In Cybersecurity
Managing Your Biggest Risk - Password Security | Part 2 of Computer Security Basics You Should Know - read the full article about Cyber security 101, Cybersecurity and Network security and pen testing from itGenius - Google Workspace Experts on Qualified.One
Youtube Blogger
- So Id like to talk now about managing your biggest risk in the business.
And the biggest risk for you in your business for a large company is managing the basics of password security.
You wanna make sure that the passwords in your business are well protected and away from what we see all the time which is someone having a password file, either on a spreadsheet or in a Google document or maybe its saved in a contact in your address book in Outlook.
And trust me, Ive seen it all, Ive worked with 1500 companies and over 20,000 employees and all of those businesses, and we have seen all of the worst ways for you to share passwords.
Now what most people do is theyll store a couple of passwords in their Google Chrome or, you know, Internet Explorer and it all basically kind of start collecting passwords there for you.
The other thing that people do is they will take passwords and theyll put them like in one safe password file, but Im here to tell you that there is another way.
The risk of having your password stored in a place like that is basically that when someone is looking to steal your identity or someones looking to hack your machine, that is the absolute first place theyre going to look.
Theyre gonna look through your contacts and try and find something called passwords.
Theyre gonna look through your documents for passwords and try and find places that you may have stored them.
And of course, if you have someone thats inside your business and theres the potential for any kind of malicious activity from that person, then if theyve got access to all of your passwords, they basically have a treasure trove of all of the information for your whole business and absolutely everything.
Now, there is a smarter way to do it and Im gonna take you guys through what the smarter way to do it is.
For most of us, online security is a bit of a challenge.
And I say, its a bit of a challenge because theres a theres a bit of a seesaw.
And the seesaw is between convenience and actually having decent security.
And we kind of like seesaw back and forward.
And when it gets to the point of being too difficult to start tracking all of our passwords or even remembering all of the passwords that we have, up in our mind, just off by heart, then we default to starting to dump them all into a, into that one place.
So the most basic passwords are typically, you know, your dogs name and then one, two, three and Ive seen businesses where people have them, you know, the password on their sticky note and they just stick it on the front of their computer.
And the challenge is that nowadays because we have so many different websites to access, its difficult for us to actually have a unique password for each one of them.
And what most people do is they have one password that they use pretty much everywhere.
And that one password that you use everywhere, then becomes the easiest way to hack into all of your accounts if someone gets access to just one of your accounts.
So what is the solution? Well, for us to use a effective method to actually share passwords, we need a password manager, and a password manager allows you to securely share passwords with different team members.
Now, why is this important? Well, it means because, it means that you can actually have a unique password for every account that you access.
So you can have a generated password.
You know, one of those long ones with like 20 characters and, and gobbledygook, but also with a password manager, you no longer have to actually share these passwords one by one, individually with anyone in your team.
And so Im gonna be taking you through an example of the password manager that we recommend and actually sharing with you how you can mostly effectively, more effectively share passwords with your different team members.
So the password managers that are available, at number one you have your Google Password Manager there, and Google Password Manager is basically its built into Chrome.
Its into new Google account as well.
If you have an Android phone, it can autofill.
I might believe Apple also has one as well.
So inside Apple, there is a the ability to save passwords and that saves it in Safari.
And look, I dont mind these theyre useful to store your own passwords and you can use them to actually generate your own passwords as well.
But what they dont do is allow you to share passwords with others, and because were a business and we wanna collaborate, and even if youre a solo operator, youve probably got contractors that you wanna share with as well.
Well, we wanna find ways of actually collaborating and sharing our passwords with others that are effective.
And for that our strong recommendation is a tool called LastPass.
And LastPass is not only a vault for all of your passwords.
So it will allow you to store all of your passwords.
It will also allow you to synchronize your passwords across each one of your devices so you can access them on your mobile device, and when you sign into different computers its gonna synchronize them.
The great thing about LastPass is it works across different platforms.
So it works across Windows and Mac and even Chrome devices.
If youve got a Chromebook or a Chromebox, of course works on mobile devices as well.
But the best feature of LastPass is the ability to have a secure password folder where you can actually share passwords with other team members as well.
And Im gonna demo that for you guys and show you how that works.
So this is what the LastPass vault looks like.
Its basically like a vault for all of your passwords.
Its gonna store them all in their security securely.
The actual LastPass app just kind of sits here in the menu bar.
So inside of Google Chrome, I can click a button here and then I can go ahead and Ill open my vault.
And thats gonna show you guys all of the different passwords that I have available in my vault.
So you can see here, Ive got quite a few.
Its popping up here and show me all of my passwords.
And Ive got like, yeah, thousands and thousands of passwords in there.
So thats basically the place that we put all of our passwords.
And each time I go to a website and I enter my password manually, its gonna pop up and its gonna prompt me to actually save that password.
Now LastPass does some pretty awesome stuff, like it allow you to do things like autofill.
So if you go to a website and I trust this for it, you know, even like my banking websites you can see here, its just autofilled.
I just need to click one button, and then its automatically going to, gonna log in there for me.
So really easy for you to access all the sites that you need to.
I can even set it to automatically log in if I want.
So I dont even have to click the login button.
Itll chew, will just automatically login which is a nice little one there as well.
Now, why I like this better than using something like the Chrome Password Manager, or using something like the Google or the Apple password manager is log me in, sorry, LastPass is actually designed for you to keep strong passwords on each one of your sites.
They even have a security checkup where they will check all of the websites that you have, and they will let you know if any of those passwords have been compromised and they will also let you know if any of the passwords have been reused or if theyre particularly weak.
And so its gonna alert you and basically let you know to keep good password, you know, lets say hygiene with your passwords, and its gonna make sure that youre doing well with your security.
So theres some of the most basic features, not much thats all that special apart from, you know, other ways of storing your passwords.
But LastPass gets really powerful when we start to collaborate.
Now, I already shared that youre able to have your password synchronized between your different devices which is super duper handy.
But the next thing that LastPass actually lets you do is create shared folders for your team as well.
So lets have a look at what those shared folders look like.
Im gonna jump into my last pass vault here.
Lets see if I can make that a little bit bigger so you guys can see.
So inside my LastPass vault, you can see, I can go down to the sharing center.
And inside the sharing center, I can basically set up folders.
So weve got a number of different folders for the different areas of the business here.
And then when I choose inside those folders, I can actually choose who sees what inside the folders.
And so from there you can see Ive shared some with Scott, shared some here with Regina.
I can choose whether or not its read only, so I can choose whether or not they have access to update the passwords and I can choose if I wanna even hide the passwords.
And so, for example, lets say I wanted to share my bank account with Anna.
Well then when I go to my bank here, I can go to this actual password entry and I can go ahead and share the password entry with Anna.
And then from there Anna can actually go to the Commonwealth bank and she wont be able to see the password.
She will only be able to log in without actually seeing the password.
And so great little tools like that allow you to share the login access without actually sharing the password.
Now its not completely foolproof if youre sharing this with someone.
Lets say youve got a external consultant to your business, maybe a marketing consultant or a, you know, a team member whos working with you as a contractor and you wanna share a password with him.
Its not completely foolproof because if someone has access to the account, technically they could go in there and change the email to their own email.
So this is not a completely foolproof way of sharing logins.
I probably wouldnt use this for our banking logins to share with others, although obviously I do save my own banking password in there, but this is really useful if you have a website that doesnt allow multiple users and you wanna share that with your team.
I use this often when I sign up for an online course or an online program, and I want my team to access the education as well as myself.
But you know, theres obviously only one user able to access things.
Ill save it in last pass and then Ill share it.
And you can see that in this menu here.
If Ive shared something individually with others, you can see here, Ive shared a few different a few different online courses.
And then theres some things that have been shared with me.
These are the ones that Ive received.
Ive got my receiving ones in there as well.
So thats the basics of LastPass and how you can use that for your passwords inside your business.
I would recommend that you take all of the passwords right now that are inside Google Chrome or inside Safari and put them all into LastPass.
Now there is a wizard available when you first set up LastPass, it should suck in all of those passwords.
But the other thing that I like to do is actually disable the password mechanism inside of Chrome.
And we actually do this across the board, across our company via a Google Workspace Policy.
So if youre already a Google workspace user, and youd like to roll out LastPass to everyone, we can push down LastPass as a policy to everyone.
And weve got other videos on how to do that on our YouTube channel.
And then you can switch off the Chrome Password Manager again via policy inside of Google workspace.
And what that will do is that well actually remove access to the Chrome Password Manager, so everyone is then encouraged to use LastPass for all of their passwords.
So lets jump into a bit of Q&A guys.
If youve got any questions that youd like to send through, please go ahead and send them through.
Ive got one from Lynn saying, "Just joined with it in itGenius and I now need to set up my password administration." Yeah, good one Lynn, super easy to do.
Just ask the team to roll out LastPass.
Oops, still sharing me your computer screen there.
I just asked the team to roll out LastPass for everyone, and our team can actually do that via policy for you.
Thats really easy to do if youre a part of our Concierge membership.
And then the next one is, if you wanna remove access to the Chrome Password Manager, yeah, just ask our team about that and well be able to do that again via policy.
Anna has said last part is key.
Yeah LastPass is absolutely awesome.
There are some alternatives.
Theres one called one password and another one called dash lane.
Personally Ive not used them myself but if you are a member of Concierge, you can actually get access to some free licenses for LastPass.
So if youre interested in that, have a chat to our team, its a new partnership that weve just announced but were actually giving away some free premium licenses to all of our Concierge members.
So if youre a Concierge member, message the team and ask about LastPass.
I hope they dont kill me for announcing it early, but anyway, jump on that one.
Just send a message over to itGenius on Facebook and say, "Pete mentioned it on the live," and hopefully though they dont tell, they dont kill me.
Okay.
So cool.
All right.
Awesome.
Linda said "I need some help to bring our internal team into the mix." Yeah, excellent.
If you have an internal IT team, absolutely fine.
Hopefully theyre not control freaks, but you can collaborate with our team.
Our aim as a company is to help you out with the really critical stuff that we know the best practice on, and not to come in and completely control things for your business.
Because remember, the aim of our business is to liberate you as a business owner to be in control of your own technology strategy.
Were just here to help out with the implementation.
(energetic music)
itGenius - Google Workspace Experts: Managing Your Biggest Risk - Password Security | Part 2 of Computer Security Basics You Should Know - Cybersecurity