The 'ABCs' of Password Management

Posted by: Rod Kurtz on November 20, 2009

Today’s typical user has about a dozen systems they need to access with a user name and password. While passwords are an important and almost inevitable part of our everyday lives, they can put your organization at risk of financial and reputational damage if they are mishandled or compromised. Thus, it is important to be careful when choosing a password and logging in. Here are the "ABCs" of password management, with advice on how best to protect yourself when accessing your small business’ information—and your own:

1. Always be confidential. You should never share your password with others, period. Anyone else who has your passwords can impersonate you—accessing information and making transactions without your knowledge and leaving you to deal with the resulting problems. If employees want your password to access a given service, have them contact your IT department and get their own accounts. Nor should you reveal existing passwords when getting computer service; your help desk should be able to change your password for you or log on with its own account. And always be aware of your environment, watching out for ‘shoulder surfers’ who might watch you access your systems.

2. Be current. Make sure the computer you are using is up-to-date with the latest security software from one of today’s main vendors. Be sure, too, that you have an active subscription to updates and have regularly scheduled automatic scans of your system. Antivirus software alone is not enough, so look for a complete client-protection package from the leading vendors, including anti-spyware, anti-malware, host-intrusion prevention, and a desktop firewall. Unless you are properly protected, software can be installed on your system to watch keyboard input and easily steal your passwords without you noticing anything,

3. Consistently break consistency. Don’t use the same password for all systems. If your Gmail password is the same as your Chase Online Banking password, someone who compromises one system would logically and successfully attempt to use that password on all of your other systems. Separate any work passwords from personal banking passwords, and keep these distinct from your personal e-mail and social networking accounts. This limits your risk exposure.

Jared Beck
Senior Security Architect
Dimension Data
New York

Reader Comments

Ed Carter

November 20, 2009 6:23 AM

All good advice, but I find many people struggle to come up with something memorable and unique on a number of different sites.

I use Deadbolt Password Generator to create nasty looking strong passwords from simple phrases that I can remember easily associated with each site I go onto. It's an extra step, but there's a big price to pay for being lazy with your passwords these days!

(http://www.deadboltpasswordgenerator.com)

Gurudatt Shenoy

November 20, 2009 5:51 PM

I have developed a unique solution for managing passwords. This is in the form of a website, 0pass.com

The main feature of this website is that it does not ask for or store any passwords and thus completely secured to use.

The website offers a bookmarklet that creates a unique identity based on your computer configuration or your mouse or pendrive and generates a unique password for each website.

Once you replace your websites original password with the password locked to your system, you will never have to type or remember passwords.

0Pass.com is a free service.

Post a comment

 

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.

To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.

BW Mall - Sponsored Links

Buy a link now!