Security

The Four Don’ts of Security

Saturday, July 9th, 2016

Dear Customer:

We value you.  We think you are important.  We think your website is important.  We think protecting your domain name, email account, credit card details, and your site from being hacked (or worse) is important.

Because we know how important it is, and we know how upset you would be if your website were hacked, or your domain name were stolen, we have in place some policies that are to protect you.

Yes, they can be annoying.  Yes, they can slow you down.  But, they won’t slow you down as much as a hacked site, stolen domain, or hacked e-mail account will.

And they really only slow you down the first few times you use them.  Once you get in the habit, it’s not slower – in fact, it can be faster.

So please, follow these minimum security practices:

Note: While this is intentionally written to be humorous, the message is very serious.  This is not intended to be an exhaustive list of security practices, but rather to explain why we are so insistent on a few practices that we know frustrate our clients:

 

Don’t ever ever (ever!) email username / passwords.

Email is not secure.  It’s trivial for a hacker to intercept your email, snag those important credentials, and wreak some serious havoc.  This is not just a theoretical issue – read how one of our clients nearly had their domain name stolen a few years ago.

Please, send your credentials via LastPass.  If you cannot be bothered to do so, then at least call us with them.

But please, don’t send them via e-mail.

And that goes for all electronic message methods, too.  Don’t text them, Slack them, or IM them.  While some of those are more secure than others, none of them provide the level of security that your website and domain accounts deserve.

 

Don’t ever use the same password on multiple accounts.

Do you have a nice, “hard” password that you like to use on all of your accounts? Please don’t do it.

Why, you may ask? Because when one account is hacked (and it happens), then your password is known, and all of your other accounts become vulnerable.

If you use LastPass, using hard and unique passwords for every account you own becomes simple, because you don’t have to remember passwords!

 

Don’t use simple passwords.

We’ve got an article on how to create good passwords, but to be honest, your best bet is to use a password generator such as the one in LastPass.  It will create truly random passwords (something people are just incapable of), and you can control the length.  (Length is your friend when it comes to passwords – the longer the better!)

 

Don’t trust anyone.

This one is more theoretical than it is practical, but the principle is sound: When it comes to sensitive information, such as usernames and passwords that provide access to your most important website accounts, be ultra careful about who you trust.  This doesn’t just mean the people, it also means the services you use:

  • Don’t use Google Drive to store passwords.
  • Don’t store your passwords in DropBox.
  • Don’t trust just any “password manager”.  (See why we recommend LastPass).
  • Don’t give your passwords to people you can’t explicitly trust.

How To Make a Secure Password You Can Remember

Monday, January 23rd, 2012

Many people use lame passwords because hard ones can be difficult to remember. But that is dangerous. We have helped many people who have had an account hacked due to weak passwords. Does your password make the List of most common passwords?
(more…)

LastPass Has Made Me More Productive

Thursday, May 26th, 2011

I started using LastPass nearly a year ago. At first, it was for the security reasons – it was featured on the Security Now podcast (an excellent resource for anyone in the Web or IT industry). Read More →