Once you have your practice email, social media, business listings, and other accounts in place, you'll want to think about how you're protecting your passwords. To ensure your data is safe, we wanted to share some password security risks and tips to avoid them.
Top password security risks:
- Phishing: Attackers send emails purporting to be from reputable companies to trick users into providing personal information such as passwords.
- Weak or Reused Passwords: Reusing the same or similar passwords and weak passwords makes it easy for cybercriminals to crack the password and access all of your other accounts.
- Brute Force or Cracking: Cracking is a method that involves using software or automated tools to generate billions of passwords. Cybercriminals then try each of these passwords to try and access a user's account and data. Brute force is when the attacker tries a combination of numbers, letters, and symbols until they find a password that works.
- Password Recovery Systems: Most online accounts or applications have a password recovery system. Unfortunately, hackers can use this same system to attempt to get into your accounts.
Ways to protect your passwords:
- Education: Educate your team about cybersecurity to help defend your practice(s) against common cyber attacks.
- Implement a Secure Password Storage System: A secure user password storage system is a crucial way to prevent passwords from being obtained by cyber attackers. For example, try using a password vault or password manager to help generate strong passwords for you, combat the reuse of passwords, and ensure the safety of your passwords. We suggest using either LastPass or 1Password.
- Use Multi-Factor Authentication (MFA): This requires users to present various types of evidence to authenticate themselves on a system or app, whether it is a PIN, security questions, text message, phone call, etc.
- Choose Strong Passwords: Strong passwords should include a combo of upper and lowercase letters, symbols, and numbers. The goal is to have a unique and complex password.
- DON'T Send Any Passwords or Login Info via Email: Email is not a secure form of communication. It is not encrypted and emails are often stored in many different places. Copies may exist even after deletion. The best way to share passwords is verbally (via the phone or in-person), sending them through an encrypted email source, or using a vault to store and share login information.