Best Practices for Passwords and Account Access

Over the past few weeks I have helped a couple of clients with one of the biggest struggles a business can face – a lost password or lost account info. While they are two separate problems, they do have commonalities and helping to prevent them can be done very similarly.

So to start, what makes a good password? You will never hear me say to just use a simple password like “password” or “1234.” A password should have at least 12 characters, using both upper and lower case letters, numbers, and symbols. Your cat’s name, kid’s name, or street name should never show up in your password. Anniversaries and dates of birth shouldn’t show up either. And for the love of everything that is pure and holy in this world – do NOT use your social security number. 

One problem we hear about quite often is a lost password. In this instance, you will usually have access to a link in case you forgot the password or need to reset it. For some situations, you might not access an account on a regular basis and might not want to save the password in the browser. At Full Scope Creative, we have well over 100 passwords we need to keep track of for our clients and various accounts. All our passwords are 12 characters long and look something like this – uYfc%4?3>5}( – good luck remembering that. To help us out with that, we use a program called DataVault. It’s a fully secured and encrypted program on a computer in the office that we can log into and use to access those passwords. If you have multiple passwords that you need to store, utilizing a secure program like DataVault could be a great solution. Do not – I repeat – DO NOT just open a Microsoft Word document and type them in there. Yes, you’ll be storing them but this method is far from being secure. 

One of our clients recently ran into an issue where a former employee had set up the business’ YouTube account. The problem was that the employee didn’t use his work email to create the account, but a personal one. That employee has long since left the company and isn’t replying to emails asking for help to grant the business owner access to the business’ YouTube channel. While it’s true that there are ways to work with YouTube and Google in this situation, all of those take considerable amounts of time. One simple recommendation is this: set a firm company policy that when setting up accounts for the business, employees or contractors must use a company email address that ownership/management has (or can get) access to. For example, when we set up social media accounts for Full Scope Creative, they are set up using socialmedia@fullscopecreative.com. When we help clients set up their social media accounts, we’ll often use an email address like that so we can always get access to it. That email address is then stored in DataVault along with the passwords.

Losing passwords or account information is never fun. Yes, there are usually work-arounds that can be used to gain access to the account – but those can take a long time and end up being very costly. Instead, utilize the steps listed here by using set email and secure password policy and store them in a program like DataVault. Doing so will help save you from countless headaches in the future.