Tuesday April 11, 2017

Taking Control of Passwords: Protecting “High Value” Accounts

In February and March we talked about creating extra-strong passwords. And way back in January we categorized our computing accounts based on the kind of information stored there. This month, we put the two together.

Our action item for April: Equip your high-value computing accounts with strong passwords. Remember: “high value” accounts include financial, tax, healthcare and government accounts that likely have direct access to our financial or sensitive personal information. And, while you’re at it, see if those accounts offer 2FA, since they store the data we *most* want protected.

Cartoon showing a boss reciting an extremely long password to an employee. The employee then says: Maybe I'll let you type your own password

Once your high-value stuff is properly passworded, you may wonder “How often should I change this extra-strong password to a new extra-strong password?” Great question.

Here’s the deal - changing a password limits the time your account info is exposed if your password gets cracked. 2FA adds an extra layer of protection: if your password *does* get cracked, a hacker still needs your second factor to do any harm.

So if you’ve applied a long, complex password and the account allows for 2FA protection, you can keep that password for a good, long time (a year or even two is totally reasonable). But if you can’t add 2FA, keep a regular eye on your account activity for anything suspicious and change your extra-strong password at least annually.

As a heads-up, we’ll spend the next few months talking about Password Managers - what they are, which ones seems to work well, that kind of thing. Stay tuned.

Previous Post

Next Post

Suggested Links

Social Media