.
- Use a recommended 2 Factor Authentication app – We recommend using either the Google Authenticator or the Microsoft Authenticator App. This stores your 2FA in one handy place. Most 3rd party apps make it very easy to add 2FA to their log in process and it’s very easy to set up new 2FA by simply using a bar code and takes seconds. Having 2FA as part of your log in process does add a few more seconds but also adds secure peace of mind.
- Consider using hardware keys as an alternative to traditional 2FA – We use YubiKey within our organisation as well as traditional 2FA. A YubiKey is a physical key that you plug into a USB port on your device, you just press a button on the YubiKey and type in a PIN to populate a unique complex and highly secure code, YubiKeys are set up to be personal to you and if stolen cannot be used by anyone else. As most traditional 2FA apps such as Google Authenticator and Microsoft Authenticator require you to have access to your mobile phone to generate a log in code, this is a big problem if you phone is lost or stolen. Using a YubiKey gives you a secure alternative and as they are sold in pairs, if one gets lost you always have a backup.
