The Do’s and Dont’s of Password Safety
In the modern internet era, passwords are required for virtually any feature on the web. It’s for good reason – passwords protect your information, from your bank account details to your emails to your health information. It can seem overwhelming to juggle different passwords and user accounts, which leads many people to forego effective password safety. One of the best things you can do for yourself, your practice, and your patients is to review your (and your employees) information security and practice ways to keep it from getting into the wrong hands. Here’s what to know about password safety and steps you can take right away.
As the internet has evolved, so has our understanding of what’s required for a strong password. If you created passwords for your email accounts or online banking years ago, then it’s important to know that they may no longer be secure enough. In fact, strong passwords
- Are at least six characters long
- Include numbers, special characters, and both upper- and lowercase letters
- Are randomly generated
This can seem simple, but it’s still possible to make some common mistakes. Make sure that your passwords don’t fall into these categories:
Although this might seem obvious, the web is becoming less and less anonymous. So, your information that wasn’t previously accessible can now likely be found through social media or websites where your information is listed. Using this information for your passwords can be easier to guess than you might think.
A password that relates to things like your hobbies, family members, or birthday shouldn’t be considered secure. If you do choose passwords that relate to you, make sure it’s things that aren’t personal or public information, like the last movie you saw in theaters or your least favorite food. And, as always, combine it with many different characters, numbers, and cases.
If your password is easy to remember, then chances are that it’s easy to guess. If it’s short (less than five characters) or follows a pattern, it becomes much easier for hackers to obtain. That’s because, exponentially, the longer the combination is, the more possibilities there are for any given letter, number, character, and case. For hackers, finding the right combination becomes more difficult as you incorporate more complex facets.
Although complex, randomized passwords can be harder to remember, it can be helpful to create a mnemonic device to remember it. For example, the password cR4#hQ7 can be remembered by “color RED 4 # head Quarters 7”. This ensures it has meaning to only you but still presents a strong, secure password.
Even with an extremely secure password, it can be dangerous to reuse passwords since once hackers gain access to one account, they can access the rest of your accounts. This means that a hacker could gain access to your “burner” Yahoo email account from years ago and then breach your online banking, medical records, and social media.
Make sure to use a unique password combination for each account you set up. This way, you can limit the amount of damage done if a single account is affected.
Password managers are one of the best ways for you and your employees to maintain unique, secure passwords for each account you set up. The best part about a password manager is that you’ll only need to remember the password for that account – all others can be safely kept inside and entered every time you need to login to your other accounts. This removes the need to memorize all your passwords and also makes it easy to ensure all your passwords are long, randomized, and secure.
You can use a dedicated password manager, or you can use Google Chrome’s built-in function to store your unique passwords. If you use the latter option, just make sure your practice’s device and computer passwords are randomized and secure as well.
One of the most common techniques for gaining access to your passwords and other information is through phishing scams and spam emails. These are usually designed to look exactly like an email you’d receive from entities like your bank, Amazon, or potential clients. They usually contain a link for you to click in order to complete actions like verifying your email, password, and personal information. Unfortunately, these links usually take you to falsified copies of the legitimate website where your information can be collected and used to breach your accounts.
It can be difficult to determine which emails are true and which ones aren’t, but there are a few ways to tell. First, check for spelling errors, especially in areas like the sender’s email address or URL included in the link. Spelling errors are usually necessary because scammers don’t own the right to use the legitimate company’s titles and IP addresses. Secondly, never call the phone number included in the suspicious email – instead, look up the entity’s phone number through Google and call it if there’s any doubt about the status of your account. Thirdly, make it a practice to never click on links you’re suspicious of (i.e., those you receive in emails, text messages, or from friends and relatives).
Multi-factor authorization is one of the best ways to further secure your accounts. It works by adding an extra layer of protection to your login process by sending a uniquely generated code to your phone or email (or both) every time you enter your password. This can make it extra difficult for hackers to breach your accounts since they’d also need access to your email login or cellphone. This can also signal when an outside party is trying to login into your accounts – if you receive an authorization code when you’re not trying to login, it’s a big indicator that your account is compromised.
Even with the best in online security, large entities like credit bureaus, hospitals, or banks can still be subject to hacking attempts and information breaches. When these occur, your passwords and login information can be collected and used to access your accounts, even if your passwords are secure and complex. Make sure to pay attention when you receive notice that you’ve been affected by a data breach and change your passwords immediately. Even private medical practices can be targeted by hacking attempts to gain access to medical records. There are many different services available that can alert you when your email or passwords have been leaked, so consider checking these regularly.
Another layer of protection for your passwords is changing them. Although it can seem tedious, this ensures that even if hackers do get a hold of your passwords, it’s likely not current. Consider implementing policies for changing all passwords monthly to keep your and your patient’s information safe.
Safely navigating the web and ensuring a trustworthy experience for your patients is more important than ever before. That’s why our team can help you transform your practice with secure, industry-leading EMR reporting and patient relationship management. Fill out our contact form to get in touch and learn how we can help.