PadlockOkay, so let’s assume that this is true: anywhere you store electronic data can, at some point, be hacked. So if that’s true, maybe don’t store any sensitive information anywhere on the web. Okay. So, now all your organization has to do is stop using email, stop hosting a website, disconnect from social media, stop storing any electronic information about clients or constituents and stop accepting any donations by credit card.

Hmmnnnn… not so practical. How about if you just get smarter about password security?

Step one: switch to a password manager

I use LastPass. I started with the free individual version, then switched to the $12 per year paid plan that allows me to access my passwords via mobile devices. (There are organizational plans that come with a 30% discount for nonprofits.)

Password software takes a little getting used to — you install it in your browser and phone for starters. But, in the case of LastPass, they really have thought of everything:

  1. The software generates new random-character passwords whenever you need a password for another website. You can set it to follow whatever arcane rules the website has (some websites disallow special characters in passwords, others require them).
  2. The software stores passwords so that you can access sites anytime you’re in your web browser, along with the exact address where you would use it, and a human-readable label so you can see what it is. It’s easy to organize and search your password collection.
  3. You can mark the frequently used ones as “favorites” and easily navigate to them via your browser toolbar, or “auto login” to your frequently used accounts.
  4. Unlike the way your browser generally stores your saved passwords, this is actually secure.

Although I am totally infatuated with LastPass, I have had people also suggest DashLane and 1Password.

It will take more time in the beginning, then you won’t know how you lived without it

I found that for the first month, especially as I kept having to replace weak passwords, setting up LastPass took a little time (in one or two minute increments). Then it started saving me time instead — now, I login whenever I start my browser, I can easily find any site I’ve ever created a login for. I can’t imagine ever going back to the elaborate password system I kept in my head but that still required re-using a password for multiple sites.

Learn more

If you want to learn more about web security, here’s an excellent WordCamp presentation about WordPress security that explains a lot of the lingo, as well as why hacking is profitable and how you can keep your WordPress website secure.

For any nonprofit, your data is essential to getting your work done. Any compromise of your data means at the very least a distraction from your mission. At its worst, it can mean losing control of other people’s personal information, breaking trust with your donors, clients or employees.

It’s not worth the risk – stop reusing insecure passwords and start using a password manager.