Pamela Hazelton

You are here: Home / Ecommerce / Safety First: Storing Passwords

by 3 Comments

Via GoToMeeting, I work with many online store owners and designers in real time. It amazes me how lax many people are when it comes to creating and storing passwords. There have been thousands of articles published concerning the importance of using complex passwords and implementing security measures. Still, the process is often ignored.

Insecure password storage is like giving away the key...
Why would you give away the keys to your business?

I’ll start by saying this. If you use a weak password and take little to no effort to protect it, you deserve to be hacked, raked over the coals and shunned. Simply put, passwords are meant to protect everything about us, our customers and the business as a whole. If you don’t care enough to protect customer data, why should customers care enough about your company to pull out their wallets?

For the sake of safety and security, here’s some DOs and DON’Ts to keep in mind when it comes to password creation and storage.

DO

  • Use strong passwords. Passwords should be at least 8 characters and contain at least one number. Stronger passwords include letters, numbers and a special character, as well as a mixture of lowercase and uppercase letters.
  • Use encryption methods to store passwords. Consider reputable software that “explodes” data if the master password is entered incorrectly after a specific number of tries.
  • Use a unique, non-identifying master password. You shouldn’t use pet names, children’s names, birthdays or other common terms in any password. The master password on storage software needs to be so unique no one you know could guess it.
  • Create and enter passwords only over secure connections.
  • Use different passwords for different sites. You shouldn’t use your banking password, for example, for accessing forums.
  • Change passwords frequently. I know there are arguments against this, but, the fact is, the action of keeping passwords fresh reinforces the need to keep them secure.

DON’T

  • Store passwords in the browser. One only needs access to the computer to gain access to everything else. Auto-completion of logins and passwords is an easy way for employees to gain access to sensitive information, including PayPal and bank accounts.
  • Share your password. If you must provide someone else access to an account, either create a separate user, or change the password  to something totally different. When the third-party access is no longer needed, change the password again.
  • Save emails that include passwords. Since email itself, by default, is insecure, you’re better off logging into a site and changing the default password. Then delete the password email.
  • Use common password reminder questions. Using questions that require simple answers (your maiden name, your home town, your birthdate, etc) makes it easier for others to hack your account.

Finally, you should maintain a list (sans passwords) of accounts that are password-protected, and maintain it as new ones are created. Should your data ever be compromised, use the list to quickly access accounts and change both password and secret question criteria. Remember, you can never go wrong by keeping your security tight and up to date.