Get in touch

9 Ways to Improve Your Passwords and Online Security

If 15,000 bots launching a gargantuan 2 terabyte multi-vector DDos attack on Cloudflare doesn’t get our collective minds focussed on the subject of online security, then, well, maybe nothing will...

While a record-breaking invasion attempt of this kind might be somewhat rare, if nothing else, it does drive home the message that we can all be doing more to tighten up our online defences.

Indeed, it’s a disconcerting feeling to imagine that someone out there in the dark recesses of the internet has the potential to expose weaknesses or find ways around your company’s password systems.

What better time, then, to take a look at some of the ways in which you can reduce the chances of your business accounts getting hacked. Let’s make passwords work for you!

Ch-ch-ch-changes...

If your approach to keeping track of multiple passwords is a little, let’s say, traditional, then the idea of changing them all regularly might seem like a daunting task. Perhaps you save everything on a single document or notepad, and there’s simply not enough time in the day to manage that kind of upkeep.

Luckily for you, there’s a solution.

There are a multitude of password managers on the market—all designed to help store, update and change the vast bank of passwords you have to keep tabs on. Often they’re included free in anti-virus software, but there are also some excellent subscription-based services that offer exactly what you need. DashLane, 1Password and LastPass are some of the best in the business and provide invaluable password management for companies juggling multiple accounts.

The beauty of this kind of software is that they remember all your passwords and usually ties-in with breach services to notify you if your credentials have featured in a known hack. You also have access to password generators which suggest secure, iron-clad passwords. Perfect!

Avoid browser saving...at all costs

Simple yet prudent advice. For the love of Fernando J. Corbató—Google it—do not save your passwords in your browser.

Browsers have a tendency not to encrypt password information—leaving even the most fiendishly complex passwords vulnerable to hackers. They also don’t have the good manners to remind you to change your password regularly.

Browser operators are quick to identify vulnerabilities and potential threats, and will install security patches if you don’t regularly update your browser, but this in itself can pose a number of security issues.

Here’s a checklist of things you can do to reduce the need for browser saving:

Reduce the amount of data stored on your browser
Install a password manager
Store passwords into the password manager when prompted
Deactivate browser password saving
Change passwords every one to three months

Two-factor authentication

Something we all should be doing—and something you should certainly recommend to your clients, too. No matter how confident we are about the strength and security of our passwords, there’s no reason not to apply 2FA in your password systems.

Two-factor authentication is a crucial second line of defence after you’ve entered your password. The most common forms of 2FA are SMS or email verification—where you’re sent a unique, time-sensitive PIN to enter into the log-in page—or an app-generated code from software like Google Authenticator.

Plenty of password manager apps and websites offer 2FA in their packages, so it’s certainly a good idea to take advantage of this safeguarding function.

Discard of redundant data

Whether it’s a list of old client log-in details, a password you created to buy a one-off gift, or credentials for a company website that no longer exists, it’s a good idea to safely discard any information that isn’t being used.

This is particularly relevant if you’ve re-used a password multiple times, as a hacker might try and take advantage of these credentials that are just collecting virtual dust. Old username and password combinations can be used across newer platforms in the hope to gain access—a process known as stuffing.

Here’s another handy checklist to consider for getting rid of your unwanted data:

Close all redundant accounts—both personal and business
For those that you’re keeping, request a password change and choose a strong, unique password
Save any passwords you wish to keep into your password manager
Enable 2FA authentication if available

Keep your lists secret

While it’s not the most secure method of storing data, many people choose to store their log-in credentials and passwords onto a notepad—either virtual and physical.

This is fine up to a point, but there are few things to consider before sticking with this approach.

If you’re using a physical notepad, ensure that it is kept safely out of sight. If a tradesman were to visit your home, would they be able to cast an eye over your precious data? Do you leave it opened on your desk for easy access? If so...don’t do that. A second practical step is make sure you’re not using the same password for multiple accounts.

If you’re simply using a virtual notepad or document to C+P your details into the relevant accounts, make sure that you’re not connected to any public clouds or any other corner of the internet that might be accessible to hackers.

What happens if you’ve been hacked?

Despite all your best efforts to build an impenetrable security fortress around your various accounts, what happens if the worst happens and your system is compromised?

There are a few handy websites which can inform you whether yours or a client’s email has been hacked—and, if you do set the alarms ringing on sites like Have I Been Pwned, the best advice is to change those password lickedy-split.

Because we often use an email address as a primary account to verify or log in to other accounts, it’s vital to stay extra vigilant with your email password management. Once a primary email has been breached, a hacker can request password resets in this account and other satellite accounts.

It’s a good idea to keep clients informed and proactive with their password security—to keep a close eye on suspicious password requests in their primary email accounts.

How to create a strong, unique password

You’re in luck! Another useful checklist:

Install a unique password for each individual platform or service
Use unusual or unconnected phrases or words that have no association with you or your business
Alphanumeric passwords are fine, but it’s better to include special symbols and lower and upper case letters combinations
Instead of PencilcaseBrazil54 choose P3ncIlc@5ebR&ziL433!

The risks of social engineering and scams

The rise in sophistication of social engineering advances has made the need for ultra vigilance paramount. Dastardly breach attempts can come in all sorts of different guises. A text message with secreted malware links, a phone call to procure password information, or an official-looking email from a supposed reputable company encouraging you to offer up critical data.

It’s a good idea to be well-versed in all the different flavors of scams out there designed to hurdle password and email defenses. In general, you need to mitigate the chances of being hacked by deploying all the safeguarding techniques mentioned earlier: strong, unique passwords and 2FA are just the beginning.

Finally...take password security seriously!

It’s vital that you change your passwords often and to offer a gentle nudge to your clients to do the same. You never know when a business might fall victim to a major cybersecurity breach and put their online security at risk

If you’d like any more information regarding passwords and security for your business and personal accounts, please don’t hesitate to get in touch!

Other Relevant Resources

There's always more to learn, we recommend these blogs:

What Social Media Platforms Are Right For My Business?

Should My Business Be On Social Media?

How Often Should a Website Be Updated or Refurbished?

How to Create the Perfect Lead Generation Landing Page

Back to All Resources

Posted on November 26th 2021

Join The Mailing List

What's better than top tips, advice and special offers from Sonder, for free?!

Testimonials

Sonder are absolute game-changers! Their website revamp services are nothing short of extraordinary. I was blown away by the exceptional level of creativity and skill they brought to the table. From the very first meeting, it was evident that they genuinely care about their clients and take the time to understand their unique needs.

Griffin VA

Sonder Digital have designed and continue to host our website. They have understood very well our needs and managed to balance what would otherwise have been a pretty complex user journey. It is streamlined, concise and on brand. Their customer service is fantastic, you will always find a team member on hand to assist. We have worked with Sonder Digital now for over a year and have had consistently good service. Would highly recommend!

CitySpace London

The whole team were fabulous in helping us to pull together our vision of a new website. Great comms, professional, forward thinking and quick to offer suggestions and find solutions. We have ended up with a great looking website and wouldn't hesitate in recommending them.

Mud Mountain Terracotta Pots

I have had the pleasure of using Sonder Digital for quite a while now. The whole team seem to be able to cover every eventuality - from geekish technical stuff, design, social media and any problem that might arise. Whether contact is made by email or over the phone, their response is always speedy and they are great people to do business with. I guess the bottom line is that since using Sonder, my sales have rocketed. Definitely recommend.

Oleo Bodycare

I've worked with Sonder for around eight years, almost on a daily basis, and cannot recommend them highly enough. They are an incredible team, friendly, easy going & extremely knowledgeable, nothing is too much trouble for them, they are just an absolute delight to work with.

Sitting Spiritually of Lyme Regis