Rethink Your Passwords to Keep Digital Intruders at BayPosted by
Small businesses are often seen as soft targets for hackers and scammers, but there are a few simple precautions you can take to help keep your business safe online.
Weak passwords are one of the biggest threats to any business, along with the terrible habit of reusing passwords across different services. A strong password needs to be long, complex and unique. Avoid dictionary words – they’re the first thing that hackers try when attempting to break into your accounts. Also avoid things which are easy for you to remember but also easy for others to guess, like names of people and companies, birthdays and other publicly available information.
The best passwords look like gibberish, with a mix of upper and lower case letters along with numbers and symbols. Of course that makes them harder to remember.
One trick is to use the first letters of a phrase or lyric – for example the first line of Peter Allen’s Still Call Australia Home might become “IbTc-TnCd”. Add a few numbers and symbols and you’ve got the makings of a strong password that’s easy to remember. Even a phrase like “I’veBeenToCities” makes for a better password than a single word, however long, but it’s a good idea to throw in a few extra symbols.
It’s great to have one strong password, but it won’t keep you safe if you use it for everything. When hackers break into services and steal logins and passwords, the first thing they do is attempt to use those credentials with other services. You’re in trouble if you’ve used the same email address and password everywhere.
Using a phrase or lyric as the basis of a strong password also makes it easier to think up extra passwords which are easy to remember. Going back to Still Call Australia Home, the second line of the song gives you “FnYtR-aOlT”. It doesn’t matter whether you’re into Blondie or Beyonce, as long as you can remember the lyrics you can sing along in your head as you enter your password – just don’t sign out loud.
While you’re dreaming up strong, unique passwords it’s also important to enable two-factor authentication where available. It adds an extra layer of security to make it harder for hackers to break into your account even if they do know your login and password.
Two-factor authentication relies on both something you know and something you have. The something you know is your login and password, while the something you have might be a one-off code sent to your mobile phone as an SMS.
When you log in to your account from a new computer you’re also asked to enter the two-factor authentication code, to help prove that you’re really you. At this point you can often tick a box to “trust this device”, ensuring that you don’t need to mess around with two-factor codes every day.
Rather than relying on an SMS, you can also use smartphone apps to generate two-factor codes. Alternatively you might keep a token on your keyring which displays a new code every few minutes, or use a USB stick as your two-factor token which must be inserted into your computer before you can log in to a website.
Rethinking your approach to passwords might seem like a hassle, but it’s a small price to pay to keep hackers out of your business.