Disappoint hackers: Be smart about user IDs. Some of the most effective computer security measures are actually not very high-tech. You can take steps now to protect your information and your organization. In this issue, let’s focus on login IDs.
You know passwords are important, but don’t forget that an ID or user name is half your login credentials.
You may have heard it’s a bad idea to use a default user ID that comes with a device, software, account, or router. Hackers have access to catalogs of these default IDs. If they already know your ID, they’re halfway to their goal.
Even if you’re wise to this issue, here’s another consideration: default IDs may have been allowed by former staff or contractors. Furthermore, if your business has any old unused login IDs hanging around (even if they aren’t defaults) this too increases an online attacker’s chances of success.
Take a few minutes now and make a list of places to check user IDs. Then follow up over the next few days to root out any undesirable IDs.
What to check
1. Change or delete all generic user IDs such as “Admin” or “Administrator.” But make sure you’ve assigned administrative privileges to someone.
2. Delete any user accounts no longer needed for former staff, temporary workers, or contractors.
3. Give administrative access to more than one person, as a failsafe; however, do not give unneeded high levels of access to all users.
4. Choose different login IDs for different devices, sites, and software.
Where to Check
Internet router: This is a common place to find a default ID and password still in effect.
Web site: Check the list of user names on your web hosting service, and any related places such as your WordPress account. Was your website designed by a third party? Do they still have a login account? Do you want them to have access, or not? Is there an “Admin” or other generic ID?
Social media and other web applications: Are former employees still being granted privileges on your organization’s Facebook page, Salesforce account, and other sites?
All software: especially that which handles sensitive or private information such as financial data or details about clients, customers, and donors.
How to check
Lists of user IDs must usually be done using an account that has administrator privileges. So you might need help from someone else in your organization to complete your checklist.