Security and Compliance
Security Series Part 2: Strengthen Your Passwords
Every IT asset in your firm has a shared security characteristic—it’s only as secure as the password protecting it. Unfortunately, high-profile security breaches have shown over and over again that the majority of people use the same password for many, if not all, of their password-protected applications. This creates a dangerous gateway for attackers—if they’re able to uncover your password through a single insecure website, many of the critical systems in your office could be exposed.
To protect your personal information and secure your office, you need to take steps to diversify and strengthen your passwords.
Utilize a Password Manager
The first step toward strengthening the passwords in your office is utilizing a password manager. Password managers, like 1Password or Keychain Access, provide a secure way for you to generate and store passwords for your various devices and applications. A password manager generates a different, strong password any time you need one, and you only need to remember a single, master passphrase to gain entry to your password manager. Basic password managers will secure and store passwords for a single device, while more advanced versions will allow a single user to manage passwords across multiple devices.
It’s worth noting, however, that your password manager will only be as secure as the password you create for it. To ensure security, you’ll want to create a sophisticated passphrase for your password manager. Some tips for successfully doing this include:
- Use both upper- and lowercase letters
- Mix punctuation and numbers into your passphrase
- Use a minimum of 12 characters
- Don’t use anything that’s a word, slang phrase, or acronym in any language
- Don’t include any personal information, like birthdays, social security numbers, or family names
Every time a new website, application, or device asks you to create a password, let your password manager generate a unique password for you. Store this password in the manager with the name of the site / device the password is for, as well as your username.
If a site or application asks you to answer security questions to recover a forgotten password, let your password generator create these answers, as well. Just make sure you save the questions themselves in your password generator along with their corresponding secure password (e.g., “First car make and model: 3LIF937kLN!345Jb”).
Enable Multi-Factor Authentication
Add another layer of security to your devices and accounts by enabling multi-factor authentication (MFA), also known as two-factor authentication. Multi-factor authentication is becoming increasingly available on websites and software applications, and requires you to supplement a username and password with a code that’s generated in real time and is sent to you via a separate device, usually a mobile phone. Without both your password and your unique authentication code, an attacker won’t be able to access your accounts.
Remember, a strong, secure password is the best defense against an attacker trying to gain access to your firm’s most important systems. Use a password manager to generate unique, diverse, and secure passwords for each and every account you have. Whenever available, also enable multi-factor authentication to add another layer of protection for your sensitive information. In our next security step, we’ll examine another way to improve security in your firm—strengthening access to your Wi-Fi network.
To learn more about improving security in your firm, download our latest e-book, “Building a Secure Practice: A guide for CPAs,” which offers step-by-step instructions for implementing security best practices.