close

The Best Practices & Procedures for Staying Digitally Safe & Secure

We’d like to introduce everyone to Jin Kim. He is 1R’s digital safety and protection guru, also known as our VP of IS.  Whether you’ve met him or not, Jin is behind the scenes making sure all our clients’ sites are safe, secure, and stable.

In the eCommerce world, we are constantly logging into back-end systems that require a username and password. Jin is here today to share some of his tips and tricks for creating, storing, and sharing credentials to avoid unauthorized access.

Rules for creating a safe password:

1. Avoid using dictionary words, personal information, and common sequences.

2. Use special characters.

3. Consider using passphrases. They are easier to type (e.g. Sally5-Jumped-Lego).

4. Consider using the first letter from each word in a sentence, a phrase, a poem, or a song title.

5. Longer passwords are better than shorter ones.

6. Create different passwords for different accounts and applications.

7. If you have already established a password that is not strong, change it!

Tools for storing credentials:

https://www.lastpass.com/

https://www.bitwarden.com/

Sharing credentials in a safe way:

DO use one of these tools:

1. paste.1rw.us/

2. www.privnote.com

3. Share via a phone call

DO NOT:

1. Share via email or Monday.com

2. Share the same account with multiple users

Enabling Two-Factor Authentication or Two-Step Login:

1. Passwords are something you know

2. Two-Factor Authentication or 2 Step Login is something you have:

- Download an authentication app on your phone (Jin recommends AUTHY)

- Send a text message to your phone or have an email sent to your account

- Buy a Yubikey USB key

Many online services give you the option to enable 2FA so use it on all services that have that option. For the best security, use an app like AUTHY instead of a verification code sent to your email or phone.

Being Alert to Phishing Emails:

Phishing emails, text messages, and phone calls are designed to trick you into giving away your personal information. You may be creating strong and unique passwords for all of your services but Phishing tactics are designed to persuade you to reveal your secrets.

Use the STOP method:

S = Suspicious

T = Telling me to click a link, download, view or respond

O = Offering something amazing

P = Pushing you to act fast

Phish tactics look to be coming from someone you know or trust. These messages may look as if your CEO, your partner, or your best friend are sending you messages.  They may look like an email from your bank, your social networking site, credit card company, or online store asking you to take some action. 

More information can be found here.

If you have any questions on how your team can take measures to practice safe password procedures, Jin is just an email or phone call away!