These days, it seems like every few months we are hearing of another password breach at a website. Just a few weeks ago one of the world’s largest online gaming companies, Blizzard, suffered a digital security breach and thousands of passwords were compromised. A month before that, the popular social networking site, LinkedIn was also hacked.
While there is not much that can be done when those things happen, you can take action to ensure your online identity and the identity of your agency remain secure. The first line of defense is coming up with a secure password.
Every site you sign onto will ask for a password. Furthermore, some people might need a password to sign into your computer. That can be a lot of passwords to try to remember. Here are a few tips on how to create memorable and secure passwords:
- The longer the password, the better. While creating short but extremely random passwords might be a great strategy if you only have a few passwords to remember, chances are you have quite a few sites that require a password. This is why creating a long password is best. One idea is to think of a story you will never forget and put together a phrase with a few numbers based on that story. That phrase with a few numbers provides you with much better security.
- Complex over simple. While you do not want a random collection of numbers and letters, you do want your password to have some complexity. This can be accomplished through the use of upper and lowercase letters, numbers and special characters. A general rule is to have at least one of each in your password.
- No personal information. Do not include things such as your address, phone number, birthdate, social security number, etc in your passwords. If for some reason a site that you are subscribed to is hacked, the hacker can use this information to link together other information on the web and find out who you are. In no time, your identity theft has your credit card numbers and other personal information.
It is best to have a different password for each site to which you are subscribed. If you are concerned about remembering a bunch of passwords, then there are password managers available to help you. Google Chrome and other browsers offer a password managers that save an encrypted version of your password for you, which will auto-complete the next visit that site. There are also independent password managers such as KeePass that also will save your passwords for you.
Your non-profit organization might already have a policy on creating passwords. So, before following any of the advice in this post, make sure you check with your IT Department and make sure your passwords are compliant. Also, remember to change your passwords often. A good rule of thumb is to change them every three months to keep accounts secure.
These best practices aren’t just necessary for your online activity. They also applies to internal software such as password protected donor databases.
Anyone else have some great password creation tips? What password manager do you use? Does your agency have a password creation policy? If so, would you be willing to share it with other readers? Let’s talk about all of this in the comment section!
Marissa . . . do you have anything that you can share with readers regarding a written password protection policy?
I also know that many agencies worry about getting hacked and losing staff and donor data. Is there anything you can share with readers that can help them update their crisis communications plan in the event that the agency’s systems get hacked and privacy has been compromised.
Great post . . . thanks!
~Erik