Password Management Practices
– Flare is Secure but is Your Password?

You’d think that after years of news about Internet security threats, identity theft, hacked account, and cybercrime in general, that the public would have become savvy about password management practices. Think again. In 2015, Splash Data announced its list of worst passwords collected from 3.3 million passwords leaked in 2014.

The top 5 most used leaked passwords were stunners:

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty

See the full list here.

Who’s to Blame?

While many would point their fingers at users creating those passwords, it’s just as shocking that the website they created an account on allowed them to use a weak password in the first place. There is a paradox at work here. Enforce uber-strong passwords and user accounts are more secure, but the site may get fewer signups. Thehackernews.com put it best:

The problem is that website operators are faced with this paradox of security versus usability. If they enforced a minimum of 30 characters they’d be enormously secure… and have no customers.” – Password Security – Who’s to Blame for Weak Passwords? Users, Really?

An Online System is Only as Secure as Its Weakest Point. Is it You?

If you are still using your birthday, your dog’s name or some other easy to remember password, you may be the weakest link in the security chain. Flare cloud accounting follows stringent security practices, and enforces strong passwords that must be at least 6 characters and contain at least one uppercase letter, one number, and a special character. If incorrect passwords are entered repeatedly, you’ll be locked out of the Flare system, and, if your computer is idle for 10 minutes, you’ll automatically be logged out. Even though our password policies help keep you secure, following personal password management best practices is the key to securing your online accounts.

Safe Password Management Practices

The best defense is a good defense. Passwords should be just that. Following some simple rules, you can learn to defend your account logins against baddies.

Do:

• Use a password that is at least 6 characters that uses at least one uppercase letter, one number, and one symbol character. The longer your password, the better.
• Create a unique password for each website you register an account with.
• Many people suggest using an easy to remember pass phrase from an obscure sentence of your choosing, such as “I like to eat pizza twice at 6” which could be turned into the following password: “iL28p!zza2W!ce@6”. This 16-character password won’t be guessed easily by brute-force password guessing, but, it doesn’t help much if you follow the best practice of creating a unique password for every website account you have. You’d have to create a unique and memorable sentence for each website and remember which characters were uppercase, which letters were turned into symbols, and which words were turned into numbers etc.Use a random password generator and safe
  Random password generators are the best way to maintain the security of your online accounts. You’ll never remember the password you generate, and, that’s part of the point. The password is obscure, long, and very difficult to guess.That’s okay, you log in to your password safe with a master password (you’ll have to remember that!) and all of your passwords are stored in one place.Check out PC Magazine’s article Best Free Password Managers for 2016.

Do not:

• Use dictionary words.
• Use passwords that contain all letters or all numbers.
• Use a password that is less than 6 characters in length.
• Use any personal information in your password such as all or part of your name, your date of birth, address, phone number or any other personal information.
• Share your password in any way including verbally, by email or text message.
• Write your password down.
• Keep passwords in files on your computer or smartphone (e.g. spreadsheet, Word doc, notes).

While password management can be a hassle, it doesn’t have to be. If you are determined to create and remember all of your passwords, remember the rules above. The best option is to create passwords you can’t remember, but that a password safe remembers (and stores securely) for you.

About Flare

Flare is online accounting software for small businesses and freelancers. Flare has everything you need in one place: bookkeeping, invoicing, expense tracking, financial reports and statements, automated bank reconciliation, budgeting and more. In addition to these daily-use features, Flare’s financial dashboard provides at-a-glance financial performance metrics that can help you understand your business finances so you can take action to increase profit.