A Comprehensive Guide to Password Security for Businesses
In recent months, there has been a growing demand for online security. As we continue to advance through the digital age, with more businesses moving online, online security has become an important aspect for many companies.
Your online security starts with your password. It is the first line of defence to protect your business and information from cybercriminals. The problem with having a weak password or password that can be easily guessed is the high potential of a breach.
The potential damages include:
- Unauthorised use of email accounts.
- Loss of data and breach of sensitive information.
- Unauthorised transactions on banks and payment gateways.
- Identity theft.
- Complete loss of business websites, emails and social media.
Sharing passwords
There are many reasons as to why your passwords to a certain account, program, software or server is required to be shared. These include sharing passwords to team members, data analyst, web developers, social media managers, advertising managers and many more. When doing so, this enables the accounts to become a high-risk candidate to breaches.
A breach can occur before, during and after the communication period in which you’ve shared your password with fellow team members and agencies. However, there are several preventative measures that can ensure your account remains secure.
To ensure your accounts remain safe when sharing passwords with other businesses or team member, preventative measures which can be taken include:
- Changing your passwords before and after sharing your password.
- Enabling two-factor authentication.
- Use a strong password, generally a combination of uppercase, lowercase, numbers and symbols.
- Avoid using variations of a single word paired with symbols and numbers.
- Avoid sequential lists of numbers and letters as well as important dates and names.
- Use a string of words, easily enough to remember and long enough to avoid automated brute force.
- Avoid using the same password for all your logins.
Two-factor authentication
Two-factor authentication, is considered the second line of defence for your accounts. However, not every platform or website offers the same level of protection as well as making it difficult for team members to access certain accounts when needed and at times your password will still be needed to access your account. Below are a list of recommended providers that will ensure your passwords remain protected as well as your accounts.
Email and mobile authentication
The most basic, yet effective method of two-factor authentication involves a generated string sent to either your mobile phone or email account. This allows a new code to be sent to your email or mobile phone whenever you and a team member tries to login to an account.
The issue with email and mobile authentication is your availability, as well as security with your email accounts. Your password is still required to be shared with fellow team members.
Software authentication
Software authenticators are generally attached to your mobile device and works in a similar fashion as a time-based SMS code. The codes are generated within an application installed on your phone and can be locked behind a secondary password underneath your standard phone pin.
A list of software-based authenticator includes:
Software authenticators are a great tool to enable added security when accessing accounts and websites. These can include emails, payment gateways and business websites and devices. Software authenticators prevent hackers from accessing essential accounts using brute force as it requires users to key in a secondary code generated by the application.
There are numerous authenticators available on the market; however, provided above are reputable providers with up to date security protocols. LastPass has been my preferred authenticator as there are added benefits of using its software as opposed to its competitors.
In some instances depending on the setup of a website or application multiple authenticators are allowed, this allows for various team members to be registered allowing access to accounts and information without requiring codes provided by the administrator.
Hardware authentication
Hardware authenticators are physical keys which are required to be connected to a device, either mobile phones, computers or laptops to authenticate and allow access.
Hardware authenticators are an alternate solution to passwordless authentication. It requires the end user to connect a physical device to their hardware for authentication. For administrators, with full access to systems, accounts and billing requirements, a hardware authenticator paired with a standard password provides added security when accessing sensitive information.
As a system administrator, a hardware authenticator is my preferred method of authentication. However, the downside of a hardware authenticator is the possibility of losing a physical key. A physical hardware authenticator is a more convenient method of providing authentication it can provide security for both mobile devices as well as computer systems and websites and not just websites alone.
I personally use YubiKey’s hardware authenticator to ensure my emails, payment gateways, password manager, client accounts and web hosting is secured.
Password manager
Most small businesses tend to share their passwords with different team members and associated companies including web developers, payment gateway and postage providers and enterprises alike. Password sharing becomes a huge risk factor for your business with many utilising their web browsers to store sensitive information.
With today’s technology, there are several password managers available these include:
Password managers are a convenient way to store passwords away from your web browser. It is locked behind a multifactor security wall and allows for passwords to be shared and removed without providing users with an unencrypted key, or the password itself. Majority of password managers require a subscription, however for personal use from the listed password manager, LastPass also includes a free model and is useful in terms of security and password sharing.
Looking to add two factor authentication to your website? Feel free to get in touch with Rubix Studios.
Let me know what are your thoughts on password security in the comments and any recommendations you have.