We work in the maritime industry, so we're exempt from high-tech mumbo jumbo, right? Yeah – not so much. Long gone are the days of filing cabinets, writing personal boater information on post-it notes and in notebooks, or having every computer log-in in the office be "Marina."
Here are the top four tips from Dockwa CTO (and resident IT security expert) John Nagro rattled off when I asked what his password advice would be for marina managers.
1. Password basics
Don't reuse passwords and don't share passwords. At a marina, this means:
- Don't use one shared password for all of your office computer logins
- Don't use one password for each public terminal you make available for boaters
- Don't share passwords via email or text
- Do give each employee his/her own office computer login
- Do require that employee passwords be longer than 14 characters, and include capitalized letters and symbols
2. Even more basic basics
It can feel more efficient to reuse the same password or password elements, but locking down or shutting down accounts because they've been hacked is decidedly not efficient. When a security breach happens at one business, whoever has your password there can try it and its variations in all of your accounts.
- Don't use things like months and years, names, or birthdays together, as they are easy to guess
- Go for length over complexity; combine words to make phrases if you need – whatever gets your password to more than 14 characters
- Don’t use any variation of the word password
3. Keep passwords strong + corralled with a Password Manager
While you're creating a brand-new, 16-digit password for every (yes, every) website you log into, remember: no one's asking you to remember them all.
Password managers – vaults in which you can store the keys for your digital identities – exist to make life in the secure world stress-free, and will not only keep your logins in one secure app, they also suggests secure passwords, which let you opt in or out of using caps, symbols, and words. Password managers are
Here at Dockwa, we use 1Password, which I love for a few reasons:
- 1Password stores my work passwords separately from my personal passwords, and allows us to have a shared "vault" of communal passwords.
- If someone else in the company needs a shared password (ex: to chime in on an Instagram DM conversation) they can grab the password that way rather than me rattling off 20 digits or pasting the password into an email, which then makes the password unsecured
1Password generates unique passwords for you according to your preferences, and will keep you advised as to how strong or weak each password is. You can log in to 1Password via mobile or your desktop browser, so once you've saved a password in one place, it's quick to fetch it from the other.
4. Double-down on security with 2factor auth
As per our resident security expert: Use 2factor auth where you can. What is 2factor auth? Wikipedia has a great summary:
Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users' claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.
So when your bank asks for your login and then makes you select the picture or icon you chose upon setting up your account information to verify that it's you, that's 2FA. You can learn more about 2FA and which websites require it at twofactorauth.org.
Stay vigilant: any website that imposes a character limit or otherwise prevents you from creating a strong password should be treated with skepticism.
5. Monitor like you do Ch.16
Whether you choose to remain vigilant about protecting and varying your passwords, keeping an eye on them will empower you to take action if your information is part of a data breech. John recommends the free service haveibeenpwned.com to monitor whether your email(s) have been compromised.
By: Becky at Dockwa
Published on 5/2/19, 11:42 AM