Security has been one of our top priorities in building and supporting websites, and we all know that keeping passwords secure is a big part of that.
Secure passwords are the critical front line of website security. Bots are out there constantly trying to get access to your website to insert malicious malware or harvest personal details. Some attempt to ‘brute force’ guess multiple combinations until they get the right one, others attempt to login using passwords leaked from previous data breaches.
The recent Godaddy hosting breach highlights the need to use different passwords everywhere, in case one app is compromised. (and also why you should avoid using cheap, and less secure, hosting providers.)
There are 2 main parts to safe password practice: Using & storing secure passwords, and sharing them securely.
Here are some of the things you could do to keep your passwords safe even before wanting to share them with people you trust:
This is a problem that we have wrestled with for a while. There is a balance to strike between convenience and security. We use Lastpass, but not all of our clients do and even the ones that do are unable to share into our teams account. Sharing only works person to person.
So a lot of the times over the years we have shared passwords via email. While this is not an issue most of the time, it is possible for emails to be intercepted as they travel through the networks and for those login details to be extracted and abused. The chances are low, but it is a risk.
Other things we have tried include access-restricted cloud docs. But this is not as convenient and can have other problems.
But recently, with the help of a good friend from IntegratePro, Dave Wooding, we set up a safe method for our clients to send us their access details using a one-time secured link.
A one-time secured link works by encrypting the data saved into it with rules that allow the data to be decrypted only ONCE via the link provided. After the link is opened, the data self-destructs like a James Bond secret message.
Securedlink.co is the page we have created (with the help of Dave Wooding) where you can save sensitive information stored secretly behind a one-time secured link. The only people who will know the content is of course the sender, and the receiver that opens the link for the first time.
It is safe enough that even we, TunedWP, who set up this page don’t have access to any of the data other than via the one-time link.
The only way to access the data once saved is via the link and after it is opened, it is destroyed. Also, if it is not opened within 7 days it will be destroyed anyway.
How it works is quite easy and simple. Here are the steps:
We suggest informing your receiver right before sending the link to make sure to securely store the content as soon as the link has been opened. The link expires after clicking so it won’t ever work for anyone again.
We created this for use with our clients, but it is freely available for anyone to use.
If you need help keeping your website secure, get our performance experts to perform a Performance Audit. With this, we will also check your website’s Speed, Design, Sales Funnel etc.