LastPass | Password Security Solution for Ecommerce Sellers
Articles,  Blog

LastPass | Password Security Solution for Ecommerce Sellers


hey it’s patti scharf CPA and co-founder
of catching clouds the leader in e-commerce accounting I am continuing my
series on solutions for e-commerce sellers and today I want to talk about
security because you know you can’t talk about online commerce without talking
about security make sure you stick around to the end because I’m going to
talk about specifically LastPass which is a password vault and I’m going to
tell you why you need that and kind of what it does and stuff like that so
let’s get started all right so everything in the world is
moving towards the cloud so everything is accessible with a browser whether
you’re on your phone or you’re on your computer or whatever and because
everything is accessible through the Internet
the biggest issue that you need to be paying attention to is password security
basically if somebody has your password they can get in whether they’re hacking
or whatever if they can get in they can get to your world so we want to prevent
that right alright so one of the first things I want to talk about is setting
up sub logins so if you are using a bank like let’s use Chase for example Chase
will allow you to create another user account underneath your main account
that you can limit access so like when we’re working with clients we want to
get a sub login as often as possible because we don’t want access to the main
meet of the account we just want to see like what happened in their accounting
transactions and things like that so we will ask for a sub login with limited
permissions that does not allow us to transact on anybody’s account we highly
recommend that if you are working with another accountant or you’re working
with anybody who needs access to your account for some reason or another you
make sure to limit their permissions and set up their own login and the other
thing that I really like about this is that you know how sometimes like you
mess up typing your password or something like that
and it locks you out after three attempts if you have a sub login like
that person can deal with all the administrative headache of that
themselves without locking you out of your admin password which is a much
bigger headache so sub logins totally the way to go the next thing I want to
talk about is two-factor authentication now that is a scary sounding technical
term but here’s what it is so when you’re logging into anywhere you usually
need your username and password what two-factor authentication is is it
makes you do a third thing and that is enter some kind of a code so you may
have your phone set up so it’ll text you a code
so that not only does whoever’s accessing your account need to know your
user name and password they also have to literally have your phone so that they
can see what was texted and they have just like maybe a minute to type that in
before they can get in there are also other things like there’s a tool called
Google Authenticator and you put it on your phone it’s an app for your phone
and it you can add all your different sites like I’ve got zero and slack and
gusto and LastPass and all these different ones on Google Authenticator
and then when I log into something I just pull up my Google Authenticator app
and it has a code that changes every minute so I have like a minute to enter
in my code or maybe it’s even 30 seconds I don’t really know but I have a certain
period of time a short period of time where I can enter in my code and again I
need to have access to that Google Authenticator app before I can log in so
it’s an extra level of security that’s really smart to have on all of your
systems so take a look at some of the tools you’re using and if it allows for
setting up two-factor authentication by all means you should do that all right
so let’s talk about passwords themselves they should be long they should be
unique they should be complex so they should have like special characters in
there they should have numbers and letters and things like that I’ve read
different reports where some people say oh it’s like easier to get into if it’s
all jumbled versus if you have like a couple of words that don’t mean anything
together separated by a number some like that I don’t know but I would recommend
that whichever you do whatever combination you have you make your your
passwords as long as possible like 32 characters and up you want it to be
really long you also don’t want to have the same exact password on every single
thing that you login a lot of people do that because it’s easier to remember if
you just have one password that lets you into all these different things then
it’s easier to remember but the problem is it’s also easier to get into all of
your stuff not only can they get into this site but
they can get into all of them so you want to make it as hard as possible to
get into your stuff all right so this is where the password vault comes into play
it it’s basically what it sounds like it is one piece of software that holds on
to all of your different passwords for all of the different sites that you log
into it keeps it nice and safe and secure and but it’s easy because you
just need to know your own password to log into it to get access to all these
different things okay so I have it as Chrome extension on my system so
whenever I go to a site that is kept in that vault LastPass will automatically
recognize what the site is and go oh which of these passwords would you like
to use I see you’re on the chase site and I pick the one I need and it
automatically populates the username and ID so even though I have these really
long complex passwords I don’t have to remember them because LastPass remembers
it for me so it will automatically fill those in I can log in without a problem
there’s an app for my phone so if I’m accessing stuff on my phone I can use it
there also also when I’m signing up for a new site
and I want to create a new complex password I can just go generate password
and it will automatically come up with one and fill it in for me and then it’ll
say hey do you want me to save this password to your vault and I say yes
please and then it saves it and away we go so here’s the other thing that you
can do with LastPass is we can create groups basically within LastPass we’re
different people share the same passwords so if I’m sharing a password
with the accountant on the catching clouds account then she has access to my
passwords I have access to my passwords scott has access to the passwords and
but nobody else does so we can share them securely and they’re encrypted and
everything else and it’s really handy if we’re sharing passwords with clients we
can do the same thing or we can actually literally just send it through LastPass
and they accepted on their side so we don’t
like have one folder that we all have access to but you can just like send it
to somebody else and it gets sent encrypted and it
unencrypted sit on their side and everything else so it’s pretty sweet
the other thing LastPass will do is they provide security checks so you can run a
security check on the system and it’ll go you know what this password not so
secure maybe you want to fix that so it’s got some really great tools and
stuff embedded in it so I think it’s a really great bang for the buck it’s only
like I think I think it goes from $2 to $4 per month per person who’s using it
which is not a huge investment in your security and you know it makes my life
so much easier if you’re using LastPass or using a different password vault
leave a comment down below tell me which one you’re using and tell me if you like
it don’t like it whatever I think other people will be interested in doing that
and also down below we have a link to our e-commerce security best practices I
think it’s what we called it it’s an e-book that we made just to help you
guys keep your stuff nice safe and secure so if you’re interested please
check that out I think that’s it for today if you like this video please like
comment and share if you haven’t already please subscribe and I’ll catch you
later

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *