Choosing a Strong Password
Don’t make it easy on the bad guys
We have talked a lot about cybersecurity recently (see our last two blogs; Security is Not Convenient and Keeping your Nonprofit Secure with VPN), but that should go to show how incredibly important it is.
We want to reiterate the point by reminding you that a secure password should be a priority and is vital to keeping your data secure. Creating strong and unique passwords is a great first step in warding off ill-intended hackers.
Here are a few quick tips on how to make sure you have a secure password:
Add variety (even auto generated)
Just about every time you are asked to create a new password, it suggests (or mandates) that you include a variety of characters. Between uppercase and lowercase characters, numbers, and other special characters, the more you mix and match them the better. If you use a browser like Google Chrome, a lot of times you can even use an auto-generated password that looks like complete gibberish but is quite secure.
These passwords are great when it comes to cybersecurity, but maybe not so much when it comes to trying to remember a bunch of 15-character, randomly generated, passwords. That brings us to the second tip:
Use a Password Manager
There are many different password managers to choose from. With most of them, you have one master password to log into the site and you can store all of your usernames and passwords securely within their system. While all offer similar features, some of the important things to look for are:
- Multi-device support (you’ll want to use it on your laptop, desktop, mobile devices, tablets, etc.)
- The ability to autogenerate complex passwords and autofill your credentials
- Integration with a (or their own) multi factor authentication app to get and fill in MFA codes
- For organizations, look for password managers that allow multi users and management (Connect Cause is partnered with Keeper Security and can provide this service if you’re interested!)
In April 2022, Cybernews released its list of the top 10 password managers: https://us.cybernews.com/lp/best-password-managers-us
Be Unique, Don’t recycle
No, we aren’t suggesting that you shouldn’t be eco-friendly, just that you shouldn’t use the same password for multiple different sites. Using a password manager eliminates the need to remember dozens of passwords, which also makes it easier to keep from using the same one over and over. It seems obvious, but if you use the same password for 10 different sites and a hacker figures out that one password, they now have access to all 10 sites. Unique passwords for every platform you use ensures that if one site is breached, you aren’t compromised everywhere.
With every character that you add to your password, it makes it incrementally harder for someone to crack. If you don’t want to use a gibberish password, but rather one that you will easily remember, consider using a phrase instead. Just make sure that it doesn’t include the usual personal information (first name, last name, kid’s names, pet’s names, etc.). While it used to be acceptable to have a password that was six characters, that number has nearly doubled recently. Now, many experts are now recommending a minimum of 12 characters to have a secure password. Phrases like “I would love to travel to Rome in 1st Class!” or “Of the 2 choices, Chocolate is better than Vanilla…” can be easy to remember, but still harder to crack than “test12”.
Omit personal information
As mentioned above, try to avoid any personal information when possible. Names and birthdays of you or your loved ones can be easily found and therefore make it easier for people to guess. Seemingly random words or phrases are much better if you choose to use actual words or numbers in your password.
Check for Breaches and Change When Necessary
The final tip is to check for password breaches often and change your passwords whenever necessary. Try looking up your email address at https://haveibeenpwned.com/ and see if you’ve been impacted by any breaches, then change your password for any websites that you find you may have been compromised on. Check often!
Have Backups of Information and Identity Theft Protection/Insurance
No one (not even the safest or most technical among us) is impervious to a password being hacked or files being lost or destroyed in a malicious attack. If you store files on your computer or even in the cloud such as office 365, ensure you have a good backup service for your data that you can rely on (another Service that Connect Cause can offer, powered by Acronis). If the worst does come true and your identity has been stolen or one of your financial accounts has been compromised, please ensure you have some sort of post-breach protection or insurance so you can recover more easily from the loss.
Unfortunately, even with the most secure of passwords and doing everything right, there is no guarantee that your account won’t be hacked at some point. But it is a great start. Setting up multi-factor authentication (MFA), having a reliable spam filter, backing things up in the cloud and taking security awareness trainings are all great ways that you can help protect yourself—and your organization—from cybersecurity issues.
Do you still have questions, or worry that your nonprofit organization is at risk? Schedule your complimentary tech assessment today to find out where and if you’re organization is vulnerable.