HOW TO: Protect Your Company’s Passwords

July 01, 2011 by Christina Warren 53

This post originally appeared on the American Express OPEN Forum, where Mashable regularly contributes articles about leveraging social media and technology in small business.

It’s almost impossible to understate the importance of having and using strong, secure online passwords. As important as it is for consumers to heed this advice, it can be even more important for businesses to use and secure the passwords of their various accounts. As tools like Firesheep have shown, gaining access to an email or Facebook account can be alarmingly simple.

Fortunately, there are tools and precautions companies can take that will help simplify the process of keeping passwords safe and protected.

Use Unique Generated Passwords for Different Accounts

No matter how often we’ve been warned, the reality is that most of us use the same password or group of passwords for all of our major accounts. At first, this doesn’t seem too bad — especially if that password is a unique and long mix of numbers, letters and cases. The problem with using the same password or group of passwords, however, is that if one account is compromised, other accounts can follow.

This is especially true for users that associate an e-mail address with an account. When Gawker Media’s web servers were breached last year, thousands of commenters had their usernames, passwords and e-mail addresses exposed. As a result, some of these users had their email, Facebook and Twitter accounts compromised as well.

For business accounts, using a separate, unique password for each major service — and making sure that none of these passwords are the same as those associated with personal accounts — is essential.

Good password management applications typically include a password generator, however, websites like Strong Password Generator are great in a pinch. Using more than 7 characters is a good idea, but be sure to check with your application or service for rules associated with the use of special characters.

Password Management Tools Are Your Friend

One of the primary reasons individuals reuse the same passwords is because keeping track of 100 different logins is difficult, if not impossible. This is where password management applications become crucial, especially in a business environment.

In the past, I’ve written about password management apps for Mashable and here are a few of my favorites:

1Password: 1Password is a solution for Mac OS X and Windows that allows users to not only store their passwords safely, but also access those passwords from within their web browser. That means that rather than relying on the built-in password manager, a user can use 1Password to fill in logins instead. These logins are protected by a master password, and Agile Web Solutions also makes an iPhone and Android app for accessing and securely logging into websites while on the go.

1Password starts at $39.95 for a single license and is $59.95 for a 5-user license.

LastPass: LastPass is a cross-platform password manager that works with all major web browsers to securely store and generate passwords. LastPass also has an Enterprise option for businesses that includes support for applications as well as websites.

LastPass Premium is $12 a year for individuals and starts $24 a year for Enterprise customers.

Passpack: Passpack is a tool designed for teams and businesses that want to make passwords accessible without making them insecure. What we like about Passpack is that it lets users store their personal and work-related passwords in one place, but then choose who has access to what passwords. Plus, Passpack makes sharing passwords secure and also makes it easy to update or change group passwords in bulk.

Passpack for departments and workgroups is $4 a month.

Use HTTPS Logins

Beyond just using unique, secure passwords and password management tools, it’s also important that businesses use secure logins, especially when accessing web services from outside of a corporate network.

In the last few months, a growing number of websites, including Twitter, Facebook, Gmail, Foursquare and HootSuite have started to implement HTTPS as a login option. Using HTTPS, logins are encrypted over the network. This means that even if the network itself is open, the password and username to your account isn’t visible to those sniffing the network.

Turning on HTTPS as a default login option in the web services that support it is a good idea for all users, but it makes even better sense in a corporate context.

Feel free to share your password protection tips in the comments.

Leave A Reply