At Agri Information Partners, we are continually working on Mercado and E-Brida. One of the topics we are busy with is security. Developments in the nowadays world are going fast. From a security perspective, we are exploring, updating, and improving the security level of our applications and your data. Sometimes, it might get technical; we like it. We are interested in the newest developments and possibilities.
You are part of the chain
However, the technical backside isn’t the only link in the security chain. As a user, you definitely can contribute to safety and security. As we all know, the chain is as strong as its weakest link. And one of those links is you: as a user of the application.
The door of your house
To simplify the situation, think of a tool as a house. We are making sure that all components of the house are safe. So the windows, the doors, the chimney, the cat door; even the smallest openings in the house are designed and built firmly and securely.
As the user of a safe house with strong windows and advanced locks on the doors and windows, you can use the same key for your home as for your garage. Even worse, you like having one key, so also the door of your work, your sports facility, grocery store and all other places you visit regularly, are using the same key.
Or maybe not. You have different keys for all the doors, but they are very similar. Oh, and to keep it simple, the key is hanging next to the door. In other cases, you might see people trying to leave the door open as often as possible. Putting stuff between the door, not closing the door good enough, all kinds of effort to make your own entrance as easy as possible.
Some people underestimate the need for a strong password
For a house, the examples above might sound silly. For a software tool, those situations are still seen too often nowadays. And of course, having all those different accounts with different passwords can be frustrating now and then. However, we want you to be aware of the consequences. Some people underestimate the need for a strong password.
Maybe you didn’t know:
Bad passwords
Having MyDog1234 as a password is easy to remember. Many people use those kinds of passwords and think people do not randomly try that password. Please be aware that those constructions of passwords are so typical that they are used in algorithms to break your password. Google for the ‘worst passwords,’ and don’t be surprised if you are using one of those passwords somewhere! In general, don’t use (pet)names, birthdays, logical years, or 123, etc., in your passwords!
Same passwords
Maybe you are aware of the need for strong passwords, and you are using a super long and strong password that nobody can ever crack. Your password is so strong; you are using it everywhere. Because who can hack such a password? Okay, guessing might be challenging. Please remember that usernames and passwords are stolen from applications/organizations now and then. That means that your powerful password is stolen together with your username/e-mail address due to a different security issue. If people want to hurt you, they will try all kinds of other applications to see if it is using the same password. And that might be troublesome for you.
One tool that might be useful for you is haveibeenpwned.com. You can type in your e-mail address, and the website will find out if your e-mail address is known in any known incident. Suppose no issues are known with your e-mail address; congrats. However, be aware that not all problems will be noticed directly. So if you are using the same password repeatedly, it might be an idea to change your passwords to unique passwords.
Small changes
If your passwords are not too bad and all unique, you have a good starting point. Every now and then, applications will ask you to change your password for security reasons. It sounds easy to remove ‘3925!’ at the end and replace it with ‘3926$’ and voila, a ‘new’ password. No. It’s not new. Your updated password is so easily derived from your previous passwords that other people can think up the same updated password. Once your password has been stolen or known by other people, those people might anticipate what your new password might be. So please make sure that a new password really is a new password.
Generate strong and unique passwords
Okay, okay. That’s a lot of information. We need a strong, unique password for every account/application. And if we are asked to update our password, we need to create an entirely new password. My mind can’t keep track of that! I have other things to do.
Password manager
Sure. Almost nobody can keep track of all those safe, different passwords. That’s why smart people came up with tools that are called password managers. Those password managers can help you by doing a lot of security work for you! A password manager is like a password vault. You only need one’ key’ to enter all the different passwords. That might sound creepy, but if you make sure that this vault is secured very well, you only have to worry about this one account. And with such a password manager, you won’t need to worry about the countless other accounts you have.
A password manager’s nice thing: people who build them are above average security interests. Therefore, most password managers help you make sure your vault ‘key’ itself is strong enough.
The best advice might be to take the time to set-up your password manager. There are dozens of options, different types for different applications. If you search on the internet for password manager, you will get lots of articles about the most used options and their features. It don’t need to cost you anything since most widely known password managers are free to use.
Your personal password manager
If you have chosen a password manager and set-up all your passwords, you will experience the comfort of using such a tool. You can really see it as your personal password manager. Most of the tools keep track of your passwords’ strength and can help you by auto-generating new strong passwords and can help you by making sure all your passwords are unique.
Once you have set it up well, you never have to worry about all those different passwords.
Passphrases
A password manager is an ultimate tool to keep track of all passwords and help you create new, strong passwords. The downside of this is that you always need access to your password manager whenever you need to log in with an account. That’s not always possible. Imagine that you store your password vault somewhere offline, or maybe only on one or a few devices. Or what do you think of your password/key to enter your password manager itself?
Some passwords are frequently used outside the reach of your password manager. And having to type in a long, random password correctly by hand doesn’t feel like the right thing to do. To overcome that problem, you can use passphrases for those instances instead.
It seems that people are terrible at creating secure passwords themselves. If humans are asked to create a hard-to-remember password, they usually end up with a password that isn’t too hard for computers to guess.
To get the best combination between memorability and security, one can decide to use passphrases instead of passwords. A passphrase is a random collection of words that result in a sentence. The sentence is safe to use as a password (since it is long) and easy to remember for the user (since it’s based on human logic). A passphrase might for example be: plausibleOnstage2undrilled$edginess.
Depending on the account, you might need to add punctuations and capital letters.
Multi-factor authentication
By following the above steps to create strong, unique passwords that are updated and managed well, you made some significant steps. However, any password might be hacked/leaked/stolen sometime. That’s the reason why more and more applications (including password managers!) can offer you to enable two/multi-factor authentication.
Multi-factor authentication means that once you have entered the right password, you need to confirm that it’s you in a different way. There are multiple apps for your phone that might be connected with an application. If someone is logging in with the right password, you need to accept the login request via your phone. People that stole your password are now not able to get into your data. That’s taking security to the next level.
So, if you have the chance, enable two-way/multi-authentication for any tool possible.
With the above steps, you might increase your link’s strength in the chain, which might improve the whole chain’s strength.
