It was confirmed today that the popular business social networking site LinkedIn was the victim of a hacker, with up to six million passwords compromised.
As LinkedIn users around the world scramble to change their passwords (and if you use it, you should change yours), it's a good time to reflect on some useful tips for managing your passwords.
1. Don't use the same password for everything
Most of the time, you won't find out that your password has been compromised until well after it's been used fraudulently. So it pays not to use the same password or PIN number for everything regardless of how secure something is. And never write your passwords down. If you follow this rule and a password gets leaked for any reason, then you aren't exposing all of the other places you use this password.
2. Make passwords complicated but easy for you to remember
One way you can do this is to remember a phrase that is personal to you and then use a system, also only known by you, to add in numbers and/or symbols. The more complicated your password, the lower the chance that an automated bot could get access to your password and start snooping around your admin. It also stops an angry contractor or ex-employee trying to guess your password and cause havoc.
3. Long enough to be hard to break
Microsoft recommends that passwords be at least 8 characters in length. That's a minimum, and password cracking techniques get smarter by the day. So we recommend you go even higher - as long as you can remember is a good rule of thumb.
4. Change your store admin passwords often
It's a pain to do, but you should change your passwords on a regular basis. Don't cycle your passwords around, changing between two passwords every time you change them. If you did this and one of your passwords became vulnerable for any reason, you could be vulnerable to an attack when you change your password back to this. Every time you use a contractor you should assign a separate login to them, and delete their login when they finish work in your website. If you want a log of what they've looked at, submit a support ticket to us and we can trace their activity in our server logs.
5. Use solid anti virus and firewall software on your local computer
Protecting your computer will stop "keyloggers" and "spyware" software from spying on you entering your password and then entering it manually to gain access to your website admin - or worse still, your Internet banking account!
Password security is exceptionally important for your store. Your admin holds personal customer information and as a business owner it's your responsibility to maintain that information with integrity. We do our bit from a server perspective, but it's up to you to make sure that your business policies are security aware.