Last weekend a client with a business that's currently relying on their website for online ordering during the COVID-19 crisis sent a panic text.
"Our website is down and we can't get any orders! Help!"
Yes, it's as if your water and electricity were cut off in your brick and mortar store.
After investigating it was simply the site had been hacked. I point the blame at very simple passwords. They were using a password for their hosting account and WordPress login that included part of their business name.
I found malware on the backend. I quickly was able to delete the files and get the site back up and running in the hour.
In today's environment, hackers are more vicious than ever. People have more time on their hands and the technology behind the scammers is more sophisticated.
I use and recommend the password manager and vault, LastPass.
For as little as "free" or recommended $3 a month, you can protect your livelihood.
The great thing about a password manager is it helps you to avoid these mistakes:
- a password with your company name within the password or username
- as password with any words having to do with your business and likely a keyword on your website
- a common password used by the world (example: password123, yes people do this)
- a password you use on all your sites/logins
- the same password you have been using since you bought a computer
- includes your child's, pet's, or significant other's name (all can be found on social media)
Here are a few things that make LastPass a must-have:
(Screenshots from their site)
1 | Add the LastPass extension to your favorite browser
This makes it super easy for you to:
- auto-fill your passwords
- generate new safe passwords for past logins (you'll never remember the very long safe passwords they create, making them highly secure)
- add new logins to your account
2 | You will create one MasterPassword you will want to remember.
It's a good idea to share the password with a family member or maybe in a safe place god-forbid anything happen to you and somebody has to handle your affairs. Just think how relieved they will be that they can help out or access your accounts in a time of need/stress.*
*There are family accounts for $1 more a month that way you can all share a vault/account.
3 | It will create a new password for every site and save it to your LastPass Vault. Avoiding repeat passwords.
4 | You'll be able to view all your saved passwords and sites in your vault.
You can add notes if needed to each item as well as organize them in folders.
5 | My favorite part is when I go back to a website I can automatically have LastPass fill my username and password for me.
It works great when you may have multiple logins for one account. I manage several MailChimp accounts for clients with different logins. LastPass gives you a dropdown of your multiple logins to choose from.
6 | A great idea once you have your account set up is to run an Audit!
This will warn you about duplicates, old, weak and vulnerable passwords. You can also run an audit based on sites that have been hacked to see if you were a part of the security breach. This is when it's a good idea to change the passwords on those accounts.
I can't tell you how much this has helped me over the past couple of years. I'm sure there are other password managers out there that work just as well. Use whatever you are comfortable with. Just do it today.
Stop using sheets of paper, sticky notes, writing on your hand, or on the wall!
And if you have ever experienced your site getting hacked or maybe you don't have a tech person/team on-call check out my post on website maintenance*.
*Website maintenance cannot protect a site that is using weak passwords for the logins or hosting logins.