For a lot of people, the Internet is not a safe place. Cyberattacks, evil hackers and eviler softwares are still part of the collective imaginary that inhabits this growing digital dimension. And even though reality is not much like War Games, every once in a while some cyberattack makes it to the news, leaving our minds uneasy. In this article, we will talk about how we, as a digital agency, handle both our clients’ and our own password security.
Password security: how to achieve it
Before anything else: having a strong password doesn’t take away the need for other kinds of safety measures.
When we open a new account on any site, and we need to first type a password in it, more often than not a sort of marker will show up, rating the strength of our password.
A password is deemed weak or strong depending on the predictability of it, which is why length, complexity and unpredictability are factors taken into account. This is why a lot of sites require some combination of characters, letters and numbers when configuring our passwords, and also why we are suggested a random combination of the aforementioned requisites.
What does a password have to defend itself against? Against a guessing or blunt force attack. Meaning someone or something is either trying to guess the password or trying every possible combination of numbers and letters with the same end.
The hardest we make it for them to succeed, the better.
How can we protect a password on the Internet?
Not so long ago, the personal data of millions of people were compromised through the biggest password leak ever in history. An anonymous user from a site popular amongst hackers and cybersecurity experts published a document with over eight million passwords written on it from all kinds of sites and services.
It seems that this occasion happened last June, was just a compilation of previous leaks, so there were no occurrences of new breaches. It was understood that most data reflected on the document was outdated by the time of its posting.
However, the magnitude of the document made apparent the vulnerability we are exposed to in the Internet when we don’t protect our passwords appropriately. So, how do we do it?
Tools to protects our clients’ passwords as a digital agency
- Wordfence. Is a firewall and malware explorer for WordPress, and one of the first plugins we install when we have access to a new project. It was specifically built for WordPress, and its features go from IDying and blocking malign traffic to the scanning for malware in other plugins, themes and files. It also offers access security through 2 Factors Authentication: an extremely safe access system that we use thanks to another complementary tool:
- Authenticator. Is an app that, in sync with Wordfence, generates a six digit code that changes every 30 seconds. To access any site with user and password, the site in question (let’s say WordPress), asks us to write the code before letting us in. The user has to open the app on their phone and type on the WP access the six numbers that appear on it for half a minute. This makes it almost impossible for any unwanted visitor to access an account if they/it don’t also have access to the six digit numbers. We also use the 2FA (two factor authentication) in other platforms other than WordPress, like Mailchimp.
- LastPass. LastPass is a password management tool that stores encrypted passwords in the Cloud. It is available as an extension and has very useful features, especially for our job. First of all, because it allows us to centralize all our accesses conveniently. Second, because we know our data is well protected, and third because we can share access info with other team members, without having to expose passwords, no matter the kind of services (social media, WordPress, Mailchimp…). LastPass works through a vault we can access directly with a master password: a combination of letters, characters and numbers that can’t be remembered by the browser.
Important preventive security measures for password security
There are some things we all can do to protect our sensible data, regardless of whether we manage a website or not. For instance, storing our important passwords in our browser is, generally speaking, not the greatest idea.
Any misplacement, loss or theft of our devices could mean giving uninvited people access to our profiles through the data stored in the browser. It is also especially important to take measures if the computer we are using is not private or personal.
How to delete a password from Google Chrome?
- Click on the three dots that open the Chrome tools tab
- Select the option “Settings” and the URL chrome://settings/ will open
- On the left menu, look for “Autocomplete”. This option has three tabs
- Click on “Passwords”, and the password settings will open
- On this screen, you will see all the passwords stored in your browser. On the right side of each one, you can click on the three dots menu and select “Remove” to erase it.
As a digital agency, we are very aware of the trust our clients put on us and our work when they give us access to their data. That responsibility is what drives us to adopt every possible measure to avoid any kind of security breach on their accounts. If you have any sort of doubt about the safety of your passwords and access to important projects, tell us all about it.