Level Up Your Password Security

Security: it’s a big, big deal. 

As a therapist, you have a responsibility to make sure your client’s information is secure, and to preserve the trust and confidentiality of the client and to solidify the therapist relationship.

Likewise, one of my primary responsibilities at Therapy Shelf is to understand and implement good cyber security to keep your information safe.

In both domains (Therapy and Technology), there can be disastrous consequences if that security and trust is broken.

But that’s not what I want for any of us. Rather, I want to help you “level up” your password security, so that you can feel confident that you’re doing your part to protect your data, and your client’s data. 

In this article, we’ll start by answering the question: “Why do I need a Secure Password Strategy?”

Next, we’ll identify the characteristics of a Secure Password Strategy, so you can see how your current process measures up.

Finally, I’ll offer 3 simple tips that you can incorporate into your daily security habits to “level up” your password security.

Why do I need a Secure Password Strategy?

The answer to this question is a fundamental truth of human nature…sometimes people do bad things. It’s nearly impossible to accidentally hack into someone’s email, or accidentally pilfer a credit card number. The “bad actors” (as they’re called in the Cyber Security community) leverage time, money, and expertise developing techniques specifically designed to steal the sensitive personal or financial information of others for their own gain. We need protection from this real and present threat.

Your passwords play an essential role in that protection. Email addresses and usernames are generally much more common; you may log into several sites with the same email address or username. Email addresses are also much easier to find online (they might be on your facebook page, linkedin profile, etc…). Therefore, your passwords are of utmost importance when it comes to keeping your accounts secure. They are the secrets that only you should know; they are the keys to the locks that guard your data. 

I’ve outlined a few benefits and risks below to help illustrate how your password strategy can impact your daily life and practice. If you employ a good password strategy, you’ll be well on your way to potentially reaping these benefits. However, a bad password strategy, or no password strategy, increases the chances that one or more of these risks may become reality.

Benefits of a Good Password Strategy

• • You’ll have fewer password headaches (“How do I spell that again?”, “Oh, where did I leave that sticky note?”, etc…)
  • You can save time and money in the event of security audits or issues (you’ve got your ducks in a row)
  • You’ll feel more confident and secure when navigating privacy and security both on the internet, and in your work.

Risks of a Bad Password Strategy (or no password strategy)

• • There is a higher likelihood that a “bad actor” can break in and get sensitive data from a program or service that you use.
  • There can be penalties and issues if a security breach occurs, and it’s discovered that a password strategy didn’t meet the guidelines of HIPAA or other regulatory bodies.
  • You’re exchanging a bad password strategy now, for more headaches in the future.

Characteristics of a Secure Password Strategy

Now that we understand why we need a Secure Password Strategy, we’ll take a look at some of the identifying characteristics that separate the good passwords from the….not so good. 

This is by no means an exhaustive list, but here are some core tenets of a solid password strategy:

1. Secure Passwords are complex, and hard to guess
2. A Secure Password secures 1 thing, or 1 set of related things
3. Secure Passwords are stored securely

In the next section, I’ll provide 3 tips to “level up” your password security, and explain how each tip embodies one of these characteristics.

Effective passswords are a key component of protecting the confidentiality of your clients.

3 Tips to take your Password Security to the next level

1. Use strong passwords

While a password of ‘ABC@123’ is easy to remember, it’s a weak password and probably won’t offer much real protection. That’s why this first tip is focused on the ‘strength’ of your password. In this case, strength equals complexity. Humans are smart, but computers are fast. A longer, complex password is harder for a human to guess, and takes longer for a computer to crack. This ties back to the 1st tenet of a Secure Password strategy (passwords should be complex and hard to guess).

A strong password will often contain:

• • Letters (both upper and lowercase)
  • 1 or more numbers
  • 1 or more special characters (!@#$% and others)
  • At least 8 to 10 characters (the longer the better)

If you were part of the Chronicler beta, you may have noticed that we generated secure “passphrases” of 6 random words for your passwords. These were hard for computers and humans to guess, but we received feedback that the process was a little awkward, and that users would prefer the ability to set their own passwords. As a result, we’ve updated our system so that you can now create your own passwords. However, we’re still security minded, and we only allow strong passwords that meet all the criteria listed above.

2. Use a different password for each resource

Imagine a scenario where a hacker gets the username and password to your account on a popular video streaming website. You may think something along the lines of  “that’s a problem, but at least it was just my streaming account.” But what if you also use that password for your online banking?  Yikes! The stakes just got a lot higher. 

When it comes to security, a dash of “hope for the best, prepare for the worst” mentality can be a great help. We don’t want someone to get a hold of one of our passwords, but if they do, then we really need to limit the amount of damage they can do. 

Using a different password for each service provides that essential limitation, and fulfills the 2nd tenet of a Secure Password strategy (A Secure Password secures 1 thing, or 1 set of related things). In practice, this might look like:

• • I have 1 password for my video streaming account
  • I have a different password for my online banking
  • I have another, different password for my EHR system
  • And so on…..

3. Use a Password Manager

The 2 tips above are all well and good, but you may have noticed that you’ll be creating a bunch of complex passwords. If the passwords are hard to remember, and there are a lot of them, how can we ever expect to keep track of them all?

One solution, but not a good solution, is to keep them all in a text file somewhere on your computer. It’s easy, but that strategy is a heap of problems just waiting to happen. All it takes is for someone to double click that “definitely-not-passwords.txt” file on the desktop, and they gain access to all your credentials. 

We need a better solution, a solution that satisfies the 3rd tenet of a Secure Password strategy (Secure Passwords are stored securely).

That’s where Password Managers come in.

Password managers are applications that run on your device, and that are capable of securely storing the usernames and passwords for all the services you use and sites you belong to. There are some great free options available, and you can get even more features if you opt for a paid version. We’ve listed a few below for reference (we’re not paid to recommend these; they’re just our favorites):

• • Dashlane
  • BitWarden
  • LastPass
  • Your internet browser (Some major browsers like Chrome and Edge offer autofill and password management)

Some password managers can detect when you’re signing up on a website, and not only generate a secure password for that site, but also automatically save your username and password so that you never need to type it in again. A good password manager makes passwords a breeze, even when you have a ton to keep track of. 

In Conclusion

The world of cyber security can seem daunting at times, but by incorporating a Secure Password Strategy into your daily habits, you can help to keep your (and your client’s) data safe, gain some peace of mind, and get back to what matters most. 

– Philip Breedlove

Read more blog posts