Protecting passwords – your best security

Security is a hot topic for any SaaS application where sensitive data is involved. No question.

What is unusual is people’s surprise when I tell them that the best way of increasing their security when using Xero is to choose a strong password and the ability to keep it secure; rather than any security measures that Xero has implemented.

I’ve heard mixed opinions from customers on how sensitive they feel their accounting data is. But picking a secure password isn’t simply about preventing access to a particular site,  the consequences of poorly-selected passwords can be devastating. Having your social networking access compromised could be embarrassing but finding your identity has been stolen or bank account compromised is far worse.

OK take a deep breath before we get carried away with paranoia. These things can happen but ask yourself “How many people do I personally know who’ve had this happen to them?”  Personally – no one.

So what have Xero done to protect me?

•    We make sure you don’t have to share a login with any other user, as all organisations signed up to Xero get unlimited users. Therefore there’s no excuse for sharing logins and passwords.
•    It may seem annoying at times, but we’ve purposefully excluded the ability for browsers to remember your Xero password. You have to type it each time. This means no one else     will be able to access your data whether your computer is stolen or if you simply leave it unattended and the timeout returns to the login page.
•    We make sure you use a password of at least 8 characters containing both letters and non-alphabetical characters.

So what can you do to make sure you’re secure?

Here’s some commonsense rules that will help you with security and help train your memory as well:

  1. Use different passwords. If you’re signing up for something that doesn’t need to be secure you could use the same password for all similar sites but beware if cracked or guessed it could well be applied to any other site you may have signed up to. Following this same rationale – make sure all your secure sites use different passwords
  2. Choose passwords that are hard to remember (for other people). Birthdays, names, pets or maiden names are all easily scavenged from Google searches and your public profiles displayed on other sites.
  3. Ideally choose a password that makes no sense and is a mixture of upper and lower case and non-alphanumeric characters. Take the first letter of a long phrase such as “I love to sing in the shower. No one can hear me and it lasts for an hour.” This can be used to create and remember a really good password “Iltsits.Nochmail4ah”
  4. Without being patronising, please don’t use passwords suggested in blogs or other sites.  Although some sites can provide tools to help you remember a chosen password.
  5. Never (and we really mean never) give you password to anyone else, no matter how much you trust them. If you think someone knows your password, change it immediately.
  6. Make sure that your email account has a strong password, as if it is possible to get in to your email account it is possible to get into most of your online services. Use a different password for your email account than you use for Xero.

Other tools

There are password software solutions available to download to make entering passwords easier. These may mean you only have to enter a single password to access the application which automatically associates the real password with the site. These may be useful but make sure they don’t fall foul of any of the issues above before you consider implementing them.

Leave a Reply

Your email address will not be published. Required fields are marked *

Blinkered unicorns?

As part of London Fintech Week this week I took part in a panel debate entitled The State of Play in Banking and Financial Services where the session centred on whether innovation in banking and financial services was in good health. The session whilst insightful, had to wrap up before we got into the real ...

Better together: Selecting the right add-ons to help you grow

  Cristina Garza, owner of Accountingprose, and self-proclaimed small business superhero, shared a few insights into how she helps clients select the right add-on apps to run their operations. Speaking to AccountingWEB recently, Garza says she finds herself regularly vetting software to fit her clients’ needs. With six years of experience and more than 150 ...