Today’s average computer/Smartphone user’s routine is a series of logging in and logging out of different websites and networks: your WiFi, bank account, Amazon or your PC at the office, just to name a few.
The IT admin’s intention is not to torture our users with requirements on password. On the contrary, most IT professionals will plead for users not to use simple passwords or write these passwords in a visible place (like keeping your passwords under your keyboard or mouse pad). Hackers will check there first.
Some password dos and don’ts: Passwords to stay away from are Password, Shalom, Peace, 1948, 123456 and your children’s names. I know this might make readers upset but passwords are in place to protect you and your sensitive data. Hackers will attempt to use those passwords first. Sharing your password that you use for everything with your children is not recommended.
An IT professional’s trick is to add some symbols to a usual password, like Shneur123 could become $hn3ur123; easy to remember and effective.
The Google Chrome browser can store your passwords within the browser’s cache. The only concern is, at times, Chrome needs to be cleared and there goes your passwords. Hackers will phish your passwords from the cache. Too many tears happen when clients clean up Chrome and find all the passwords are gone.
The one software that I recommend the most is LastPass. I was turned on to this product by a client, Rabbi Adam Haston, the director of operations at Westchester Torah Academy in New Rochelle. (Most IT people will admit that they will learn great tips sometimes from their own clients.)
What makes LastPass unique is there are many options for how to save passwords, how to share passwords with others, and some great enterprise options. Find it on Lastpass.com, and it’s available for the PC, Smartphone and Tablet. Once you log into your account, you will have all of your passwords available to you. LastPass will auto log on to the websites you frequent the most. You can opt out for auto logon. LastPass will also safely fill out those annoying forms for you. You will need to create profiles, so you can include a credit card. Lastpass will ask you if you are sure you want to autofill the credit card info.
Once you visit a site, LastPass will prompt you to save the site or not.
At first glance, it would seem that any program that saves passwords in one place would be dangerous. LastPass needs a strong password to get into your list of passwords. The entire file is encrypted; this is actually safer than any browser or what most people do, which is make some spreadsheet on their desktop that says “my passwords.”
LastPass also has options of two-factor authentication. For example, in the same way that one can have one’s Gmail sign on with a two-factor authentication, every time your log on to your email a text is sent to your Smartphone. This method is also known as a key fob. When you launch the Google Authenticator app it gives you random numbers that you add with your Gmail password. This is a bit tedious, but very safe. Probably hack proof.
LastPass has Google Authenticator as a two-factor authentication and many others. This would secure your LastPass account one step further.
Another feature: LastPass will audit all your username and passwords and make sure that you are not reusing the same password.
What GCG has used the most is the sharing feature. Let’s say we have a vendor where all the engineers need to log in daily. Once the LastPass password is saved you can share it with your coworker. There is an option where the coworker can see the password or it can be with the asterisks.
Passwords are something people should take seriously. People become complacent and figure, “Who wants my passwords?” But the world is all digital and we need to be vigilant.
Something that I do every clock change is swap out my passwords. And remember: It’s all for nothing if one keeps a yellow sticky on their monitor with their password clearly listed.
If you have any questions or comments, Shneur Garb can be reached by [email protected]. Shneur is the CEO at The Garb IT Consulting Group in Teaneck, N.J.
By Shneur Garb
