“One password to rule them all, and in the darkness bind them”
Do you know the main reason why the majority of passwords are poor and easily cracked? When setting up a new account or login, there is no investment in the content of the account. It is brand new, a blank slate, void of content, personal data, or purchase history, so a quick weak password matches the value of what is in the account.
The problems come months and years later when the account is filled with your birthday, SIN, credit card information, security phrases, mother’s maiden name, and 2-factor authorization cell numbers or secondary emails. Then “123456” will then seem woefully inadequate.
For nonprofits, having secure passwords is crucial for operations. How would your organization survive if you lost access to your website. The worst case being a hijacked database and losing personal information of all your members, or your site is held ransom. But maybe you got a new computer and all your saved logins are gone. Maybe a volunteer was managing it, and they have left the organization, leaving you with no access to your membership database and not knowing how to get it reset. Or maybe your executive director is stuck overseas in lock-down and the organization needs access to their emails to send out communications to members.
So consider these three things:
- Strong password should:
- Be at least 8 characters long, but preferably longer.
- Use all three different types of characters (letters, numbers, and symbols).
- Use both uppercase and lowercase letters.
- Not follow a recognizable pattern, including words, phrases, or keyboard patterns.
- Not include references to personal information that could easily be found and used as a clue.
- Use good password management practices
- Check the security of your passwords. There are a number of online services that will rate your password, and even indicate if the string or your email has been found in hacked/compromised username-password databases. (Check https://haveibeenpwned.com/)
- Avoid using the same password for more than one service or website.
- Set a schedule to change your passwords regularly. Maybe part of your organization’s yearly social media audit in January. This could also include reviewing who is authorized to speak to your web host, or your bank. Reviewing passwords and authorized agents for your nonprofit needs to be a regular event.
- Use a password management program
- Password managers are encrypted databases that you can use to store and share crucial access information for your organization. These programs or online services allow for multiple users, automatic synchronization, alerts to weak passwords, and expiring passwords.
- Each user still needs a master password, that is super secure, “One password to rule them all, and to bind them”.
- These programs are not just for logins. You can store software license keys, add supplement information such as the key email/user that is associated with an entry, track who has access to manage your Facebook/LinkedIn pages or groups, or who is picking up shared email accounts.
- Things to look for in a password manager:
- Ability for an admin to set specific security policies, such as password length.
- Ability for an admin to take over a user’s account and remove access when a employee leaves.
- Shared folders (or vaults), to control who has access to what.
- Ability for employees to add their own personal data to the manager to make buy-in easier. One-stop-shop.
If you need assistance in getting your organization set up with a central, secure spot to manage and access key services, let us know. We can help.