Website Security Pillar 2: Develop Good Password Habits

It's Website Security Week around here, in honor of Cybersecurity month this month.

We're talking about the five pillars of website security, and today is the second pillar.

Pillar 2: Develop good password habits

Passwords are like flossing - everybody hates them, including me, and their pesky sidekick, two-factor or multi-factor authentication. But passwords and the related authentications are necessary to protect your online health, just like flossing your teeth is necessary for your physical health.

And like flossing, you CAN neglect using good password habits, but it will likely catch up with you eventually.

What are good password habits?

All the usual advice - make them difficult, change them often, don't reuse them across websites, and don't use personal information that is easy to guess.

All of which take a lot of time and hassle.

That's why I use a password manager, because it makes it much easier to generate passwords and keep up with them.

Because y'all. I have 468 entries in my password manager Even a notebook is a pain to keep track of that many.

(But if you insist on a paper copy - an old-fashioned address book where you enter passwords alphabetically is a good way to organize them.)

Pro-tip: date your passwords, and if you unsubscribe or shut down an account, make a note of it, including - you got it - the date you shut it down. Overkill? Maybe. But it's my most-wished-for item when I look at my passwords.

Password managers

So yep, I recommend using a password manager. They generate complex passwords for you and store them, and some will fill the passwords in for you when you log in to various sites.

Some password managers even make it easy to transfer information if needed, although I prefer to give account access via added user access when possible.

And they store your passwords for you so you can access them any time from any browser or using the app on your phone or tablet.

For password managers, I have used LastPass and 1Password and recommend either one.

Two-factor authentication

The extended version of having good password habits is to use two-factor authentication.

Two-factor authentication, or 2FA, requires you have another method of authenticating your credentials besides your password - thus, two factors.

Sometimes accounts have the even-more-compex multi-factor authentication, where you need MORE than two forms of authentication to log in.

2FA or MFA keeps your account safe in case your password is compromised.

Most 2FA systems I've seen use an authenticator app, a text, an email, or a phone call to verify your identity.

I know, I know 2FA can be a pain - you have to go get the text or email or use the authentication app, type in the code, and finally access your account. But the safety that extra authentication offers is usually worth it.

(Like everything else, there are situations where 2FA is probably not the best choice. You have to balance the safety versus the hassle and decide how critical it is to protect your information or access.)

And sometimes, 2FA makes life easier.

Here's an example - a while ago, before I had 2FA set up for my Facebook account, I tried to log in while we were on vacation. But Facebook recognized that we were in a different location than usual and locked me out.

Since I didn't have 2FA set up, Facebook didn't have a way to verify my identity. So I had to wait until we got home to get back into my account. (I don't keep the app on my phone.)

I have 2FA in place now so that I can verify my account and log in even if we are out of town.

Recap for this pillar of website security: take the time, do all the things we know we should do for good password practices. And use two-factor or multi-factor authentication whenever possible.


Links to the other pillars of website security:
Website Security Pillar 1: Know Your Information
Website Security Pillar 3: Keep Your Software Updated
Website Security Pillar 4: Keep Good Backups
Website Security Pillar 5: Limit Access to your Site


Leave a Comment