Walk into the clinic and everyone recognizes your face (from the mask up, at least). Log in to a website or app, however, and your identity is reduced to a username and password. Your usernames are clearly not secure because they are usually your work email address, which may even be published on your company’s website.
🔐 This means that your password is the key to your account’s security.
About 81% of hacking-related breaches result from compromised passwords, according to findings in the 2020 Verizon Data Breach Investigations Report.
We know passwords are important, so we trade mnemonics and other tips around how to create and remember jumbled phrases like
And if you’re forced to change your password monthly, it evolves to
Ilik3p@ncakes2, and so on.
It turns out all that effort merely results in passwords that are a bear to remember (Which ‘e’ did I replace with a 3?) and still quite easily cracked by a computer.
What’s worse, our memories are taxed enough as it is, so we reuse the same passphrase everywhere. Suddenly, a data breach involving your grocery store loyalty card results in your bank account being hacked. 😰
Since many of us have shifted to remote work in the last year—taking on dozens of new logins in the process—it’s the perfect time to take a fresh look at your password hygiene practices.
🚔 What makes a secure password?
When they prompt you to create a password, most platforms will give you a list of criteria to meet. You must use a capital letter. You need to use a special character, but not that one...
Ultimately, password quality boils down to two characteristics:
- Randomness: An unpredictable string of characters you’ve never used anywhere else
- Length: The more the better, but at least 8 characters
Multiply that by dozens of logins and suddenly it feels like an impossible task. But don’t despair. Software is here—swooping in to solve the problem it created.
✅ Introducing the Password Manager
What if you could still remember just one good password, but it could somehow keep you safe instead of making you vulnerable? That’s exactly how password managers work.
These come as a program you can add to any device you might use to access your accounts (eg, computer, phone). When you need a secure password, this software generates a random one. Instead of
Ilik3p@ncakes3, it might give you something like
BBTiyM3nn^rNiez&5sWrs3. Then, your new username and password combination is encrypted and safely stored for future use.
Next time you need the saved credentials, the app will ask you to prove your identity. How?
At setup, you choose a single vault password to protect your treasure trove of secure passwords. Since you only have to remember one, you can make it a beauty.
⚡ Choosing Password Management Software
Your choices are plentiful when it comes to password managers. If you’re polling the Instinct team, you’ll find that many of us use either LastPass, Dashlane, 1Password, BitWarden, or Keeper.
Beyond storing your stellar passwords, most offer additional services, like data breach monitoring. They’ll notify you when one of the sites you use is hacked, and some will even help you promptly change your password for that service. Crisis averted!
Let’s say you’re convinced, but you’re not sure what to do about that teammate who has Password: letmein taped to the monitor.
🤝 Introducing the Team Password Manager
A team password manager uses one of the above tools to securely generate and share passwords across your veterinary team. The day-to-day mechanics for each person on the team are identical to a single-user password manager: Provide a vault password to access or modify saved credentials across any device.
The difference is the team’s passwords are all in one or more shared vaults.
Each person sets an independent vault password and gets access to the collection of credentials relevant to their role. Folks designated as administrators do the granting and can reset or revoke vault passwords for anyone on the team should the need arise.
As a bonus, keeping the whole team in the same password management system provides a simple and secure place for sharing more than just logins. You can store shared company credit card information, answers to account security questions, or even sensitive notes in most available password managers.
💡 Choosing Your Vault Password
Once you move to a password manager, here’s a pro-tip for creating that single vault password: a string of unrelated words makes a strong yet easily remembered passphrase, even without confusing substitutions.
It may seem counterintuitive, but a passphrase like
correcthorsebatterystaple could take 100,000 times longer for a computer to guess than
Not confident you’ll remember it? Write it down and carry it with you like a driver’s license or credit card. If it’s ever lost, you’ll notice! Simply change your vault password right away, and face no risk to your accounts.
2️⃣ Multi-Factor Authentication
Finally, every account you have should be set up with something called multi- or 2-factor authentication (MFA or 2FA).
This means when you try to log in to your account, whether your bank or email, once you type the correct username and password, it then asks for a secure expiring code that was either sent to your phone (SMS) or even better, in what’s called an authenticator app. You can (and should) set this up for every important account.
Check out either Google Authenticator or Authy for more information about setting this up.
Ok, Good Talk
In movies, nation-states use supercomputers to break each other’s encryption. For most of us, a password we’ve used at a dozen different websites is vastly more likely to be our downfall.
See for yourself whether a password manager can alleviate the pain that drives you to risk your online identities with reused passwords. Then, say goodbye to all those coffee-stained logins hidden under your keyboard.