As a business owner who accepts credit cards, it's imperative that you not only protect customer credit card numbers, but you also must protect all sensitive information around their accounts and transactions. PCI Compliance can be complex, and we've written several blog posts about it. We'll address it more in future posts.
This article focuses on the most basic security step you need to take in protecting sensitive information for your customers and your business ... creating secure passwords.
Here are 8 tips for making your passwords more secure
1. Use a combination of lowercase and uppercase letters, numbers and symbols
Hacking software uses a brute force attack process by running all possible combinations of letters, numbers, and symbols (typically at around 6 million passwords per second). Using a combination of all four (including upper and lower case characters) makes your passwords far more complex because it increases the number possibilities per digit exponentially.
2. Make sure the password is long enough
According to several security sites online, a 5 or 6 character password can be cracked by hacking software in under 3 minutes. Step it up to 7 characters and it takes about 1 week, get to 9 characters and it's over 70 years! Are you feeling the sudden urge to go change your passwords now?
3. Avoid common passwords
While it may be obvious that you shouldn't do it, people do it any way. AVOID the most commonly used passwords. According to CBS News, these are the top ten common passwords from 2013.
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
4. Change your passwords regularly
You should change your passwords every 4-6 months. And DO NOT recycle passwords. For exmaple, if you use one password for your bank account now and change it in 6 months, don't reuse that password on your QuickBooks login down the road. If you do, it leaves your accounts vulnerable to hackers.
5. Use a different password for EVERY account
Are you guilty of using the same password for every online account you have? Stop! The danger here is if ONE of your accounts gets compromised, they can all be compromised. It's a hassle to use different passwords for sure, but if your business and personal financial accounts are breached, it quickly becomes more than a hassle. If client data is breached, it can be catastrophic.
6. Use a password generator
It can be difficult to think of complex passwords, so use a password generator to assist if you need to! It will create a random complex password with the right combination of numbers, symbols, upper and lowercase letters. Norton has free password generator anyone can use ... and it's a trusted site.
https://identitysafe.norton.com/password-generator
7. Do not share your passwords
Password ".txt" files, note pads with password lists, and post-it notes stuck to your monitor are not secure. If you must share a password with someone, NEVER email it to them. Email is not secure. Be certain you change your password after they have used your account and are done with their work. Even though the person you are sharing the password with may be trustworthy, the system they are logging in from could easily be infected with a virus or malware that can steal information and you would never know it until it is too late.
8. Consider using a password manager
It's no secret that changing your passwords every six months, not recycling them, having at least 9 characters with a combination of upper and lower case letters, number & symbols, and not writing it down on a post-it or recording it in a notebook makes it virtually impossible to manage and remember. Fortunately, there are solutions out there to assist you. They are called password managers. There are several on the market available at a variety of price points. Just google "password manager" and you'll have plenty of options to choose from.
We all fall victim to creating simple, easy to remember passwords, but it's a dangerous practice. Security breaches don't just happen to the "other guy" ... one day it WILL happen to you if you are not taking the proper precautions, especially with passwords.
Want to learn more about keeping your customer card holder data secure and how to ensure you are PCI compliant with your merchant account? Contact Novera Payment Solutions ... we can help (and save your business money on credit card processing fees at the same time)!
