Managing Passwords for Business Accounts and Analytics
Passwords are important, like really important. It’s always surprising to us when we ask a partner for access to their accounts to aid in web development or analytics and their response is “but I don’t have the password.” Ignorance is not bliss when it comes to passwords and owning your accounts. And if you are wondering if you are in control of your accounts and who might have the passwords, keep reading, we have some valuable tips for you.
Why Analytics access and Ownership are Critical
Data is an invaluable asset. There is a lot of inherent value in data collected over a long period of time. Data collection over elapsed time is one thing that can’t be replicated and if you lose connection with that data, you will have to start from scratch to collect it again.
Website and digital media analytics are a great example of this. As more data about your advertising and your audience are gathered, the value of that data to your business increases. There’s no way to go back and “buy” 10 years worth of data about how people interact with your brand and digital presence. That’s why it is so important that you own and control all of your data. If an agency tries to stand between you and your data or in any way suggest that the data and the account collecting it are not yours and yours alone, turn and run as fast as you can to 129 South Court Street, Unit 2, Fayetteville, WV. We got you.
Data like this has to be collected cleanly and consistently (and in a way that you control) over time but once you have it, it becomes an irreplaceable business asset and virtually indispensable in making large business decisions. So be sure to take ownership of this information from the onset and you’ll never risk losing it.
A login isn’t just a password.
It’s important to maintain some level of control over, or at least access to, the email address that you use to create these accounts. The password is just half of the equation and if you lose the password, the email address can usually help you reset it.
All passwords are not created equal.
Choosing a good password is critical in maintaining security. Short passwords that are used in multiple places are never a good idea. The longer the password, the better. And add in special characters and get creative with using numbers as letters (example: “mysonisgoodatfootball” could easly be “[email protected]). Be sure to use a different password for each site so that if it is compromised by a hacker they only have access to one site and not all of them. Use a password generator for added security and don’t store passwords in a plain text file. Specifically, you should never be able to read your password. If you can read it, it’s not being stored in a safe way.
No website has just one password.
Even the simplest websites are usually made of 2-3 components with separate logins. Some services handle a few of these for you but for most businesses, these are separate accounts with separate vendors.
- Registrar – Where your domain itself is registered. Network Solutions, GoDaddy, etc.
- CMS – How you update and manage your website’s content. WordPress, Drupal, ExpressionEngine, Squarespace, etc.
- (S)FTP – Code-level access to the files on the server where your website is hosted.
- Hosting – The service (or server) where the website itself lives. Think of this as one step above something like SFTP. This is where you would actually manage your SFTP accounts
- Repositories (if applicable) – Some websites use tools like BitBucket or Github to handle deploying code changes to the server where they live.
- Analytics – Tools like Google Analytics, Hot Jar, CrazyEgg, Hubspot, etc.
- Third parties – Newsletter accounts, social media accounts, etc.
Sharing access isn’t about sharing passwords.
As you work to maintain control of your accounts, be aware that tools like Google Analytics let you give varying levels of access to users using their email address. This means there is no need to share your password with other users, just give them the access they need and when the time comes, update or revise their privileges.
Bonus points: Two Factor Authentication or GTFO
If you’re feeling good about knowing your passwords and controlling your accounts, the next big step is to using two factor authentication, or 2FA.
Put simply, 2FA adds an additional layer of security beyond just a password. If you can think of a password as “something you know,” 2FA is “something you have.” Common 2FA practices include getting confirmation codes texted to your phone when you login but the more secure and more widely recommended option is a tool like Authy or Google Authenticator which, once you have securely set them up, will generate confirmation codes for you that refresh every 30 seconds. When you try to login, you will need your password and that confirmation code. Without both, you won’t be able to access your account. This means that if someone gets your password, they’ll only have half of what they need to get into the account.
So, now is the time to take control. Hunt down and update your passwords. And make a plan for who has access to your accounts and who holds the passwords. Trust us, time spent now figuring these things out will pay-off big in the long run.