Over the weekend, the popular website Gawker was hacked by a group going by the name of “Gnosis.” They were able to infiltrate Gawker’s database and posted internal messages and passwords belonging to both staff members and readers. While that in itself would be cause for alarm, the panic was exacerbated among Internet users who often use the same password for all of their online accounts. With a reported 1.3 million people said to have a Gawker account, that equals a lot of people with their lives and personal information exposed.
Online security is something a lot of small business owners take for granted. They don’t pay much attention to the passwords they’re creating for their accounts and, in the end, wind up exposing themselves to potential hacks and identify theft. But it doesn’t have to be that way. Below are a few things small business owners can do to protect their passwords, and themselves, online.
Don’t use the same password for everything.
I know, I know, it’s convenient to come up with one password that you can remember and keep using it everywhere, but it’s not safe. Having one password for all of your accounts makes you incredibly vulnerable to hackers. All someone has to do is sniff out your password for one account and they’ll have control over your entire online identify. Use different passwords to control your online banking, your blogging, your social networks, your Amazon account, etc. It’s just that important. You must create and use strong passwords.
Use one password, customized for each site.
Just because you need a unique password for each account you’ll be creating doesn’t mean you should be staring at the books and plants on your desk for inspiration. A really easy way to generate unique, but easy-to-remember, passwords is to keep a common base and then add part of the service’s name to the beginning or end. For example, if your base password is [rogue], then your Amazon.com password may be [rogueamzn]. You can develop a rule where you use the first four letters of a service’s name or another mechanism. If that looks too easy for a hacker to figure out, then develop a different rule. Perhaps you use the first three vowels, you scramble the letters in some way that’s easy for you to remember, or you decide to work in special characters. Just don’t get so creative that you won’t remember what your system is. Also keep in mind that different services have different password requirements – some will require special characters, while others will forbid them.
An alternative to even having to remember your password is using a site like hashapass which will generate the same password over and over as long as you’re giving it the same master + parameter (typically the site’s name). That means you don’t have to remember the individual password, just your core, and the parameter and the site will recall it for you. An interesting concept.
Use a password manager.
Password manager tools like LastPass take the hard stuff out of password management by not only helping you create strong passwords, but also remembering them for you. Sounds like the best of both worlds, right? Well, it can be. With LastPass, all you have to do is create an account and it’ll pretty much take things from there. Once you install LastPass, it will ask you if you want to import your saved passwords. If you select “yes,” it will run through and show you which of your passwords are strong and which are hackable. If passwords are deemed hackable, LastPass will help you create new ones and will then store them in their “vault,” allowing you to group them for easy reference. You can also create different identities so that not all of your sites are viewable when you log into LastPass from a particular location. Lifehacker (a Gawker-owned property) just posted about how to use LastPass to audit and update your passwords. It may be worth a read.
Those are some easy tips to help small business owners keep themselves password protected on the Web. What methods do you use to keep your accounts safe and your secrets out of the hands of hackers?
More in: Cybersecurity