Reevaluating Your Password Management

By Dr. Matthew Larson

We live in an amazing age where the world is at our fingertips… if only we could remember our password.

It’s no surprise that passwords can be a frustrating part of our digital lives. Websites can have different requirements for passwords and then have to be changed at different intervals. In theory, there are clearly good reasons to have high standards for strong passwords. However, in real life this often means the same password is used for multiple websites and are frequently saved in other locations to remember them.

Here are a few questions to ask yourself about how you handle passwords in your office:

  1. Do you use strong passwords when needed?
  2. Do you have UNIQUE passwords for different sites?
  3. Do you change passwords when you have changes in staff?
  4. Do you keep important passwords private? (This means not posted in plain sight! In many practices the private WiFi password or Invisalign login can be easily found by opening the drawer or cabinet near the computer.)

If you answered no to most of the questions above you may want to consider a password manager app. (If you answered yes to all the questions and do NOT use some form of password manager, I would love to have your memory.) There are many good password manager programs – some are built into web browsers (Internet Explorer, Google Chrome, and Safari all have password managers) while some are 3rd party programs (some of the more popular ones are LastPass, Dashlane, 1Password, and Password Safe). These programs and apps can help manage your existing passwords and help create strong new passwords.

Here are my personal thoughts when selecting a password manager program:

  • Select a program that requires a strong master password to open the app. This rules out most default password managers within web browsers, although there are browser extensions available for many of the 3rd party programs which do require a separate logon. This master password unlocks all your other passwords, so carefully create a unique and very strong.
  • Select a company that has a strong history with good reviews. You want a company with a strong reputation that will continue to maintain high security.
  • Expect to pay a small fee for a high quality company. These programs are inexpensive overall (most range from free to about $5 for the app), so don’t get too caught up trying to find a bargain. A bargain price typically means they are either trying to grow (and then will likely increase fees later) or they are making money through other venues (and the priority may not be the password management program).
  • Use a program that works on mobile devices, Windows computers, and Macs so you can utilize it on all your devices. Additionally, make sure you can sync your database files easily in the cloud between devices.

Related to the database files, ensure the program you choose maintains an encrypted database file. This requires that you have the program and the master password to open the database. All the 3rd party programs mentioned about are encrypted with AES-256 encryption (which is much better than a word document on dropbox).

Currently, I personally use 1Password (https://1password.com/ ), mainly because I like the “Teams” option that allows you to share passwords between team members. You do this using shared “Vaults” as shown below. They charge per user so currently I only have one account for my personal use and one account that the staff uses for ordering and insurance. The program also allows you to save credit card information and profiles, so entering information on a new website goes much quicker. It is also a great way to organize NPI and license numbers for you and your team.

Another nice benefit of these managers is that you can actually load the sites and passwords very quickly and efficiently. I found myself actually saving time going through and paying bills after switching to a password manager because loading every site basically just takes a couple clicks of the mouse. A couple screenshots of how this looks on a mobile device are shown below. (I use this as quick access to my office Facebook account, since the app on my phone has my personal account saved.)

Some may have security concerns by having all your passwords stored in one spot. However, keep in mind that this is the focus of the company and they likely can manage it better than most people can with the little time they realistically devote to it. The first step to deciding if this type of program is right for you and your practice is an honest look at the security and efficiency of your current systems. If managing these passwords is stressful or they are not being stored securely, take a look into what current password manager programs can add to your practice.

Leave a Reply

Your email address will not be published. Required fields are marked *

By submitting this form, you accept the Mollom privacy policy.