If you use the same password for multiple systems—online shopping, email, your company’s cloud bookkeeping solution, etc.—you are not alone.  The best password is unique, yet even Facebook founder Mark Zuckerburg did that.  And in 2016 his LinkedIn credentials were compromised in a major breach.  That gave hackers access to his Twitter account, too, because the passwords were the same.  The former general counsel for one of our clients did is too, before getting phished in 2017, even though it was expressly forbidden in the policy manual.

The fact is, with just one user password, hackers can often break into multiple applications and systems.  Your whole business can very quickly be put at risk.  That is why a good security practice is to have a different, strong password for every account.  A breach will be isolated to that account, and the fallout will be much smaller and easier to manage.

Be extra protective of your sensitive accounts.

When it comes to ultra-sensitive accounts like company servers or your banking apps, make extra sure the password you use is not one you have used anywhere else. Banks usually have strong security measures, but even those will not protect you if someone tries a password you have used somewhere else, and it works. The consequences could be disastrous.

Email is another big one to safeguard—work and personal. If someone gets into your email, the potential for damage goes up exponentially. They can send out phishing, ransomware, or other malicious attacks to any or all your contacts, and they will seem legitimate because they have come directly from you.

Be unique and strong

Of course, in addition to being unique, your passwords must be strong, too.  At a minimum, that means making each one long.  Pick one with at least eight characters, but the longer the better.  If you can use phrases of multiple words instead of a single word, that is even better still. (And for goodness’ sake, do not use “password”.)

Why don’t more people use unique, strong passwords for every account?  Usually because they feel it is too much work.  If you have dozens or hundreds of accounts, having a different password for each one might seem like a royal pain.  And long, complex passwords are hard if not impossible to remember.  Fortunately, there are solutions to help manage passwords for you, so your brain (or an insecure notebook or spreadsheet) does not have to do all the work.  Having the right tools is just as important as having the right practices in place.

TSI Password Manager

Going back many years Tekmar has made password policies central to our IT Blueprint.  A key component goes beyond adding reference in IT policies and procedures.  Use a modern password manager.  We recommend TSI Password Manager.  If you would like to learn more about how to manage your passwords, let us know.  And watch for our next blog on how you can add extra security by changing your passwords periodically.

TSI Password Manager secures your new password records are input to the internet browser on your computer. From there they are protected in transit by 2048-bit RSA keys, and at rest using over 300 different rounds of 256-bit symmetric encryption, with six different randomly generated keys. Your unique encryption key (organization key) is the final step in unencrypting your data for view within the browser.

Easy as 1,2,3.

ORGANIZATION KEY

Two of the encryption keys used are unique to each password record, and one of the encryption keys called the Organization key is created and stored only on the server side. This encryption key is never stored or maintained anywhere except within the TSI Password Manager infrastructure.

PASSWORD AND

PASSPHRASE TRANSMISSION

All inbound and outbound data communication traffic with the TSI Password Management happens over TLS

1.2 using 2048-bit RSA keys to ensure the protection of your data in transit.