Let’s be honest: in a busy vet practice, good password management probably isn’t at the top of your to-do list.
But as more and more veterinary clinics go digital in the pursuit of greater patient care and operational efficiency, it’s never been more important to have the right systems in place to keep your data secure.
In this blog post, we’ll show you how threat actors get their hands on your login credentials and what you need to do to create and manage bulletproof passwords.
3 steps to creating a great password
Today’s veterinary practices are responsible for managing large volumes of sensitive data, including client names and addresses, patient medical information, staff payroll data, and more. Strong passwords play a key role in keeping this data secure and minimizing the risk of a breach.
Every member of your veterinary practice should use the following best practices when creating passwords both inside and outside the workplace.
1. Passwords should be long
The longer the password, the more secure it is. Passwords should be a minimum of eight characters, but for greater security try to aim for 16 characters or more.
If you’re struggling to think of a long password, consider using a passphrase, which is essentially just a string of random words. Passphrases offer excellent security and are much easier to remember than a bunch of random characters.
The following example demonstrates how the length of your password affects security:
- It takes about two seconds to crack the password ‘zucchini’.
- It takes about 40 minutes to crack the password ‘zucchinibrazil’.
- It takes about 5 months to crack the password ‘zucchinibrazilorthodox’.
- It takes centuries to crack the password ‘zucchinibrazilorthodoxconundrum’.
Use a mix of uppercase and lowercase letters and incorporate numbers and symbols into your password to make it even stronger. Using the above example, your final password might end up looking something like this: zU#chINibr^&iloRth9do%con$NDr*M.
You can test the strength of a password using Bitwarden’s free online tool.
2. Passwords should be unique
Create a unique password for every account, website, and online service you use.
While it might be tempting to use perfect password for multiple accounts, doing so increases the risk of a data breach. How? Well, if a threat actor were to obtain a recycled password, they could potentially use it to access your other accounts that are protected with the same password.
Creating unique passwords limits the impact of credential theft. Even if one of your passwords is compromised, the attacker still won’t be able to access your other accounts.
3. Don’t use personal information
Your passwords should be random. Attackers can learn a lot about you from social media and other public sources, so avoid using passwords that are based on personal information. That includes things like your name, your date of birth, email address, the name of your business, children’s names, pet’s names, the city you live in, the car you drive, etc.
If you’re having trouble thinking of a truly random password, try using a password generator.
Managing your passwords
Given that the average internet user has more than 130 online accounts, manually keeping track of all your passwords is impossible.
That’s where password managers come in. A password manager is a nifty little solution that securely stores your login information for all the websites you use and can help you log into them automatically. Many password managers also come with free password generators, allowing you to quickly create robust passwords on the fly. A password manager effectively holds the keys to your entire digital life, so the password you use to secure your password manager must be a good one.
- Do not store passwords in your web browser. All passwords saved in web browsers can be revealed relatively easily.
- Do not store your passwords in an unencrypted text file. If your system is compromised, an attacker could easily access all the passwords in the file.
How do attackers get your passwords?
Attackers use a variety of methods to steal your passwords. Some of the most common methods include:
- Credential stuffing: Attackers obtain databases of stolen usernames and passwords and use them to gain unauthorized access to your account.
- Phishing: A type of social engineering attack whereby threat actors impersonate a legitimate organization and attempt to trick you into giving away your login credentials.
- Malware: Some types of malicious software, such as keyloggers, can record your keystrokes. The data is then sent to the attacker, who can use the information to access your account.
- Brute force: In a brute force attack, threat actors use automated tools to systematically guess all possible character combinations. The timespan of a successful brute force attack ranges from seconds to trillions of years, depending on the length and complexity of the password.
How to tell if your password has been leaked
Unfortunately, password leaks are all too common. In 2021, for example, a user on a popular hacking forum posted a 100 gigabyte text file containing 8.4 billion passwords that had been harvested from previous data leaks and breaches.
Curious if one of your passwords has ever been leaked? You can use the Have I Been Pwned website to check if your email address has been involved in a data breach. And don’t worry - the passwords that correspond to your email address aren’t stored in the Have I Been Pwned database.
If you discover that one of your passwords has been leaked, it’s important to respond swiftly:
- Change the password as soon as possible. If you’ve used that password for other accounts (that’s a big no-no, remember!) you’ll need to change the passwords on those accounts, too.
- If the password is associated with your bank or another paid service provider, give them a call and let them know so they can keep an eye out for unusual activity.
- If the password is related to your email address or social media accounts, warn your friends, family, and work colleagues to be on the lookout for suspicious messages.
- Monitor your account for suspicious behavior.
How to change your ezyVet password
Is it time to change your ezyVet password (document opens in a new tab in your ezyVet site)? To do so:
- Select your sign-in username from the ezyVet right sidebar.
- Enter a new password in the System Password Box
- Click Save.
That’s it! Your user account now has a new password. You’ll need to enter the new password the next time you log in to ezyVet.
Takeaway
Passwords are your first line of defense against unauthorized access. In a veterinary setting, every member of your team should understand the importance of robust passwords and know how to create and manage passwords according to current best practices.