Pamela Hazelton

Twitter icon Facebook icon Google Plus icon LinkedIn icon Periscope icon rss icon
You are here: Home / Ecommerce / Safety First: Storing Passwords

Safety First: Storing Passwords

by 3 Comments

Via GoToMeeting, I work with many online store owners and designers in real time. It amazes me how lax many people are when it comes to creating and storing passwords. There have been thousands of articles published concerning the importance of using complex passwords and implementing security measures. Still, the process is often ignored.

Insecure password storage is like giving away the key...
Why would you give away the keys to your business?

I’ll start by saying this. If you use a weak password and take little to no effort to protect it, you deserve to be hacked, raked over the coals and shunned. Simply put, passwords are meant to protect everything about us, our customers and the business as a whole. If you don’t care enough to protect customer data, why should customers care enough about your company to pull out their wallets?

For the sake of safety and security, here’s some DOs and DON’Ts to keep in mind when it comes to password creation and storage.

DO

  • Use strong passwords. Passwords should be at least 8 characters and contain at least one number. Stronger passwords include letters, numbers and a special character, as well as a mixture of lowercase and uppercase letters.
  • Use encryption methods to store passwords. Consider reputable software that “explodes” data if the master password is entered incorrectly after a specific number of tries.
  • Use a unique, non-identifying master password. You shouldn’t use pet names, children’s names, birthdays or other common terms in any password. The master password on storage software needs to be so unique no one you know could guess it.
  • Create and enter passwords only over secure connections.
  • Use different passwords for different sites. You shouldn’t use your banking password, for example, for accessing forums.
  • Change passwords frequently. I know there are arguments against this, but, the fact is, the action of keeping passwords fresh reinforces the need to keep them secure.

DON’T

  • Store passwords in the browser. One only needs access to the computer to gain access to everything else. Auto-completion of logins and passwords is an easy way for employees to gain access to sensitive information, including PayPal and bank accounts.
  • Share your password. If you must provide someone else access to an account, either create a separate user, or change the password  to something totally different. When the third-party access is no longer needed, change the password again.
  • Save emails that include passwords. Since email itself, by default, is insecure, you’re better off logging into a site and changing the default password. Then delete the password email.
  • Use common password reminder questions. Using questions that require simple answers (your maiden name, your home town, your birthdate, etc) makes it easier for others to hack your account.

Finally, you should maintain a list (sans passwords) of accounts that are password-protected, and maintain it as new ones are created. Should your data ever be compromised, use the list to quickly access accounts and change both password and secret question criteria. Remember, you can never go wrong by keeping your security tight and up to date.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInShare on RedditPin on PinterestBuffer this pageEmail this to someone

  • Password management programs are a must these days. Working in the tech field, I have so many passwords to remember that it’s almost mind numbing. To top it off I only need to use certain ones every blue moon or so which leads to not being able to just pull it out of thin air. Plus remembering my own personal ones. Long ago I started using Lastpass and now I use SecuStore.

    Lastpass and SecuStore both have desktop counterparts that allow for syncing with mobile so your database of passwords is kept in two places in case your PC melts down or your phone goes bye bye. They both also include the ability to auto generate passwords which can be a life saver.

    Lastpass is available for most mobile platforms while, SecurStore is for webOS. LastPass is free, while SecurStore does cost a few bucks.

  • Pingback: Did the Heartbleed Bug Finally Open Your Eyes?()