Best Practices for Password Management
Look, we understand. You are tired of constantly resetting your passwords and then trying to remember that password you reset twelve months ago for an account you log in to once a year? Forget it! With the advancements in cyber security and technology in general, it is more important now than ever to keep your personal and work information as safe as possible. We all have so many passwords for different accounts it is a daunting task to keep track of them all. This is where a password manager comes in handy. Password managers keep all of your important passwords in one place, secured with one (yes, one!) super-strong password.

Examples of password managers:
  • LastPass
  • 1Password
  • KeyPass
  • Keeper
  • Dashlane

Most password managers allow you to group your passwords so you can separate work from personal or however you see fit. They also can create passwords for you to increase security. Depending on which one you choose, they may even have a web browser extension, making it even easier for you to log in to your favorite websites with the most complicated of passwords. Password managers will also help you to vary your passwords. This is important as you do NOT want to have the same password for multiple accounts. Keep your passwords long as the more characters the password has, the more difficult it is for hackers to compromise. It’s best to use passphrases instead of passwords as this adds length and complexity. Another layer of security most sites add are security questions. Again, password managers can help with this by storing the questions and answers.

Tips for password use:
  • Long passphrases
  • Include numbers and special characters
  • Unique for each account
  • Avoid any personal info in password
  • Change on a regular basis

Password managers will help you create and maintain good password habits which are essential for cyber security. The next step on the password management path is multi-factor authentication (MFA) use wherever possible.

Types of multi-factor authentication:
  • SMS Token Authentication (text message)
  • E-mail Token Authentication (e-mail message)
  • Time Based Token Authentication (cell phone app)
  • Google Authenticator
  • Microsoft Authenticator
  • Duo
  • Hardware Token Authentication (physical token)
  • YubiKey
  • RSA SecureID

Multi-factor is a critical step in password management and arguably more important than most password requirements. Combining good password management with MFA will significantly secure your cyber presence. Good security requires layers and these products provide that along with many convenient features.
For more details regarding password security, contact your trusted ACT client service representative, or email us at info@actcpas.com.