Learn How to Manage Your Passwords Better

The digital password was invented in the early 1960s by Fernando Corbató, a retired professor emeritus of MIT when he pioneered the ability for multiple users to access computers at the dawn of the computer age.

 

input-with-lock password

 

As a digital marketing agency, we manage a lot of passwords! Not only do we have our own agency passwords but we are tasked with managing our clients’ websites, hosting, DNS, and social media channels times a hundred!

As you might imagine, that is a lot of passwords to keep track of.

We used to use a custom application for storing this information but a couple of years ago, we migrated over to a secure password manager for the team, and it has transformed our “password hygiene” and management. Some of the bigger players are 1Password, Dashlane, LastPass, Keeper, Sticky Password, Blur, EnPass, and Master Password. There are even more vendors to choose from. Any of them is probably better than the sticky note you keep under your keyboard or your daughter’s name plus her birthday.

 

password app-logos

 

When you manage a web property and social media channels, the last thing you want is some hacker coming along and ruining your hard-earned brand equity.

This can happen via multiple channels, and we’ve blogged about website security a lot, but your password is the key to the front door. I can’t tell you often clients hand over passwords to us that are obviously a dog’s name and someone’s birth year. Or “bestgolfer1!” We usually will generate a strong password, super long with symbols and characters, and the clients will change it to something 6 characters long that they can remember, which, need we remind you, is ridiculously easy to break?

You can test your password strength on various websites, such as https://random-ize.com/how-long-to-hack-pass.

So for example, according to this password testing site, “Karma” can be cracked in 24 seconds.
“Karma24” would take about 2 days.
“Karma2019” would take about 2.5 decades.
“Karma20192001” would take nearly 40,000 millennia, but don’t discount the possibility of smarter algorithms, AI, or quantum computers in the next decade.

Time-to-decode password

 

However, if you can remember your password, it’s probably too simple, unless it’s a phrase or sentence. Throw in symbols and make sure it’s long for extra strength. Make sure you’re not using a password for more than one thing. Each item you use regularly that requires a password should be assigned its own unique, dedicated, strong password.

Another issue we find is clients have no process for managing passwords as an organization, and no one seems to have the password to the DNS, or the hosting, or the Google Analytics… which severely hampers our ability to help with marketing and deployment. Many of our clients are professional services firms and they are not focused on these technical details. They lack a dedicated keeper of the keys and so no one person on their team seems to know where or what the passwords are. Or the person who owned the GA account has left, but it’s still tied to her email address.

People_key_computer

Even the managers of the 2020 U.S. Census “lost” access to an admin credential recently, according to the New York Times.

“Access credentials for an account with virtually unlimited privileges had been lost, potentially allowing a hacker to view, alter or delete information collected during recent field tests.” – July 3, 2019.

Do yourself a favor, before you hire us, and do a password inventory. Make sure you know the passwords to everything technical:

  • Website hosting
  • DNS
  • Google Analytics
  • Email Marketing tool
  • Social media accounts
  • Website CMS
  • Cpanel / SFTP
  • Other technical tools you may use

Next – test them and make sure they work! If not, do a password reset. Make sure the email addresses they’re associated with are generic, like info@yourcompany.com or that the person whose email is tied to the account, is still on staff! And make sure that if that person leaves, that a manager can reset that email account and gain access to it easily.

Finally, make sure that your passwords are strong! No more “Karma1985.” Do not re-use the same password for multiple accounts! The top 100 worst passwords of 2018 are as bad as you might expect. The #1 worst password is “123456” followed up by, shocker, “password.”

Here are the 25 top worst passwords of 2018:
worst-passwords-graphic
123456
Password
123456789
12345678
12345
111111
1234567
Sunshine
Qwerty
Iloveyou
Princess
Admin
Welcome
666666
Abc123
Football
123123
Monkey
654321
!@#$%^&*
Charlie
Aa123456
Donald
Password
qwerty123

If you’re not sure how secure your passwords are, you can check on the website Have I Been Pwned to find out if your credentials have already been compromised. If they have, implement a stronger password immediately. In 1password, you can run an audit on your passwords and it will indicate which of your passwords are too weak, so that you can use its internal password generator tool to set new, stronger passwords and store them for later retrieval. If you want to adopt a strategic system to manage your website and all the associated passwords, contact us.

Rachel Panush
by Rachel Panush
Rachel is the Senior Lead Project Manager at Executionists Inc. in Marina del Rey, CA.
Posted: August 11, 2019