5 Things to Teach Employees About Password Management
Managing all your online passwords can seem like a full-time job. As an IT manager, teaching employees how to manage their own passwords and security properly is even more of a challenge.
The key is to educate employees about the importance of proper password management early on.
Morgan Slain is the CEO of SplashData, the developer of a password-management solution for smartphones and personal computers, offers five tips on proper password management and protection.
- Never click on a link in an email you receive from Facebook, PayPal, a bank, or any other kind of financial institution, no matter how urgent the message seems or how authentic the email appears. Hackers are getting extremely good at creating fake email messages and fake websites that look just like the real ones but are really traps designed to trick you into entering your username and password. If you receive a message from any site asking you to do something and you think it might be a legitimate request, log in to that website the way you normally would -- open a new browser window, type in the URL directly, and only then enter your username and password.
- Use a secondary, "alias," email address for signing up to new services. Only use your primary email address for websites that you really trust. Be sure to protect access to your primary email address as best you can, since thieves can use your email account to reset your passwords on many websites.
- Use secure passwords of eight characters or more, preferably with some different kinds of characters. One way to create secure passwords that are easy to remember is to use short words with spaces in between. For example, "eat cake at 8!" or "car park city?" If the password field doesn't allow spaces, use the underscore character (e.g., "car_park_city?").
- Don't use the same username/password combination on multiple sites or applications. Many websites do not protect usernames and passwords adequately, and thieves will obtain this data from their servers and then try the username and password combinations on more-valuable sites and services like email services, online banks, and PayPal.
If you're having trouble remembering all your different passwords, try using a secure password manager.