We’ve all encountered it. We want to access content on a website or integrate a new app on a platform, but it requires us to create a password or connect to an existing account like Facebook, Gmail, or Microsoft.  So what do you do? Do you type in a password that you’ve used on countless other websites, or click that tempting “sign in with Facebook” button? While it might be tempting to use either of those options to quickly access the content you want, we offer these 4 tips to help keep your accounts more secure.

1. Create Unique Passwords

As tempting as it is to enter re-use that password that you have had memorized since you were a teenager, it can lead to many account vulnerabilities. It’s easy to remember, your fingers flow naturally over the keyboard when you are typing it, so what is the big deal? While it may be quick and easy to have one password for all your accounts, it allows for all of your accounts to be compromised if your account is breached or your password stolen. This can put you and your company at risk, especially if you use have access to other people’s sensitive data through that account. Even if you reuse a password from 10 years ago, someone could have gained access to old passwords tied to an email address or account of yours that would allow them to hack your account. The safest option is to create a separate password for every account you use.

2. Use a Password Manager

Since re-using passwords is insecure and problematic, how do we go about remembering all the passwords for the sites we use? Daily, you probably use 3 – 5 email addresses, 5 – 10 social media accounts, and 10 – 20 websites or services for your job. How can you be expected to create a separate password for all these accounts and keep your sanity? Do you write them all down on sticky notes scattered around your desk, or save them in a text document on your phone or computer? Writing your password down on a note or saving it in an unencrypted document is like hanging your house key next to your doorbell, it’s an invitation for anyone to use it. We recommend using a password manager to keep all your passwords in a secure location. Many password managers can be used online and as an app on your phone. There are both paid and free versions available which allow you to generate or save passwords for new accounts and check security of your passwords based on how complex they are and how often you have reused them. Additionally, it is recommended that you use a very secure master password that will be used to unlock or sign into your password manager, after all, this password will give you access to all your other passwords. It can be a long phrase, a sentence that you will remember, but should also contain a mix of upper case, lowercase, numbers, and special characters. Length is just as important as complexity. Longer passwords provide extra security and are harder to guess or crack using brute force.

3. Enable Multi-Factor Authentication

Another way to keep your accounts secure is to enable Multi-Factor Authentication (MFA) whenever possible. MFA provides additional security by prompting for a secure token after sign-in that verifies you are signing in, and not someone else trying to access your account. There are a variety of MFA methods available such as USB fobs, generator tokens, apps on your phone, or a simple phone call. By using MFA, unverified login attempts are blocked if someone has obtained your password but does not have access to your token or phone. Remember, don’t authenticate sign in attempts if you are not attempting to sign in.

4. Watch Out for Phishing Attempts

You can also keep your accounts safe by being mindful of phishing attempt and social engineering scams.  Whether it’s a suspicious email that redirects you to a sign-in page, or an email attachment trying to install malware on your machine, avoiding phishing emails can ensure you don’t accidently provide your password to an illegitimate website.  If an email makes your heart rate jump or asks you to act immediately, you should take a moment to think about what it is asking you to do. When in doubt, throw it out. You should always report suspicious emails to your IT department or email provider. It could be someone spoofing an email account in your organization or using social engineering to get additional information from you. Some phishers will also take advantage of autoreplies to external senders to gather more data about you and your organization.  If you believe your account has been compromised, notify your IT department immediately and then take the necessary steps to change your password and verify MFA is enabled and working properly. This can prevent your account from being used maliciously to get more information from your organization.

We trust that these tips will help you to keep your accounts more secure. Create unique, complex passwords for each site you use.  If one gets compromised, it will not affect the other sites you use. Use a password manager to securely store your passwords. You can also use password managers to test how complex your passwords are before you use them. Utilize MFA to ensure that only you are accessing to your accounts.  Finally, be aware of attempts to steal your password or other personal information that could be used to compromise your accounts.

About the author

Andrew is responsible for addressing complicated tasks involving the deployment and support of computer hardware, mobile technologies, and software on various platforms. He researches, diagnoses, and resolves day to day technical problems involving a wide variety of computer technologies and peripheral devices.  His experience includes handling technical calls for supported applications and hardware while partnering on assignments with other staff. He supports and executes projects including domain migrations, server upgrades, and infrastructure upgrades. He maintains the windows deployment environment and software repositories for computer imaging and manages active directory and apply computer policies in a hybrid environment. He develops customized solutions and automate tasks using PowerShell scripts and other programming languages.