On Tuesday, February 4, the American Booksellers Association presented a Technology Meetup on password security.
During the meetup, booksellers heard about the importance of password security, best practices for creating passwords, and tools to make remembering passwords a little bit easier while still being secure. Guest speakers included Dan Brewster of Prologue Bookshop and Doug Robinson of Eagle Eye Bookshop, with information provided by ABA System Administrator Josh Harding.
Booksellers are encouraged to fill out this ABA Marketing and Technology Meetup Survey to help ABA develop the best meetups for booksellers.
Here are some of the key points from last week’s session:
- Security breaches usually involve credentials being stolen in an encrypted format. In those cases, hackers can’t just read passwords, they have to guess them. While a person sitting at a keyboard can’t guess passwords very quickly, specialized software can guess millions per second. The easier a password is to guess, the more quickly it will be cracked, which is why strong passwords are recommended.
- Varying the passwords used across websites makes it easier to contain a security breach. If one website suffers from a security breach, it’s simple to reset that one password, but if that password is used in many different places, it’s more difficult.
Booksellers who don’t use a shared computer can use a password manager such as LastPass, RoboForm, or 1Password.
- Booksellers can also install a password app for their phone or tablet.
- Those who are using a shared computer and using passwords that are shared for work can also consider using one of these managers.
- Password managers do not need to be digital; if a bookseller’s workplace is secure, a notepad or piece of paper is an option, too.
- Robinson uses Roboform to manage Eagle Eye’s passwords. He pays an annual fee, and in addition to keeping track of passwords, it autofills shipping and credit card information when Robinson shops online.
Brewster uses LastPass for Prologue Bookshop. He pays a fee on an annual basis to use the service. He uses the manager to keep track of staff accounts, in addition to his store’s bank account, publisher logins, and other websites.
- Brewster recommended booksellers look for paid options to ensure security and peace of mind.
- He also recommended that if booksellers opt to use paper over a digital service, they keep track of where they’re leaving that paper, likening a sheet of passwords to keys to the store. “If you wouldn’t leave your keys out somewhere,” he said, “you wouldn’t leave your password notebook in the same place.”
- Brewster will also change critically important passwords when employees leave.
Longer and more complex passwords are always stronger than shorter ones. Booksellers should use a mix of upper and lowercase letters, numbers, and special characters, and avoid using dictionary words.
- Booksellers should also avoid using the names of family members, pets, and friends; city names and landmarks; and obvious number to letter substitutions, such as “3” for “e.”
- Passwords are not always enough, and two-factor authentication, such as Authy, can be a helpful option, too.
- Booksellers can use HaveIBeenPwned.com to see if they’ve been compromised in any way.
ABA offers two opportunities for live online education: a twice-monthly Marketing Meetup and a monthly Technology Meetup. All member booksellers are invited to participate in these online discussions; subscribe to the Meetup mailing list here to receive invitations for the Technology Meetups, Marketing Meetups, or both.